| |
| |||||||
Log-Analyse und Auswertung: Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.04.2013, 20:45
| #1 |
 |  Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. Folgendes: Ich wollte den Taskmgr starten (mit dem 3 Tastengriff "Strg+Shift+Esc"), aber er startete nicht und ich probierte es dann noch mal mit Strg+Alt+Entf und der "Task-Manager" wurde mir nicht angezeigt (also die fläche zum starten) und dann hab ich es über die CMD probiert und da kam die folgende meldung: Der Task-Manager wurde durch den Administrator deaktiviert. Da dachte ich mir da stimmt etwas nicht und habe mir gedacht meine Exe´n wurden "enführt", also startete ich eine datei die ich mir angelegt hatte wo folgendes drinne steht (es ist eine .reg datei mit dem inhalt): Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids] "exefile"=hex(0): Aber dann kam die meldung: Das Bearbeiten der Registrierung wurde durch den Administrator deaktiviert. Ich habe mich dann auch erkundigt und es wurde HijackThis vorgeschlagen und ich habe es scannen lassen und kam zu diesem Ergebniss: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:02:30, on 29.04.2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Users\***\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe C:\Users\***\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe C:\Program Files (x86)\Everything\Everything.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ExpressFiles\EFupdater.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe C:\Program Files (x86)\Everything\Everything.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\WinArchiver\WAHELPER.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\***\Desktop\HijackThis.exe C:\Users\***\Desktop\***\SecurityTaskManager_Setup.exe C:\Users\***\Desktop\HijackThis.exe C:\Users\***\AppData\Local\Temp\WZSE0.TMP\setup.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: Softonic-de Toolbar - {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll R3 - URLSearchHook: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll R3 - URLSearchHook: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll R3 - URLSearchHook: InnoGames Toolbar - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll R3 - URLSearchHook: express-files Toolbar - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll O2 - BHO: Winload - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll O2 - BHO: DealScout - {467013BB-D67E-45BE-A7D7-C29E3CCA8AAD} - C:\Program Files (x86)\DealScout\dealscout.dll O2 - BHO: BrotherSoft Extreme - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll O2 - BHO: Softonic-de - {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: express-files - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Search Results Toolbar - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: SearchCore for Browsers - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: InnoGames - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll O2 - BHO: Yolobar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\yolobartb\yolobarDx.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll O2 - BHO: icqBHO - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll O3 - Toolbar: Softonic-de Toolbar - {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll O3 - Toolbar: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll O3 - Toolbar: Hyperionics DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll O3 - Toolbar: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: InnoGames Toolbar - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll O3 - Toolbar: express-files Toolbar - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll O3 - Toolbar: Search Results Toolbar - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll O3 - Toolbar: Yolobar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\yolobartb\yolobarDx.dll O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WAHELPER.EXE] "C:\Program Files (x86)\WinArchiver\WAHELPER.EXE" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\***\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [Phrozen Mon_KP] "C:\Users\***\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe" /h O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-694020154-2073930874-1152709320-1010\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-694020154-2073930874-1152709320-1010\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: tbhcn.lnk = ***\AppData\Roaming\BrowserCompanion\tbhcn.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Casino Action - Š - C:\Microgaming\Casino\CasinoAction\casinogame.exe (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: WinArchiver Service - Unknown owner - C:\Program Files (x86)\WinArchiver\WAService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Yontoo Desktop Updater - Unknown owner - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (file missing) -- End of file - 22610 bytes (Damit weiß ich nix anzufangen) Ich hab auch noch einen Kompletten Systemscann vorgenommen (Symatec Norton) aber da kam auch nix raus. Mir wurde auch noch das Programm MBAM empfohlen, aber da ich es irgendwie nicht hinbekomme es runterzuladen (finde den DL-Link nicht) weiß ich jetzt auch nicht mehr weiter und brauche hilfe. Danke im vorraus. Mfg DerAmpelmeis |
|
29.04.2013, 21:03
| #2 | |
| /// TB-Ausbilder   | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. Hi,
__________________Zitat:
 Hijackthis ist für dein 64-bit Windows unbrauchbar. Mach stattdessen bitte das: Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.
__________________ |
|
29.04.2013, 21:10
| #3 |
| | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. Soll ich sie einfach hier drunter machen oder einen extra Thread dafür anlegen? (bzw diesen hier editieren)
__________________ |
|
29.04.2013, 21:12
| #4 |
| /// TB-Ausbilder | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. Poste die Logs einfach gesammelt hier in deiner nächsten Antwort in diesen Thread, wenn du alle Schritte erledigt hast. 
__________________ cheers, Leo |
|
30.04.2013, 14:51
| #5 |
| | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. |
|
30.04.2013, 15:23
| #6 |
| /// TB-Ausbilder | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. Kannst du bitte die Logfiles nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code]. Danke.
__________________ --> Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. |
|
30.04.2013, 15:31
| #7 |
| | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. OTL: Code:
ATTFilter OTL logfile created on: 29.04.2013 21:55:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 41,27% Memory free 7,73 Gb Paging File | 5,24 Gb Available in Paging File | 67,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 923,02 Gb Total Space | 338,06 Gb Free Space | 36,63% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.29 21:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.04.29 19:00:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HijackThis.exe PRC - [2013.04.25 18:47:26 | 000,200,952 | ---- | M] (hxxp://www.express-files.com/) -- C:\Program Files (x86)\ExpressFiles\EFupdater.exe PRC - [2013.04.16 09:51:12 | 000,202,264 | ---- | M] () -- C:\Program Files (x86)\WinArchiver\WAService.exe PRC - [2013.04.16 09:51:10 | 000,480,792 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\WinArchiver\WAHELPER.EXE PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.04.03 06:57:20 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2013.03.24 18:34:11 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2013.03.06 03:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.02.23 20:16:58 | 001,297,728 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2013.02.23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe PRC - [2012.06.28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe PRC - [2011.10.25 15:52:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.10.02 13:15:02 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.19 04:00:32 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.19 04:00:28 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe ========== Modules (No Company Name) ========== MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll MOD - [2013.04.09 10:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2013.04.03 06:57:20 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2013.02.14 01:13:20 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.02.14 01:12:55 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 20:23:54 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll MOD - [2013.01.10 20:23:54 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll MOD - [2013.01.09 20:46:06 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.09 20:45:30 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 20:45:15 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.09 20:45:07 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 20:45:00 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.09 20:44:55 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 20:44:25 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.04.16 09:51:12 | 000,202,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WinArchiver\WAService.exe -- (WinArchiver Service) SRV - [2013.04.12 13:45:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.25 20:59:56 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2013.03.13 19:52:50 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.06 03:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS) SRV - [2012.04.19 22:23:38 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2011.10.25 15:52:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2011.04.24 22:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.21 16:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.19 04:00:32 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.03.19 04:00:28 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.11.06 22:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.16 09:51:14 | 000,140,184 | ---- | M] (Power Software Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\waemu.sys -- (waemu) DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.12.05 21:11:22 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.11.09 16:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2012.11.09 16:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.28 13:18:18 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.07.06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.07.06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.06.07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.05.22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.04.18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS) DRV:64bit: - [2012.04.18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.02.07 19:04:33 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41) DRV:64bit: - [2012.02.01 03:31:00 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.07.25 20:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS) DRV:64bit: - [2011.03.21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT) DRV:64bit: - [2011.03.21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.30 15:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop) DRV:64bit: - [2009.06.23 09:38:20 | 003,531,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2007.11.06 22:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2006.08.27 09:59:12 | 000,031,744 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV - [2013.04.13 01:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130412.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.02.16 17:52:27 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130429.004\ex64.sys -- (NAVEX15) DRV - [2013.02.16 17:52:27 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.02.16 17:52:27 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130429.004\eng64.sys -- (NAVENG) DRV - [2013.01.19 15:03:03 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.09.01 02:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130426.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.02.03 00:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) DRV - [2011.03.21 16:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{83E494DD-FE42-4181-BB47-AC5D274584D7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{8B8F841D-FD9F-446C-B2C0-F7D848F86F9C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {8B8F841D-FD9F-446C-B2C0-F7D848F86F9C} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=114170&tt=3412_7&babsrc=SP_iclro&mntrId=58116d7f00000000000000ffc87041b5 IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{8B8F841D-FD9F-446C-B2C0-F7D848F86F9C}: "URL" = hxxp://www.bing.com/search?FORM=MNMTDF&PC=MANM&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9F3CE6DD-69A6-4470-8115-321F3EAF8250}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=16552&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=4035421714594355&p2=^A9T^YYYYYY^YY^DE&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2682599&SearchSource=13&CUI=SB_CUI" FF - prefs.js..extensions.enabledAddons: %7B26DDE423-F085-4b2d-893B-BF98C9FAD0CF%7D:1.4 FF - prefs.js..extensions.enabledAddons: info%40convert2mp3.net:2.2 FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: %7BC3949AC2-4B17-43ee-B4F1-D26B9D42404D%7D:15.0.5 FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: iobit%40mybrowserbar.com:7.0 FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.8 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.2 FF - prefs.js..extensions.enabledAddons: %7Bc7478d43-2bd5-4844-98b8-c2a6aa9ed677%7D:10.15.2.523 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 4 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\***\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.19 13:05:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.07.28 13:18:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.04.29 18:44:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.11 19:28:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.03.24 18:35:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.03.24 18:35:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 13:45:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:45:07 | 000,000,000 | ---D | M] [2012.07.29 12:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.04.26 20:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions [2012.12.18 15:31:48 | 000,000,000 | ---D | M] (Online video Converter) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\{26DDE423-F085-4b2d-893B-BF98C9FAD0CF} [2013.04.19 12:22:54 | 000,000,000 | ---D | M] (InnoGames) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677} [2013.03.24 18:43:19 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2013.03.24 18:42:50 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\plugin@yontoo.com [2013.02.21 13:35:43 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\exif_viewer@mozilla.doslash.org.xpi [2013.01.20 14:26:26 | 000,043,066 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\info@convert2mp3.net.xpi [2013.04.26 20:01:10 | 000,658,566 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013.04.16 19:33:53 | 000,382,710 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\jid1-aPwS0JCl36iLkQ@jetpack.xpi [2013.04.15 14:48:01 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\youtubeunblocker@unblocker.yt.xpi [2013.03.24 18:39:40 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013.02.14 16:21:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.21 13:10:15 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013.02.28 19:06:02 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.04.14 12:11:31 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2013.04.12 13:45:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.04.06 14:17:28 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES (X86)\IOBIT TOOLBAR\FF [2012.07.11 19:28:54 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2013.03.24 18:35:18 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013.04.12 13:45:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll [2013.03.24 18:34:22 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.02.28 14:04:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.10 17:12:26 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml [2012.08.23 12:46:28 | 000,006,531 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.08.30 17:03:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.28 14:04:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.28 14:04:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.30 23:02:14 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml [2012.07.29 12:07:18 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2012.02.28 14:04:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.28 14:04:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Plus! Network (Enabled) CHR - default_search_provider: search_url = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: AppUp (Enabled) = C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Unity Player (Enabled) = C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\***\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Browser Companion Helper = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: IClaro = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff\1.0_0\ CHR - Extension: DealPly = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: RealDownloader = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: express-files = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh\2.3.4.2_0\ CHR - Extension: SweetIM for Facebook = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: PricePeep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.355.0_0\ CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Norton Identity Protection = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\ CHR - Extension: BrotherSoft Extreme = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj\2.2.0.5_0\ CHR - Extension: Winload = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\2.0.1.4_0\ CHR - Extension: ICQ Sparberater = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.2.662_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Browser Companion Helper = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: IClaro = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff\1.0_0\ CHR - Extension: DealPly = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: RealDownloader = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: express-files = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh\2.3.4.2_0\ CHR - Extension: SweetIM for Facebook = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: PricePeep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.355.0_0\ CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Norton Identity Protection = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\ CHR - Extension: BrotherSoft Extreme = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj\2.2.0.5_0\ CHR - Extension: Winload = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\2.0.1.4_0\ CHR - Extension: ICQ Sparberater = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.2.662_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\BROWSE~1.DLL (Bandoo Media, inc) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll (Spigot, Inc.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O2 - BHO: (DealScout) - {467013BB-D67E-45BE-A7D7-C29E3CCA8AAD} - C:\Program Files (x86)\DealScout\dealscout.dll (DealScout) O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Softonic-de Toolbar) - {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll (Conduit Ltd.) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (express-files Toolbar) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll (Conduit Ltd.) O2 - BHO: (Search Results Toolbar) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (InnoGames Toolbar) - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll (Conduit Ltd.) O2 - BHO: (Yolobar) - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\yolobartb\yolobarDx.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll () O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep) O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic-de Toolbar) - {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (express-files Toolbar) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (InnoGames Toolbar) - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yolobar) - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\yolobartb\yolobarDx.dll () O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-de Toolbar) - {6B9C3E37-FCBD-4834-A71A-FA45C106A001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (InnoGames Toolbar) - {C7478D43-2BD5-4844-98B8-C2A6AA9ED677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [snp2uvc] C:\windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WAHELPER.EXE] C:\Program Files (x86)\WinArchiver\WAHELPER.EXE (Power Software Ltd) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Phrozen Mon_KP] "C:\Users\***\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe" /h File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACC33D24-B72F-4CE3-B4FE-3ECF51F39C7C}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.29 21:51:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.29 19:08:21 | 003,980,324 | ---- | C] (Phrozen ® Software 2012. ) -- C:\Users\***\Desktop\PhrozenKeyloggerLite1-0R2_setup.exe [2013.04.29 19:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.04.29 19:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2013.04.29 19:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2013.04.29 19:00:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HijackThis.exe [2013.04.28 11:01:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PhrozenSoft [2013.04.28 11:01:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phrozen Keylogger Lite [2013.04.28 11:01:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.04.27 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.25 13:11:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix5 [2013.04.24 19:18:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Info [2013.04.24 16:01:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix4 [2013.04.24 15:28:10 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix3 [2013.04.24 14:22:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDustepMix2 [2013.04.24 14:00:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix [2013.04.22 18:48:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Skrillex [2013.04.20 16:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker [2013.04.20 16:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker [2013.04.20 16:03:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner (2) [2013.04.20 15:55:39 | 000,000,000 | ---D | C] -- C:\Users***\AppData\Roaming\WinArchiver [2013.04.20 15:50:23 | 000,140,184 | ---- | C] (Power Software Ltd) -- C:\windows\SysNative\drivers\waemu.sys [2013.04.20 15:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinArchiver [2013.04.20 15:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinArchiver [2013.04.13 09:26:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wifite [2013.04.12 13:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.08 19:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.07 21:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! [2013.04.07 16:07:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.terasology [2013.04.06 16:35:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Minecraft Version Changer [2013.04.06 13:51:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Firefox Portable v.23 [2013.04.03 03:59:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Counter-Strike 1.6 - LAN [2013.04.03 00:46:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Warcraft III [2013.04.02 21:44:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DIE SIEDLER - DEdK [2013.04.01 11:53:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\PSP [9 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.29 21:54:17 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.29 21:53:00 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.29 21:52:50 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.29 21:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.29 21:50:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.04.29 21:16:08 | 000,001,146 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-694020154-2073930874-1152709320-1001UA.job [2013.04.29 21:01:02 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.29 19:00:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HijackThis.exe [2013.04.29 18:52:03 | 000,009,696 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.29 18:52:03 | 000,009,696 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.29 18:51:44 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.29 18:43:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.04.29 18:43:26 | 3113,865,216 | -HS- | M] () -- C:\hiberfil.sys [2013.04.29 18:16:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-694020154-2073930874-1152709320-1001Core.job [2013.04.29 17:58:42 | 005,469,414 | ---- | M] () -- C:\Users\***\Desktop\teaser-for-an-anime-tradition-episode.jpg [2013.04.28 17:29:48 | 000,000,456 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for ***.job [2013.04.28 15:53:04 | 001,652,184 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.04.28 15:53:04 | 000,710,530 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.04.28 15:53:04 | 000,664,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.04.28 15:53:04 | 000,154,462 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.04.28 15:53:04 | 000,126,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.04.28 15:00:49 | 003,297,456 | ---- | M] () -- C:\Users\***\Desktop\RICHTER & SHOX - BEWEG DICH [HD OFFICIAL VIDEO] (LYRICS).mp3 [2013.04.26 21:45:53 | 004,143,039 | ---- | M] () -- C:\Users\***\Desktop\Wiz Khalifa - Let It Go feat. Akon NEW VIDEO 2013.mp3.mp3 [2013.04.25 18:47:28 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Express Files.lnk [2013.04.25 13:09:49 | 012,897,560 | ---- | M] () -- C:\Users\***\Desktop\MyOwnDubstepMix5.mp3 [2013.04.24 21:12:53 | 003,062,561 | ---- | M] () -- C:\Users\***\Desktop\Kollegah - Mondfinsternis (Official HD Video).mp3 [2013.04.24 13:57:30 | 000,656,973 | ---- | M] () -- C:\Users\***\Desktop\173119.jpg [2013.04.21 15:15:21 | 003,314,156 | ---- | M] () -- C:\Users\***\Desktop\AHMED - Du weißt-Kopffickerexclusive (Beat by DOPETONES and T-MAN).MP3 [2013.04.20 15:50:25 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\WinArchiver.lnk [2013.04.17 21:24:07 | 003,107,702 | ---- | M] () -- C:\Users\***\Desktop\4tune - Splash Qualifikation 2013 (prod. by Hookbeats & Sadikbeatz).mp3 [2013.04.17 15:28:22 | 002,375,020 | ---- | M] () -- C:\Users\***\Desktop\DER ASIATE UND DIE REIMEBUDE JULIENSÖHNE (BACKSPIN TV EXCLUSIVE).mp3 [2013.04.16 09:51:14 | 000,140,184 | ---- | M] (Power Software Ltd) -- C:\windows\SysNative\drivers\waemu.sys [2013.04.11 13:54:55 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2013.04.11 12:27:32 | 000,271,064 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.04.09 21:10:55 | 000,260,956 | ---- | M] () -- C:\Users\***\Desktop\FPSBild.jpg [2013.04.08 19:16:43 | 000,000,000 | ---- | M] () -- C:\cookies.sqlite [2013.04.07 21:18:08 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\osu!.lnk [2013.04.07 14:44:19 | 000,001,460 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2013.04.05 21:57:47 | 180,398,760 | ---- | M] () -- C:\Users\***\Desktop\Best Dubstep mix 2012 (New Free Download Songs, 2 Hours, Complete playlist, High audio quality).MP3 [2013.04.05 20:32:26 | 002,389,648 | ---- | M] () -- C:\Users\***\Desktop\JBB 2013 - Chosen (Qualifikation).mp3 [2013.04.04 23:07:14 | 009,562,273 | ---- | M] () -- C:\Users\\Desktop\06 - Exochrist.mp3 [2013.04.03 03:07:08 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf [2013.04.03 03:07:08 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf [2013.04.02 21:44:17 | 000,002,823 | ---- | M] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Nebelreich spielen.lnk [2013.04.02 21:44:17 | 000,002,823 | ---- | M] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Legenden spielen.lnk [2013.04.02 21:44:16 | 000,002,694 | ---- | M] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige - Gold Edition.lnk [2013.04.02 15:34:35 | 003,056,711 | ---- | M] () -- C:\Users\***\Desktop\RICHTER - JULIAS BLOG [OFFICIAL VIDEO HD] 2013 (Juliensblog Diss).mp3 [2013.03.31 22:01:25 | 003,092,238 | ---- | M] () -- C:\Users\***\Desktop\JBB 2013 - Cashisclay (Qualifikation).mp3 [9 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.29 21:54:17 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.29 21:52:53 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.29 21:52:49 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.29 17:57:49 | 005,469,414 | ---- | C] () -- C:\Users\***\Desktop\teaser-for-an-anime-tradition-episode.jpg [2013.04.28 15:00:40 | 003,297,456 | ---- | C] () -- C:\Users\***\Desktop\RICHTER & SHOX - BEWEG DICH [HD OFFICIAL VIDEO] (LYRICS).mp3 [2013.04.26 21:45:36 | 004,143,039 | ---- | C] () -- C:\Users\***\Desktop\Wiz Khalifa - Let It Go feat. Akon NEW VIDEO 2013.mp3.mp3 [2013.04.25 13:09:14 | 012,897,560 | ---- | C] () -- C:\Users\***\Desktop\MyOwnDubstepMix5.mp3 [2013.04.24 21:04:41 | 003,062,561 | ---- | C] () -- C:\Users\***\Desktop\Kollegah - Mondfinsternis (Official HD Video).mp3 [2013.04.24 13:57:28 | 000,656,973 | ---- | C] () -- C:\Users\***\Desktop\173119.jpg [2013.04.21 15:14:49 | 003,314,156 | ---- | C] () -- C:\Users\***\Desktop\AHMED - Du weißt-Kopffickerexclusive (Beat by DOPETONES and T-MAN).MP3 [2013.04.20 19:37:16 | 006,410,985 | ---- | C] () -- C:\Users\***\Desktop\matryoshka.mp3 [2013.04.20 15:50:25 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\WinArchiver.lnk [2013.04.17 21:23:54 | 003,107,702 | ---- | C] () -- C:\Users\***\Desktop\4tune - Splash Qualifikation 2013 (prod. by Hookbeats & Sadikbeatz).mp3 [2013.04.17 15:28:15 | 002,375,020 | ---- | C] () -- C:\Users\***\Desktop\DER ASIATE UND DIE REIMEBUDE JULIENSÖHNE (BACKSPIN TV EXCLUSIVE).mp3 [2013.04.11 13:54:55 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2013.04.11 13:13:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.04.09 21:09:58 | 000,260,956 | ---- | C] () -- C:\Users\***\Desktop\FPSBild.jpg [2013.04.08 19:16:43 | 000,000,000 | ---- | C] () -- C:\cookies.sqlite [2013.04.07 21:18:06 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\osu!.lnk [2013.04.07 14:44:19 | 000,001,460 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2013.04.06 14:25:28 | 009,562,273 | ---- | C] () -- C:\Users\***\Desktop\06 - Exochrist.mp3 [2013.04.05 20:55:40 | 180,398,760 | ---- | C] () -- C:\Users\***\Desktop\Best Dubstep mix 2012 (New Free Download Songs, 2 Hours, Complete playlist, High audio quality).MP3 [2013.04.05 20:32:19 | 002,389,648 | ---- | C] () -- C:\Users\***\Desktop\JBB 2013 - Chosen (Qualifikation).mp3 [2013.04.03 03:07:08 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf [2013.04.03 03:07:08 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf [2013.04.02 21:44:17 | 000,002,823 | ---- | C] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Legenden spielen.lnk [2013.04.02 21:44:16 | 000,002,823 | ---- | C] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Nebelreich spielen.lnk [2013.04.02 21:44:16 | 000,002,694 | ---- | C] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige - Gold Edition.lnk [2013.04.02 15:34:27 | 003,056,711 | ---- | C] () -- C:\Users\***\Desktop\RICHTER - JULIAS BLOG [OFFICIAL VIDEO HD] 2013 (Juliensblog Diss).mp3 [2013.03.31 22:01:17 | 003,092,238 | ---- | C] () -- C:\Users\***\Desktop\JBB 2013 - Cashisclay (Qualifikation).mp3 [2013.02.19 20:25:05 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.01.07 16:53:22 | 000,000,350 | ---- | C] () -- C:\windows\doom3.ini [2012.07.25 18:49:44 | 000,000,079 | ---- | C] () -- C:\windows\iPlayer.INI [2012.07.18 19:13:57 | 000,008,704 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.08 21:29:06 | 000,002,180 | ---- | C] () -- C:\Users\***\.lmmsrc.xml [2012.05.20 13:15:11 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\Access.dat [2012.05.10 17:16:37 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2012.04.23 18:10:36 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2012.03.13 18:39:29 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI [2011.12.06 21:27:03 | 000,069,632 | R--- | C] () -- C:\windows\SysWow64\xmltok.dll [2011.12.06 21:27:03 | 000,036,864 | R--- | C] () -- C:\windows\SysWow64\xmlparse.dll [2011.11.07 18:44:14 | 000,000,095 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2011.10.27 17:16:58 | 000,007,599 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.10.25 15:52:37 | 000,111,928 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2011.10.25 15:52:30 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\windows\SysWow64\bdmjpeg.dll [2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\windows\SysWow64\bdmpegv.dll [2011.09.15 07:12:41 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{E7D498F8-7C09-4345-B848-23C9A1D8D55D} [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011.02.18 19:14:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2003.06.26 15:22:54 | 000,033,196 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\Core.u [2003.06.26 15:22:56 | 000,776,809 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\Echelon.u [2003.06.26 15:22:58 | 000,034,699 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonCharacter.u [2003.06.26 15:23:00 | 000,076,420 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonEffect.u [2003.06.26 15:23:02 | 000,028,145 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonGameObject.u [2003.06.26 15:23:04 | 000,095,881 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonHUD.u [2003.06.26 15:23:06 | 000,342,081 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonIngredient.u [2003.06.26 15:23:10 | 000,358,185 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonMenus.u [2003.06.26 15:23:12 | 000,515,391 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonPattern.u [2003.06.26 15:23:16 | 001,111,570 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\Engine.u [2003.06.26 15:23:20 | 000,374,875 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\UWindow.u [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.29 18:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2013.04.07 16:07:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.terasology [2013.04.28 15:00:52 | 000,000,000 | ---D | M] -- C:\Users***\\AppData\Roaming\Audacity [2012.07.28 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BANDISOFT [2011.10.28 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations [2013.04.29 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BrowserCompanion [2011.06.23 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.socialbox.socialbox [2012.01.14 15:19:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys [2013.01.07 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.12.21 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2012.09.16 15:08:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.03.23 21:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.10 12:17:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ExpressFiles [2012.07.29 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeScreenToVideo [2011.10.28 12:58:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2012.12.14 20:18:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.01.24 23:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HomebrewStore Downloader [2012.08.23 12:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IClaro [2012.04.18 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.11.03 17:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ijjigame [2011.10.09 21:26:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2012.06.01 21:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit [2011.10.28 13:56:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.11.06 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2013.04.11 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Minecraft Version Changer [2013.03.07 20:58:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2011.10.07 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World [2012.06.13 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2012.01.04 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite [2012.06.13 18:07:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite [2013.03.17 14:01:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.07.19 17:53:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2013.03.09 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.09.12 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2013.04.28 11:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhrozenSoft [2011.02.17 12:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PriceGong [2013.04.24 21:37:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2013.02.16 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz [2011.12.20 21:52:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz Help [2013.02.25 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia [2013.01.21 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.10.10 19:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TechSmith [2011.10.19 18:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds [2011.04.14 20:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2013.04.22 15:21:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2012.05.20 13:15:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle [2012.01.24 23:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net [2013.04.20 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinArchiver [2012.08.29 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2012.10.10 17:36:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark [2012.02.07 19:04:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XLink Kai [2013.04.25 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\ [2013.04.29 18:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2013.04.07 16:07:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.terasology [2013.04.28 15:00:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012.07.28 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BANDISOFT [2011.10.28 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations [2013.04.29 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BrowserCompanion [2011.06.23 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.socialbox.socialbox [2012.01.14 15:19:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys [2013.01.07 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.12.21 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2012.09.16 15:08:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.03.23 21:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.10 12:17:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ExpressFiles [2012.07.29 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeScreenToVideo [2011.10.28 12:58:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2012.12.14 20:18:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.01.24 23:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HomebrewStore Downloader [2012.08.23 12:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IClaro [2012.04.18 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.11.03 17:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ijjigame [2011.10.09 21:26:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2012.06.01 21:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit [2011.10.28 13:56:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.11.06 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2013.04.11 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Minecraft Version Changer [2013.03.07 20:58:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2011.10.07 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World [2012.06.13 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2012.01.04 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite [2012.06.13 18:07:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite [2013.03.17 14:01:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.07.19 17:53:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2013.03.09 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.09.12 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2013.04.28 11:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhrozenSoft [2011.02.17 12:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PriceGong [2013.04.24 21:37:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2013.02.16 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz [2011.12.20 21:52:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz Help [2013.02.25 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia [2013.01.21 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.10.10 19:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TechSmith [2011.10.19 18:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds [2011.04.14 20:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2013.04.22 15:21:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2012.05.20 13:15:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle [2012.01.24 23:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net [2013.04.20 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinArchiver [2012.08.29 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2012.10.10 17:36:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark [2012.02.07 19:04:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XLink Kai [2013.04.25 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yontoo [2013.04.29 18:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2013.04.07 16:07:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.terasology [2013.04.28 15:00:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012.07.28 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BANDISOFT [2011.10.28 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations [2013.04.29 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BrowserCompanion [2011.06.23 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.socialbox.socialbox [2012.01.14 15:19:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys [2013.01.07 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.12.21 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2012.09.16 15:08:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.03.23 21:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.10 12:17:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ExpressFiles [2012.07.29 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeScreenToVideo [2011.10.28 12:58:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2012.12.14 20:18:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.01.24 23:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HomebrewStore Downloader [2012.08.23 12:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IClaro [2012.04.18 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.11.03 17:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ijjigame [2011.10.09 21:26:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2012.06.01 21:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit [2011.10.28 13:56:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.11.06 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2013.04.11 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Minecraft Version Changer [2013.03.07 20:58:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2011.10.07 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World [2012.06.13 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2012.01.04 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite [2012.06.13 18:07:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite [2013.03.17 14:01:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.07.19 17:53:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2013.03.09 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.09.12 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2013.04.28 11:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhrozenSoft [2011.02.17 12:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PriceGong [2013.04.24 21:37:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2013.02.16 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz [2011.12.20 21:52:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz Help [2013.02.25 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia [2013.01.21 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.10.10 19:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TechSmith [2011.10.19 18:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds [2011.04.14 20:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2013.04.22 15:21:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2012.05.20 13:15:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle [2012.01.24 23:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net [2013.04.20 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinArchiver [2012.08.29 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2012.10.10 17:36:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark [2012.02.07 19:04:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XLink Kai [2013.04.25 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yontoo ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012.07.26 20:02:10 | 000,000,000 | ---D | M](C:\windows\SysWow64\????sers) -- C:\windows\SysWow64\œ粠œsers [2012.07.26 20:02:10 | 000,000,000 | ---D | C](C:\windows\SysWow64\????sers) -- C:\windows\SysWow64\œ粠œsers < End of report > |
|
30.04.2013, 15:32
| #8 |
| | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. OTL Extras: Code:
ATTFilter OTL Extras logfile created on: 29.04.2013 21:55:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 41,27% Memory free
7,73 Gb Paging File | 5,24 Gb Available in Paging File | 67,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923,02 Gb Total Space | 338,06 Gb Free Space | 36,63% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1486A2D0-2B52-43E6-BCDF-49DD4F5DD02C}" = lport=445 | protocol=6 | dir=in | app=system |
"{189E2349-0A18-4AB9-AA12-835A1855A41D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{20F8563F-A9BA-4DC8-99DE-4420B3BD37EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28FBE8BC-1DE8-4695-9B85-824D37F359D1}" = lport=51911 | protocol=6 | dir=in | name=akamai netsession interface |
"{296EDC4F-D1FD-4015-8D4C-F45F3AA0EF94}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2DB457DF-CFBB-44DF-B95F-FC4372444512}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43CEA626-AE0C-4EAD-B55F-C3AD01F50EEA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44F9611C-40E3-4843-AE49-63907AB3ECFD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5ACA731B-307C-4899-A100-7121B9F260FE}" = lport=8303 | protocol=6 | dir=in | name=teeworlds |
"{5C96D933-1716-447F-91BC-C9AE043623EE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6610E461-820E-4BE0-A224-5618291B2DBC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{669A6EC7-38F8-4041-A793-AB31154C6892}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6D429A5F-EA8B-420F-8EDF-047D0E227710}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{81B22D71-CE2B-463F-9BCD-F6B3F57A29D9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83E1A74F-D40D-4870-9888-B8CB69053287}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84F1949E-C3A6-4A47-B363-1C95C81BDB58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8586ACC9-47F2-4274-958D-923AE4E5AA5A}" = rport=445 | protocol=6 | dir=out | app=system |
"{887E82EC-101E-49FD-BB68-4C97FF71E089}" = lport=138 | protocol=17 | dir=in | app=system |
"{8B092DC8-5E3D-4C32-99D5-BE78B2292D03}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B678962-B870-4813-9A4B-908BC13ABEEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8F41AAE7-6E59-4C37-BC03-2D3F0559DEE4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{937F225E-CEDC-43A0-96D0-086AC9804573}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A9788FEA-989F-4A95-B481-C4C6E369B453}" = rport=139 | protocol=6 | dir=out | app=system |
"{B64EAF8D-9CBC-4EC4-8FEE-19F7D30CA193}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BAFD2635-E23E-4DAC-8A0A-D3BA80EEC7EF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C45B36A4-3A98-42EA-B15A-1CA14DDC6F35}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C4F1E3BF-633A-478C-8AA2-0B7C9BA774AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C6651CFB-55E3-4B55-92C2-61432509F332}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8C4BE30-CD5C-4483-B208-501DE875999F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6C121A7-458F-4678-98D2-B2881954A363}" = lport=139 | protocol=6 | dir=in | app=system |
"{D9C257CE-5453-4F1A-9E29-F2CF702E4767}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD7EE9EE-5AD5-48F1-BF78-C223B405BAA7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EBCEAF88-2527-42CD-BFB2-B2E9EB8B0CC6}" = rport=137 | protocol=17 | dir=out | app=system |
"{F2FD2627-3372-406D-A0CC-BCF1543AE741}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3194466-5EE9-4867-9FFB-6D03B4D7E9F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC59DAFB-F833-4FC3-A5CF-D233708BAF41}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F0868A-56D8-4EF7-8F89-69F0E23CC7E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{055BBB1E-0877-44B6-BE15-670F7D48805B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{070E1E53-4871-4E9A-B1A0-0CE34250DAD9}" = protocol=6 | dir=in | app=c:\program files (x86)\yolobartb\dtuser.exe |
"{0978956F-BD09-459F-89C9-DA90DB597EBF}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{098672D3-AF05-484A-A51E-7A8C24C04F16}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{0B58595D-58CF-4479-84EC-02E4338E6819}" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"{0D2F483E-48D9-402E-9D74-6BDA7003F4DE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{0EA79902-BE6D-4805-B529-B0A638F65009}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{1470DACA-CCD4-47B9-A78E-1BDB91358B3A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1619AA2D-6A1F-427F-9695-C969E88F2BED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A9CB1D3-F50E-4EEE-A482-72F0D7418670}" = protocol=17 | dir=in | app=c:\ut2003\system\ut2003.exe |
"{1B30CCF7-BD2A-4046-A887-2B7F88AD417A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1BA0C272-4D7F-4CB7-A153-3B951C64DE77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C2DAB8C-95B7-4A4F-AB12-43395F6AA2B6}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{1D1CDC34-8CA7-423D-8D11-3C502CCC1639}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\blur(tm)\blur.exe |
"{267C269A-2FC4-48FB-85C7-717809EEC949}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{26D4C3B8-1EF3-4C73-8370-23F02FD0F255}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{2CB6146B-168B-4A0C-B7F2-BA714DD74112}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{2CF72FE3-251F-4456-93A9-D869AB90A02A}" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"{2F2DF737-F297-4AF4-8915-4B61749E42C6}" = protocol=17 | dir=in | app=c:\program files (x86)\searchresults1\dtuser.exe |
"{3335D362-FB8A-4949-909F-9023EB95D592}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{342D0EBC-0FD4-46A3-9F1B-CE87F765C649}" = protocol=58 | dir=in | app=system |
"{3AC13AF7-30B4-4E37-B4F9-E6B038F3EF4A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{3AC2F0DB-EFD8-4100-8ED1-A1C11E2BF994}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{3C3C8A67-8A95-4C09-81D4-A7BA49C5142A}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{3C6EFE4B-539D-4BAE-9FFF-571170EC64CD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{3D600BC7-FD24-4F76-A713-B7F1BD04B2CE}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{3ED1824A-1484-4842-A7E4-93BF76D79F9B}" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\call of duty - world at war\codwaw.exe |
"{3F07F0E7-6F49-446B-9234-CC3678640770}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{44473C79-49E5-4595-8F4E-543A19CFFE23}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
"{446A0556-C1C8-419E-9FA4-E05302D8A740}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"{44B742C4-B047-49D8-B3F3-ABA48B7AF87D}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{44FB910F-9BC9-41B7-A731-61657E867459}" = protocol=6 | dir=out | app=system |
"{45F5DC92-CBA3-4467-A61A-18EF9F690343}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{460921F4-75F0-40B6-A5F0-8750C9926E88}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe |
"{46AB5A82-4588-405A-9DDE-4BB4D087FA6D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{46E40890-0C53-4843-8342-3A120D1D2E09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48E38484-8700-4492-B3FA-26F1CB5A7C45}" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\call of duty - world at war\codwaw.exe |
"{4994DD01-D25E-4339-A6DF-521A2006F36B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{4A6D2F75-5BD7-43B4-831D-C90322365B9B}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{4A9E2CF3-1C15-432D-8CCB-BCF6BB19EFA1}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{4AAAB31C-FA8B-4C2B-AE8E-3FB459FD6041}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4D8EDF21-3EF6-487D-9F6C-30461297DEC6}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{4F3B3071-CF6B-47C7-93E0-90BF32567FEA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5026DB92-5104-431E-93BC-03DC112F6725}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{531C7111-AB87-47DF-874C-EF8046D7CC84}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{5743F487-EB0C-4355-8C91-9726F6DD4D10}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs26c7\hpdiagnosticcoreui.exe |
"{58622BE3-03EA-492D-A007-C5A79F030D69}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{5C910534-58F3-4550-9DF2-9FCA29754D8E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{5D4F290B-EC7C-4DDC-89F9-3D05206CC7F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5D826675-C678-42C0-AF3B-E938EBE36E79}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{60A977FB-C241-459F-9546-FD2B06310040}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{60DD1E2C-F626-49B0-90D9-15736FAF1287}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{63475F2C-8343-4C9E-BE90-F60FD1CD1557}" = protocol=17 | dir=in | name=zocken |
"{642B1889-49C8-40CF-97EE-089AF8A0C813}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{64869499-562A-4C91-BF40-76344349FD70}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{6512BC90-4D56-410E-A8E8-2D7B759A5CCB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{656298B3-9AB7-4CF6-94E4-40983003D307}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{664DB5AF-3701-497C-8414-5898AFFFBDEB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{6773FEB2-47DC-4881-9E09-58419FEF8D69}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{6779C479-E9F3-4B34-B264-EB606FBA48BA}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{67CBAD91-EA01-4B71-AD52-B4A8C086C2F9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6B33B6D2-5750-4548-A41F-8EEAB0F92EAF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
"{6CE2A79B-D974-4CCD-837D-79E337DBDB07}" = protocol=6 | dir=in | app=c:\ut2003\system\ut2003.exe |
"{6D9C795C-1172-4446-9647-0E57950C8F3F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{6F4A272E-4BB9-41CB-89AD-D4AA103C9289}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{728E0042-26F1-4788-8F2D-90AC4A2D5A63}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{732B1900-88F2-4BFD-906F-B8BD0F8D6FA7}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{7472B5E3-2479-4759-9230-BDF10F553B60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75B52D6A-CF00-4114-A2CA-8F60908AB3B6}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{7642931F-6BDA-42A5-AF9E-67F1E0B772FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7A7F6B6D-FBEB-4F22-9578-430E09305CDA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7C5ACC92-B5BB-4626-8897-CB77E0605C48}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{7E618E26-7CEE-40A1-9762-0F0DE9F90309}" = protocol=6 | dir=in | app=c:\program files (x86)\searchresults1\dtuser.exe |
"{7F9468F3-60DD-46FC-90B2-84A9ECF67A41}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\blur(tm)\blur.exe |
"{804BB11D-FD6C-4A70-AD77-7B30F222AF27}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{818390E4-7510-4086-BA12-BCE1E4D0445E}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{81E1A3B9-DCC2-4DA2-91A7-49681EDDA031}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{84887386-AACC-4D50-BB28-888F42E57DFF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{86395B01-602A-40D0-999E-9DA6BEB71E65}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{87AE9004-1EE3-44E2-8BA5-F7C31579BC41}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{8964F503-B02A-4F32-B621-B6CF43AAE595}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"{89AC2EA1-7A52-47BC-9BB2-B93213521E0D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{89DCEE35-DEE1-40E9-BA7A-9A52CC5E6499}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{8CBB9FF0-FAED-452F-9DCC-0B17B638C40C}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"{8D623C7F-EADB-4CA2-B361-A68E7D5F0B17}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8FFF90E9-A2CC-42AB-8E00-9CECB70A58B6}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{91CE6831-FF4D-40E1-BEAD-1BE12936A9C8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{923F8F2A-46E6-4770-B1F9-DDC91B90D8B2}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{960C7B31-CBD1-4DF4-8685-E31C2605E8BF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{971CBD72-9BEB-4A1A-9C8C-7119C453D17B}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"{97B9E976-843D-4472-AF62-92BECF808665}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{997E4B4B-E179-4454-9BDD-0385E1A84013}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{9C3C13B9-8A22-485D-A482-69D386E8C3D9}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{9E8266B1-D7CE-4AA3-B724-4CB9B86D6F43}" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_race.exe |
"{A02DEF4C-2BA9-4293-AE46-1892E255B0DC}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{A37B4E2B-BF49-4E02-B780-648E756B3E64}" = protocol=6 | dir=in | app=c:\users\***\desktop\psp downloads\fraps_3.2.7_cracked.rar_downloader_224.exe |
"{A456435A-94B5-4330-AC73-4D6034632BA3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A565DA8B-4F3D-4F28-96F2-B5CA9106C157}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{A5A33D80-BA89-4D27-A928-CBD77E661CD0}" = protocol=17 | dir=in | app=c:\program files (x86)\yolobartb\dtuser.exe |
"{A5C68652-EC70-40C2-BE1D-EEB4BC7109AA}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{A8B21A0B-A405-437C-B3C8-E291AAA56553}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{AA14F258-8ED4-4FB0-ADA7-23EC5E527148}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{AAA914B5-D73F-43C0-9BEF-FD7B68CB74B6}" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\remoterserver.exe |
"{AAC39919-C4B7-484C-AF63-DB35EB74F6F8}" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\remoterserver.exe |
"{AB52B01C-8BF9-4B72-BC3C-E0EEE6B715BD}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{AC7702F9-65E4-4AFA-A867-899B0634EDD1}" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_dummydrag.exe |
"{AD90095D-6DBC-4CDC-9DF9-43E6A5309B5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
"{B0440CB9-DB97-405D-9FA4-2EAF34179D62}" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_dummydrag.exe |
"{B08C8F4F-DDCD-429E-A1B0-6BD3AF969D70}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{B0F471E7-CD73-4705-B43B-6CD8D5B0D63C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B226CFA3-2547-44B3-9678-AA8D66B5558A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B3CFACE5-B0E6-4531-980D-CEFDF81B15FC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe |
"{B7B9E744-9317-4E7E-BF96-F1E87B6F2A5D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{B92C74A5-9344-4781-810E-71506E0D27AE}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{BDA00DBC-6FC2-4A14-80A1-60240941754B}" = protocol=6 | dir=in | name=zocken |
"{BEFEDCAF-DF10-4F3B-AD71-56AD58F1C512}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{BF263C51-4BE7-4D99-AEDC-1AB9AAF8CD43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0F3F689-53CC-47D4-8F77-50EEB8DEFBBE}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{C208C86C-2CB4-421B-B3C7-BB622EBAD422}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C3973B12-1542-4ABD-A069-14044E7EFE2B}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{C6C031B7-F767-4931-99AA-D2626FE8BE7E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C7E3B2D6-E253-42AB-B558-8CA3AA164A63}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{CC7EB5AA-9984-4A34-8484-426A1B30B990}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{CCBB237C-067D-4B12-8189-D15E94F6F249}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"{D0DBA80F-8D3A-4555-B369-E56516C7E7B3}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{D1AEE8BC-DCEE-4FE9-A971-9E72DF162063}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D31A0FED-5493-4E14-81F3-43D8B1500CD0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D6A8DC79-29C3-4C04-AB56-BA10F0354852}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{D6BA0273-0BE8-481B-9423-00CEA01AADA2}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{D80196B7-DDE2-486F-BF5D-CECEA574F4A9}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"{DA6C1B43-41B5-47E5-8E9E-2C5E6DE40CB8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DAC73158-056B-49FA-90D5-009DCC670914}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{DE5320F3-2B7D-4D39-A91A-BDACD09AA1F3}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{DEFCBB80-8AE6-4A15-9771-409F8B8663FE}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{E07BF2AE-3F15-4C47-ACFC-5919F03FD7EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E0C589FC-6489-4426-97FD-82BDE0A93F67}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E243B444-1728-4E9C-B1BC-00EE24A6D3B4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{E62B2C2B-8388-43BE-8B14-8532D678B80F}" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_race.exe |
"{E6A0CE8A-6EFD-4C57-AC0D-B548CC3DB923}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{ECFD596E-A397-458E-B6D6-C3E19CB6F582}" = protocol=17 | dir=in | app=c:\users\***\desktop\psp downloads\fraps_3.2.7_cracked.rar_downloader_224.exe |
"{EE673B7B-4ED7-4A8C-AD04-40B197BBC920}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs26c7\hpdiagnosticcoreui.exe |
"{F00E0BC6-30DC-49DD-BFF9-52DB4D34DDE2}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{F242B751-402C-4F51-8AA3-F1519D080566}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2EE4689-1DE7-4163-9E76-661C96B90D60}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{F5900B3D-A93F-4885-A237-36E9625215CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
"{F817A408-C350-4601-9CF7-93F1EA37A40F}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{FB12187C-5E61-4870-B30E-CF60C9C36222}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{FB340566-F69C-4795-BE6F-2AEAB4346B9C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{FBCE5C6A-495E-439C-97FE-CFC71F72E757}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{FE15255F-2CB1-4848-A225-025C9A31DCFA}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{FF2FE898-F5DF-4455-9E08-D0612284A06D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{037F3810-97AC-4D09-9146-E900E16472B5}C:\program files (x86)\EA GAMES\MOHAA\MOHAA.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mohaa\mohaa.exe |
"TCP Query User{0F47986B-7D53-454E-A08E-BEECE4C7DEF0}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin |
"TCP Query User{11B5460D-13A6-46CB-B5DB-13CEE44476A3}C:\users\***\desktop\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe |
"TCP Query User{15C2930D-DBC1-46FB-AD13-DD0B7889C54E}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe |
"TCP Query User{181B06D7-652D-4919-A812-A993B16FA4EC}C:\users\***\desktop\ds lan\dslan_v1.4\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\ds lan\dslan_v1.4\apache\bin\apache.exe |
"TCP Query User{1B66A262-0063-44F8-AE01-4A19BF6B5570}C:\users\***\desktop\donatello\ds lan\dslan_v1.4\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\ds lan\dslan_v1.4\mysql\bin\mysqld.exe |
"TCP Query User{3FAB9B30-D46F-447C-ADFB-9C31A52EABF1}C:\program files (x86)\nokia\phoenix\phoenix.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\phoenix\phoenix.exe |
"TCP Query User{42E9657A-BCC2-42E4-BD45-187F094203F2}C:\program files (x86)\firefly studios\stronghold\stronghold.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"TCP Query User{4954E624-AD16-4C6B-A24C-6541F862AA8D}C:\users\***\desktop\donatello\ds lan\dslan_v1.4\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\ds lan\dslan_v1.4\apache\bin\apache.exe |
"TCP Query User{54639BA4-701E-4D86-9879-A0717856EA5E}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{5F41DED8-091F-4E45-B71F-8CB4457E8670}C:\users\***\desktop\teeworlds 0.6.1\teeworlds_srv_race.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\teeworlds 0.6.1\teeworlds_srv_race.exe |
"TCP Query User{62B7108A-D17A-418D-A347-22CC166EBBCB}C:\program files (x86)\umair cheema\wificheema server\wificheema.exe" = protocol=6 | dir=in | app=c:\program files (x86)\umair cheema\wificheema server\wificheema.exe |
"TCP Query User{64C95A7C-43F1-4EC9-ABDC-E54A6753469D}C:\users\***\desktop\donatello\remoterserver.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\remoterserver.exe |
"TCP Query User{6DFCF6C4-56DC-4C7C-85AC-563F55F2FAB5}C:\ijji\english\ava\binaries\ava.exe" = protocol=6 | dir=in | app=c:\ijji\english\ava\binaries\ava.exe |
"TCP Query User{6E424A66-ED67-4323-B7A7-7F278C789A0E}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe |
"TCP Query User{6F37CA64-AB55-43FA-99DA-7E58FCF741D2}C:\users\***\desktop\dslan_v1.4\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\dslan_v1.4\apache\bin\apache.exe |
"TCP Query User{707C433C-9C49-4D94-B0D0-2611043011B1}C:\users\***\desktop\spiele\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\call of duty - world at war\codwaw.exe |
"TCP Query User{72FD2108-7921-429B-A50D-ED8DC8966952}C:\program files (x86)\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"TCP Query User{792F3C80-2E39-4D33-A32F-4565ABEDFB06}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{7C7BC321-5B48-4E4B-B728-104FA3800683}C:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_race.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_race.exe |
"TCP Query User{8680A18E-8D5B-45D5-9655-E954A7F15274}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{9161A1FC-4EE1-4A0A-9B94-9E2F38632360}C:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe |
"TCP Query User{93DA27B2-ACAE-43FC-B0AD-B8F067B5B1E3}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"TCP Query User{9481DBAD-97B9-4BBE-8A88-1BFDBAD353F5}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe |
"TCP Query User{9FA7B12F-E4DF-4541-8624-C8FC488C0102}C:\program files (x86)\xlink kai\kaiengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe |
"TCP Query User{A2AB8B44-42EE-4A1F-94FF-8D823EF1BE24}C:\program files (x86)\activision\blur(tm)\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\blur(tm)\blur.exe |
"TCP Query User{A50726DE-B94B-4616-994C-059E33CB3A86}C:\users\***\desktop\dslan_v1.4\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\dslan_v1.4\mysql\bin\mysqld.exe |
"TCP Query User{A76DCD6F-276B-4447-B358-DD738DB7FC7C}C:\program files (x86)\common files\nokia\fuse\fuse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\fuse\fuse.exe |
"TCP Query User{A8CC5452-0A4C-41FC-A2B7-0015C33A8F2E}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\fuse\fuseservice.exe |
"TCP Query User{AD54D6AC-FEB3-405A-B384-58912983A6E0}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"TCP Query User{BA0E8641-E5D0-4410-9504-22BA9D183379}C:\ut2003\system\ut2003.exe" = protocol=6 | dir=in | app=c:\ut2003\system\ut2003.exe |
"TCP Query User{C4E3A0CD-110D-464F-84DA-C05F828CE10E}C:\users\***\desktop\ds lan\dslan_v1.4\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\ds lan\dslan_v1.4\mysql\bin\mysqld.exe |
"TCP Query User{CD47E5B5-E70A-4B28-A3AD-D725527F4797}C:\program files (x86)\odeon\jaf\jcop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\odeon\jaf\jcop.exe |
"TCP Query User{D1E8FFB0-0172-402B-9F0A-3E148CD42D53}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{D8066E2F-D2FC-4E6F-9163-50DE6A287585}C:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_dummydrag.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_dummydrag.exe |
"TCP Query User{D8934F5F-6008-402A-815B-E1A348C2C8B7}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe |
"TCP Query User{DA938E9A-19E9-4CC4-A723-2EC0F632A8C8}C:\users\***\desktop\donatello\mine edit\launchserver.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\mine edit\launchserver.exe |
"TCP Query User{DABF8F5E-56DC-4B25-B298-77FCE12CA684}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{DDE22C2F-53E9-4249-9A20-F85C5120763A}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{E8633728-97C0-4B34-8138-2E9366755E0A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{EF7D5428-8B81-42F5-8CFA-FBBF3E337DAF}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{F0C5DEC1-574B-4B61-8B3A-1CFFF773D29D}C:\users\***\desktop\michelangelos spiele\cod1\codmp.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\michelangelos spiele\cod1\codmp.exe |
"TCP Query User{F6ED4BB9-1926-475A-934B-EDA02EC4874F}C:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe |
"TCP Query User{FD8A1007-BFA1-45CE-975D-53DF51EF29E6}C:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe |
"UDP Query User{0550ECC8-C9E8-4B9B-9D23-FC0B07987F7F}C:\users\***\desktop\ds lan\dslan_v1.4\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\ds lan\dslan_v1.4\mysql\bin\mysqld.exe |
"UDP Query User{05C79013-E0DE-4DB9-B820-C82AFD71EC29}C:\users\***\desktop\teeworlds 0.6.1\teeworlds_srv_race.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\teeworlds 0.6.1\teeworlds_srv_race.exe |
"UDP Query User{0C1FA51D-5401-4B81-8E40-13E24B1F0E1A}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{0E8C3072-4A1B-4741-9B58-15023B62E1F5}C:\program files (x86)\EA GAMES\MOHAA\MOHAA.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mohaa\mohaa.exe |
"UDP Query User{16BDC9E1-BD8D-4542-8582-BAC08E8D9647}C:\users\***\desktop\donatello\remoterserver.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\remoterserver.exe |
"UDP Query User{177A1A73-2221-409D-A644-D3C706FFE900}C:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe |
"UDP Query User{1EE7F49E-0CCF-4084-8963-4D8EC29D3EB0}C:\program files (x86)\umair cheema\wificheema server\wificheema.exe" = protocol=17 | dir=in | app=c:\program files (x86)\umair cheema\wificheema server\wificheema.exe |
"UDP Query User{28AA5427-44FF-4D7A-8535-544B089449A1}C:\program files (x86)\nokia\phoenix\phoenix.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\phoenix\phoenix.exe |
"UDP Query User{2C1FC9C5-AA0F-4071-9C7C-8781B2E05D61}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{2E1302F3-8929-454F-A884-59F234162B5F}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe |
"UDP Query User{39089306-ADCA-4060-969B-DA15C5BC2C64}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{3D098275-7BBB-4685-8CEB-694656A28C19}C:\program files (x86)\odeon\jaf\jcop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\odeon\jaf\jcop.exe |
"UDP Query User{4451ED89-4382-499D-A723-9487489ADF1B}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{4B198F47-D0B5-4679-BAE9-23B2ADC54D3B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{50E0ABDA-9586-422C-8D45-EB170EF58EEB}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{5561545B-6191-4DC3-9EF0-F528E14B24E4}C:\program files (x86)\firefly studios\stronghold\stronghold.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"UDP Query User{58BCBFA7-6B2E-4F7C-8DFC-7D49C505D7A3}C:\users\***\desktop\donatello\mine edit\launchserver.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\mine edit\launchserver.exe |
"UDP Query User{61816FD8-3CF9-40F1-A07E-96CC7E42E776}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\fuse\fuseservice.exe |
"UDP Query User{6EF3F8CD-D605-4390-AAC9-98506B1586CA}C:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_race.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_race.exe |
"UDP Query User{73CE6918-3A7B-4A7C-95AF-3D3F8C101868}C:\users\***\desktop\dslan_v1.4\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\dslan_v1.4\apache\bin\apache.exe |
"UDP Query User{7CF05CDF-5A85-4194-98FD-A62B2AD18D82}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{7FD31B02-239C-48EE-8FE5-CEB581321596}C:\users\***\desktop\donatello\ds lan\dslan_v1.4\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\ds lan\dslan_v1.4\mysql\bin\mysqld.exe |
"UDP Query User{87031836-62AC-4C99-8669-7BAE5BECA0C3}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"UDP Query User{8C0F8E54-DEC4-4C1A-8BD3-09EAE05B8C7B}C:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe |
"UDP Query User{8F682941-F8B1-471B-B238-ADAEBC43E25B}C:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe |
"UDP Query User{96FC5691-E0C2-4E23-901A-1BE5E429D49C}C:\users\***\desktop\dslan_v1.4\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\dslan_v1.4\mysql\bin\mysqld.exe |
"UDP Query User{98E37BB0-7119-4809-802E-27147CB24465}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe |
"UDP Query User{99AB2215-AF6F-4E70-B0FC-81FC07930E32}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin |
"UDP Query User{9F51E872-5FE0-46BA-8C9B-3FED57ED929A}C:\program files (x86)\xlink kai\kaiengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe |
"UDP Query User{AB6EEBA9-1303-47C8-AB53-64A3D8F11F8F}C:\users\***\desktop\spiele\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\call of duty - world at war\codwaw.exe |
"UDP Query User{AF9C627C-AB64-4D62-A433-1126F5BEEB06}C:\users\***\desktop\donatello\ds lan\dslan_v1.4\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\ds lan\dslan_v1.4\apache\bin\apache.exe |
"UDP Query User{B242686C-E4B9-458F-9C60-5B47EB9657A4}C:\users\***\desktop\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe |
"UDP Query User{B54128DC-18C2-4B31-9BBA-9B66424E9954}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"UDP Query User{BDD5C000-D546-421B-8416-E28B4BF1E670}C:\users\***\desktop\ds lan\dslan_v1.4\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\ds lan\dslan_v1.4\apache\bin\apache.exe |
"UDP Query User{BEE5EFE3-8798-4749-BB5B-D6071B65DB51}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe |
"UDP Query User{CBC65FC8-FA70-493B-AB6B-062286908782}C:\ut2003\system\ut2003.exe" = protocol=17 | dir=in | app=c:\ut2003\system\ut2003.exe |
"UDP Query User{D0C09398-BE97-498C-8404-FEBD3106EAC4}C:\program files (x86)\common files\nokia\fuse\fuse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\fuse\fuse.exe |
"UDP Query User{D453B923-AAB9-4329-8ADD-791BE131CF61}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{DAABB33E-3D76-48E8-98D3-C3708CF71AFF}C:\ijji\english\ava\binaries\ava.exe" = protocol=17 | dir=in | app=c:\ijji\english\ava\binaries\ava.exe |
"UDP Query User{EA4B7F14-6305-453B-8C09-3C983DF35CEE}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe |
"UDP Query User{F03C890E-D3AF-4835-A416-83209F4AF87E}C:\users\***\desktop\michelangelos spiele\cod1\codmp.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\michelangelos spiele\cod1\codmp.exe |
"UDP Query User{F04BF92F-47EC-4ACD-A3E4-08E2795E27D5}C:\program files (x86)\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"UDP Query User{F110C5C0-4B06-43CF-B420-07AE09E92130}C:\program files (x86)\activision\blur(tm)\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\blur(tm)\blur.exe |
"UDP Query User{F1C0F384-53AB-4D11-8F0E-4316B4C0BD6D}C:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_dummydrag.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_dummydrag.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.05
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B099E941-4789-46A1-9B14-01CFD04E03B3}" = Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"WinGimp-2.0_is1" = GIMP 2.6.8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0AFECCA6-61A0-409F-9205-67613984209D}" = Multimedia Card Reader
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD935EA-AA51-4271-8668-F64F34D67CD7}" = Phoenix Service Software
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3800E4B7-3457-42D9-B22D-2CBAAAEDF0A1}" = IObit Toolbar v7.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"{57BC1FEB-421D-469C-B07B-C8095596A224}" = XLink Kai
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74AF34F6-ACF4-438C-9C7E-FA0307B60E45}" = IClaroInstaller
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7E44C354-10A8-4214-9C56-F3F00775E415}_is1" = Stykz for Windows 1.0.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B18BDF00-5F0B-4A99-8CA1-635C5105C279}" = HomebrewStore Downloader
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2B4C2B-0805-4E06-873D-CECB046A5BE8}" = Camtasia Studio 8
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD023A2B-43ED-40C0-8254-794555CDBBC1}" = WiFiCheema Server
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Sitecom Wireless Network USB Adapter Turbo G WL-172
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AGEIA PhysX v2.3.3" = AGEIA PhysX v2.3.3
"Akamai" = Akamai NetSession Interface Service
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"ArmA2" = ArmA2 Uninstall
"Audacity_is1" = Audacity 2.0.2
"Audiosurf_is1" = Audiosurf Beta
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BattlEye" = BattlEye Uninstall
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"BrowserCompanion" = BrowserCompanion
"claro" = Claro LTD toolbar on IE
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealPly" = DealPly
"DealScout" = DealScout for Internet Explorer
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Everything" = Everything 1.2.1.371
"express-files Toolbar" = express-files Toolbar
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Screen To Video_is1" = Free Screen To Video V 2.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903
"Game Cam" = Game Cam 2.6.1.0
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Chrome" = Google Chrome
"Half-Life_is1" = Half-Life
"HP Photo Creations" = HP Photo Creations
"HyperCam 2" = HyperCam 2
"Hyperionics DB Toolbar" = Hyperionics DB Toolbar
"ICQToolbar" = ICQ Toolbar
"Inkscape" = Inkscape 0.48.2
"InnoGames Toolbar" = InnoGames Toolbar
"InstallShield_{0AFECCA6-61A0-409F-9205-67613984209D}" = Multimedia Card Reader
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Intel AppUp(SM) center 29342" = Intel AppUp(SM) center
"InterActual Player" = InterActual Player
"IsoBuster_is1" = IsoBuster 2.3
"JAFSetup" = JAF Setup
"KaloMa_is1" = KaloMa 4.92
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"LAME_is1" = LAME v3.99.3 (for Windows)
"lmms" = LMMS 0.4.13
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.53
"Nimbuzz" = Nimbuzz 2.4.0
"NIS" = Norton Internet Security
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"NSS" = NSS (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Phoenix Service Software 2011.24.002.46258_is1" = Phoenix Service Software 2011.24.002.46258
"PhotoScape" = PhotoScape
"PricePeep" = PricePeep
"PunkBusterSvc" = PunkBuster Services
"Quick Memory Editor_is1" = Quick Memory Editor 5.7
"RealPlayer 15.0" = RealPlayer
"RealPlayer 16.0" = RealPlayer
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"San Andreas Mod Installer1.0" = San Andreas Mod Installer
"SearchCore for Browsers" = SearchCore for Browsers
"Searchqu 417 MediaBar" = Windows Searchqu Toolbar
"searchresults1" = Search Results Toolbar
"Security Task Manager" = Security Task Manager 1.8g
"Softonic-de Toolbar" = Softonic-de Toolbar
"SpeedFan" = SpeedFan (remove only)
"Steam App 440" = Team Fortress 2
"Steam App 47400" = Stronghold 3
"StepMania" = StepMania (remove only)
"Synthesia" = Synthesia
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"UT2003" = Unreal Tournament 2003
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinArchiver" = WinArchiver
"WinLiveSuite" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.8.3 (64-bit)
"yolobartb" = Yolobar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"ExpressFiles" = ExpressFiles
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.04.2013 07:07:58 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 25.04.2013 06:39:42 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 25.04.2013 13:14:22 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 25.04.2013 14:42:14 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 26.04.2013 14:17:03 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 27.04.2013 10:06:01 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 28.04.2013 06:07:55 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 28.04.2013 06:51:07 | Computer Name = Donatello-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SplinterCell4.exe, Version: 0.0.0.0,
Zeitstempel: 0x4539e082 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xba04c083 ID des fehlerhaften
Prozesses: 0x17f8 Startzeit der fehlerhaften Anwendung: 0x01ce43fccef6b203 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell
Double Agent\SCDA-Offline\system\SplinterCell4.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 8714cf60-aff1-11e2-bf89-1c6f6545c13a
Error - 29.04.2013 11:34:13 | Computer Name = Donatello-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\Donatello\SoftonicDownloader_fuer_free-screen-to-video.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 29.04.2013 11:34:16 | Computer Name = Donatello-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\Donatello\SoftonicDownloader_fuer_audiosurf.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
[ Media Center Events ]
Error - 20.12.2011 09:38:58 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 14:38:53 - Fehler beim Herstellen der Internetverbindung. 14:38:53
- Serververbindung konnte nicht hergestellt werden..
Error - 21.12.2011 12:26:49 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:26:49 - Fehler beim Herstellen der Internetverbindung. 17:26:49
- Serververbindung konnte nicht hergestellt werden..
Error - 21.12.2011 12:26:57 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:26:54 - Fehler beim Herstellen der Internetverbindung. 17:26:54
- Serververbindung konnte nicht hergestellt werden..
Error - 22.12.2011 11:06:07 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:06:07 - Fehler beim Herstellen der Internetverbindung. 16:06:07
- Serververbindung konnte nicht hergestellt werden..
Error - 22.12.2011 11:06:30 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:06:14 - Fehler beim Herstellen der Internetverbindung. 16:06:14
- Serververbindung konnte nicht hergestellt werden..
Error - 23.12.2011 04:41:35 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:41:35 - Fehler beim Herstellen der Internetverbindung. 09:41:35
- Serververbindung konnte nicht hergestellt werden..
Error - 23.12.2011 04:41:43 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:41:40 - Fehler beim Herstellen der Internetverbindung. 09:41:40
- Serververbindung konnte nicht hergestellt werden..
Error - 24.12.2011 11:13:24 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:13:24 - Fehler beim Herstellen der Internetverbindung. 16:13:24
- Serververbindung konnte nicht hergestellt werden..
Error - 24.12.2011 11:13:33 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:13:30 - Fehler beim Herstellen der Internetverbindung. 16:13:30
- Serververbindung konnte nicht hergestellt werden..
Error - 26.12.2011 19:09:58 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 00:09:53 - Fehler beim Herstellen der Internetverbindung. 00:09:53
- Serververbindung konnte nicht hergestellt werden..
[ NetLimiter 3 Events ]
Error - 09.01.2013 14:41:53 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 10.01.2013 12:03:40 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 10.01.2013 13:27:07 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 11.01.2013 10:03:58 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 11.01.2013 12:30:12 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 11.01.2013 12:45:27 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 12.01.2013 09:03:16 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 13.01.2013 07:50:23 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 14.01.2013 15:20:56 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 19.01.2013 15:46:46 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
[ System Events ]
Error - 25.04.2013 06:21:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Yontoo Desktop Updater" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 25.04.2013 08:54:17 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 26.04.2013 13:39:17 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 26.04.2013 13:42:13 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 26.04.2013 14:12:17 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 27.04.2013 12:05:31 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 27.04.2013 12:29:34 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 29.04.2013 07:16:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error - 29.04.2013 07:19:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Yontoo Desktop Updater" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 29.04.2013 12:44:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Yontoo Desktop Updater" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-30 15:46:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.1AG0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\fxtiruoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800039f3000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800039f302f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\windows\SysWOW64\svchost.exe[1456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\windows\SysWOW64\svchost.exe[1456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1500] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000758f87b1 5 bytes [33, C0, C2, 04, 00]
.text C:\Users\***\AppData\Local\Akamai\netsession_win.exe[3860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Users\***\AppData\Local\Akamai\netsession_win.exe[3860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[6836] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76]
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[6836] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\windows\System32\svchost.exe [1140:1268] 000007fefb49f2f4
Thread C:\windows\System32\svchost.exe [1140:1284] 000007fefbd36204
Thread C:\windows\System32\svchost.exe [1140:1532] 000007fefaf45428
Thread C:\windows\System32\svchost.exe [1140:4576] 000007fefec3c608
Thread C:\windows\System32\svchost.exe [1140:1672] 000007fef5f46b8c
Thread C:\windows\System32\svchost.exe [1140:4224] 000007fef5f41d88
Thread C:\windows\System32\svchost.exe [1172:1692] 000007fefa0459a0
Thread C:\windows\System32\svchost.exe [1172:1868] 000007fefd1b1a70
Thread C:\windows\System32\svchost.exe [1172:3736] 000007fef78b20c0
Thread C:\windows\System32\svchost.exe [1172:3740] 000007fef78b26a8
Thread C:\windows\System32\svchost.exe [1172:3748] 000007fef73314a0
Thread C:\windows\System32\svchost.exe [1172:4048] 000007fef6eda2b0
Thread C:\windows\System32\svchost.exe [1172:4080] 000007fef8b144e0
Thread C:\windows\System32\svchost.exe [1172:6564] 000007fef6d588f8
Thread C:\windows\System32\svchost.exe [1172:4704] 000007fef78b29dc
Thread C:\windows\system32\svchost.exe [1196:1724] 000007fef9b21a50
Thread C:\windows\system32\svchost.exe [1196:3228] 000007fef7d9506c
Thread C:\windows\system32\svchost.exe [1196:3236] 000007fef80d1c20
Thread C:\windows\system32\svchost.exe [1196:3240] 000007fef80d1c20
Thread C:\windows\system32\svchost.exe [1196:1252] 000007fef8f25124
Thread C:\windows\system32\svchost.exe [1196:8060] 000007fef9904164
Thread C:\windows\system32\svchost.exe [1196:5212] 000007fef00ccb70
Thread C:\windows\system32\svchost.exe [1196:5152] 000007fef9931ab0
Thread C:\windows\system32\svchost.exe [1288:1420] 000007fefb288274
Thread C:\windows\system32\svchost.exe [1288:3672] 000007fefb288274
Thread C:\windows\system32\svchost.exe [1892:1760] 000007fef94d35c0
Thread C:\windows\system32\svchost.exe [1892:3712] 000007fef94d5600
Thread C:\windows\system32\svchost.exe [1892:3992] 000007fef6f22940
Thread C:\windows\system32\svchost.exe [1892:1600] 000007fef6aa2888
Thread C:\windows\system32\taskhost.exe [3964:2952] 000007fefb381010
Thread C:\windows\system32\taskhost.exe [3964:4592] 000007fef83a5170
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:1124] 000007fefbf92a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:5096] 000007fef098d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:1816] 000007fef098d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:1108] 000007fef8f25124
---- EOF - GMER 2.1 ----
|
|
30.04.2013, 15:49
| #9 |
| /// TB-Ausbilder | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. Hallo, siehst du beim Surfen überhaupt noch etwas von der Website mit all diesen Toolbars im Browser..? Schritt 1
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Scan mit Combofix
Schritt 4 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
30.04.2013, 17:06
| #10 |
| | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. AdwCleaner: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 30/04/2013 um 17:08:43 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\***\AppData\Local\Temp\Searchqu.ini
Datei Gelöscht : C:\Users\***\AppData\Local\Temp\searchqutoolbar-manifest.xml
Datei Gelöscht : C:\Users\***\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
Datei Gelöscht : C:\windows\SysWOW64\conduitEngine.tmp
Ordner Gelöscht : C:\Program Files (x86)\Babylon
Ordner Gelöscht : C:\Program Files (x86)\BrotherSoft_Extreme
Ordner Gelöscht : C:\Program Files (x86)\BrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ExpressFiles
Ordner Gelöscht : C:\Program Files (x86)\Free Offers from Freeze.com
Ordner Gelöscht : C:\Program Files (x86)\FunWebProducts
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\InnoGames
Ordner Gelöscht : C:\Program Files (x86)\SearchCore for Browsers
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Windows Searchqu Toolbar
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\Anti-phishing Domain Advisor
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\yolobartb
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Local\ConduitEngine
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk
Ordner Gelöscht : C:\Users\***\AppData\Local\Minibar
Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\{94366e2c-9923-431c-b0d6-747447dd0f2b}
Ordner Gelöscht : C:\Users\***\AppData\Local\yolobartb
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\BrotherSoft_Extreme
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\InnoGames
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\searchresultstb
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\***\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\***\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\CT2682599
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\jetpack
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\Smartbar
Ordner Gelöscht : C:\Users\***\AppData\Roaming\PriceGong
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\***\AppData\Roaming\ExpressFiles
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BrotherSoft_Extreme
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\InnoGames
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\Installer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEE88B81-C2FB-4733-A826-88CB0A67FB61}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\SearchCore for Browsers
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Somoto Toolbar
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Schlüssel Gelöscht : HKCU\Software\SMTTB2009
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\BrotherSoft_Extreme
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2009772
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2682599
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3176921
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\Software\FunWebProducts
Schlüssel Gelöscht : HKLM\Software\InnoGames
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A4FBEF84-2499-4B5C-A00D-CB0756DB7A3F}
Schlüssel Gelöscht : HKLM\Software\Minibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4FBEF84-2499-4B5C-A00D-CB0756DB7A3F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2832C073-4123-4E67-8BFF-09222A4955A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FA44E4C-CE48-4B2F-AF34-EAA81289632B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72F1A3A4-6389-480E-8EFA-340BA7E44E4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8568A9BA-C6F4-4D2B-A285-8788B12EC2D4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrotherSoft_Extreme Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InnoGames Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{51A86BB3-6602-4C85-92A5-130EE4864F13}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{51A86BB3-6602-4C85-92A5-130EE4864F13}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\user.js ... Gelöscht !
Gelöscht : user_pref("CT2682599.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2682599.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2682599.FirstTime", "true");
Gelöscht : user_pref("CT2682599.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2682599.LoginRevertSettingsEnabled", true);
Gelöscht : user_pref("CT2682599.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT2682599.UserID", "UN97674717168638872");
Gelöscht : user_pref("CT2682599.activeToolbar.enc", "c3RhZW1tZQ==");
Gelöscht : user_pref("CT2682599.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2682599.enableAlerts", "never");
Gelöscht : user_pref("CT2682599.enableFix404ByUser", "FALSE");
Gelöscht : user_pref("CT2682599.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2682599.fixPageNotFoundErrorByUser", "TRUE");
Gelöscht : user_pref("CT2682599.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2682599.fixUrls", true);
Gelöscht : user_pref("CT2682599.homepageuserchanged", true);
Gelöscht : user_pref("CT2682599.hxxp___toolbar_innogames_de_toolbars_flags.APP_WIN_FEATURES.enc", "cmVzaXphYmxl[...]
Gelöscht : user_pref("CT2682599.hxxp___toolbar_innogames_de_toolbars_staemme.APP_WIN_FEATURES.enc", "cmVzaXphYm[...]
Gelöscht : user_pref("CT2682599.installType", "DirectDownload");
Gelöscht : user_pref("CT2682599.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2682599.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2682599.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2682599.isNewTabEnabled", false);
Gelöscht : user_pref("CT2682599.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2682599.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2682599.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2682599.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Gelöscht : user_pref("CT2682599.lastVersion", "10.15.2.523");
Gelöscht : user_pref("CT2682599.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2682599.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Gelöscht : user_pref("CT2682599.revertSettingsEnabled", "false");
Gelöscht : user_pref("CT2682599.search.searchAppId", "129219291115718929");
Gelöscht : user_pref("CT2682599.search.searchCount", "1");
Gelöscht : user_pref("CT2682599.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2682599.searchInNewTabEnabledByUser", "false");
Gelöscht : user_pref("CT2682599.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2682599.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2682599.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2682599.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2682599.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2682599.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2682599.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2682599.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2682599.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2682599.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364819690181");
Gelöscht : user_pref("CT2682599.serviceLayer_services_appsMetadata_lastUpdate", "1364819690125");
Gelöscht : user_pref("CT2682599.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364819690052");
Gelöscht : user_pref("CT2682599.serviceLayer_services_location_lastUpdate", "1367263224623");
Gelöscht : user_pref("CT2682599.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359302023345");
Gelöscht : user_pref("CT2682599.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360758279729");
Gelöscht : user_pref("CT2682599.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364030138512");
Gelöscht : user_pref("CT2682599.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366230502072");
Gelöscht : user_pref("CT2682599.serviceLayer_services_login_10.15.2.523_lastUpdate", "1367322529640");
Gelöscht : user_pref("CT2682599.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364819689978");
Gelöscht : user_pref("CT2682599.serviceLayer_services_searchAPI_lastUpdate", "1364819691304");
Gelöscht : user_pref("CT2682599.serviceLayer_services_serviceMap_lastUpdate", "1367263224295");
Gelöscht : user_pref("CT2682599.serviceLayer_services_setupAPI_lastUpdate", "1361891786538");
Gelöscht : user_pref("CT2682599.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364819690087");
Gelöscht : user_pref("CT2682599.serviceLayer_services_toolbarSettings_lastUpdate", "1367329864366");
Gelöscht : user_pref("CT2682599.serviceLayer_services_translation_lastUpdate", "1367322530029");
Gelöscht : user_pref("CT2682599.settingsINI", true);
Gelöscht : user_pref("CT2682599.showToolbarPermission", "false");
Gelöscht : user_pref("CT2682599.smartbar.CTID", "CT2682599");
Gelöscht : user_pref("CT2682599.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2682599.smartbar.homepage", true);
Gelöscht : user_pref("CT2682599.smartbar.isHidden", true);
Gelöscht : user_pref("CT2682599.smartbar.toolbarName", "InnoGames ");
Gelöscht : user_pref("CT2682599.staemme_village_de86.enc", "OTI4MzY=");
Gelöscht : user_pref("CT2682599.staemme_world_de.enc", "ZGU4Ng==");
Gelöscht : user_pref("CT2682599.toolbarBornServerTime", "23-1-2013");
Gelöscht : user_pref("CT2682599.toolbarCurrentServerTime", "30-4-2013");
Gelöscht : user_pref("CT2682599.toolbarLoginClientTime", "Sun Mar 24 2013 17:44:44 GMT+0100");
Gelöscht : user_pref("CT2682599.toolbarUrl.enc", "aHR0cDovL3Rvb2xiYXIuaW5ub2dhbWVzLmRlL3Rvb2xiYXJzL3N0YWVtbWUvd[...]
Gelöscht : user_pref("CT2682599.toolbar_market.enc", "ZGU=");
Gelöscht : user_pref("CT2682599_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2682599&SearchSource=13&CUI[...]
Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2682599&SearchSource=13[...]
Gelöscht : user_pref("smartbar.machineId", "MAHN3CLXN8IV6KBCFMTHO5KAP03KF076BLIDI7ZVOTO6KRNQXMSXTAKGG8O7BVNEGF8[...]
Gelöscht : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gpq6p1h6.default\prefs.js
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/417");
Gelöscht : user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=417&sr=0&q=");
Gelöscht : user_pref("browser.search.selectedEngine", "Search The Web");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp");
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\xroymhmo.default\prefs.js
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/417");
Gelöscht : user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=417&sr=0&q=");
Gelöscht : user_pref("browser.search.selectedEngine", "Search The Web");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp");
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.22] : icon_url = "hxxp://www.plusnetwork.com/assets/56674c9b/img/favicon.ico",
Gelöscht [l.25] : keyword = "www.searchplusnetwork.com",
Gelöscht [l.28] : search_url = "hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}",
Datei : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [35069 octets] - [30/04/2013 17:08:43]
########## EOF - C:\AdwCleaner[S1].txt - [35130 octets] ##########
|
|
30.04.2013, 17:06
| #11 |
| | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. OTL: Code:
ATTFilter OTL logfile created on: 30.04.2013 17:50:34 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 60,10% Memory free 7,73 Gb Paging File | 6,25 Gb Available in Paging File | 80,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 923,02 Gb Total Space | 342,32 Gb Free Space | 37,09% Space Free | Partition Type: NTFS Computer Name: DONATELLO-PC | User Name: Antonio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.29 21:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Antonio\Desktop\OTL.exe PRC - [2013.04.16 09:51:12 | 000,202,264 | ---- | M] () -- C:\Program Files (x86)\WinArchiver\WAService.exe PRC - [2013.04.16 09:51:10 | 000,480,792 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\WinArchiver\WAHELPER.EXE PRC - [2013.04.03 06:57:20 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2013.03.24 18:34:11 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2013.03.06 03:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Antonio\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe PRC - [2011.10.25 15:52:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.19 04:00:32 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.19 04:00:28 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe ========== Modules (No Company Name) ========== MOD - [2013.04.03 06:57:20 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2013.02.14 01:12:55 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 20:23:54 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll MOD - [2013.01.10 20:23:54 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll MOD - [2013.01.09 20:46:06 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.09 20:45:30 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 20:45:15 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.09 20:45:07 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 20:45:00 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.09 20:44:55 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 20:44:25 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.04.16 09:51:12 | 000,202,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WinArchiver\WAService.exe -- (WinArchiver Service) SRV - [2013.04.12 13:45:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.25 20:59:56 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2013.03.13 19:52:50 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.06 03:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS) SRV - [2012.04.19 22:23:38 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2011.10.25 15:52:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.04.24 22:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.21 16:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.19 04:00:32 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.03.19 04:00:28 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.11.06 22:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.16 09:51:14 | 000,140,184 | ---- | M] (Power Software Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\waemu.sys -- (waemu) DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.12.05 21:11:22 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.11.09 16:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2012.11.09 16:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.28 13:18:18 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.07.06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.07.06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.06.07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.05.22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.04.18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS) DRV:64bit: - [2012.04.18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.02.07 19:04:33 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41) DRV:64bit: - [2012.02.01 03:31:00 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.07.25 20:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS) DRV:64bit: - [2011.03.21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT) DRV:64bit: - [2011.03.21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.30 15:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop) DRV:64bit: - [2009.06.23 09:38:20 | 003,531,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2007.11.06 22:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2006.08.27 09:59:12 | 000,031,744 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV - [2013.04.13 01:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130412.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.02.16 17:52:27 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130429.004\ex64.sys -- (NAVEX15) DRV - [2013.02.16 17:52:27 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.02.16 17:52:27 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130429.004\eng64.sys -- (NAVENG) DRV - [2013.01.19 15:03:03 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.09.01 02:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130426.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.02.03 00:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) DRV - [2011.03.21 16:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{83E494DD-FE42-4181-BB47-AC5D274584D7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{8B8F841D-FD9F-446C-B2C0-F7D848F86F9C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de [binary data] IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\..\SearchScopes\{8B8F841D-FD9F-446C-B2C0-F7D848F86F9C}: "URL" = hxxp://www.bing.com/search?FORM=MNMTDF&PC=MANM&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\..\SearchScopes\{9F3CE6DD-69A6-4470-8115-321F3EAF8250}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1010\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..extensions.enabledAddons: %7B26DDE423-F085-4b2d-893B-BF98C9FAD0CF%7D:1.4 FF - prefs.js..extensions.enabledAddons: info%40convert2mp3.net:2.2 FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: %7BC3949AC2-4B17-43ee-B4F1-D26B9D42404D%7D:15.0.5 FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.8 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.2 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Antonio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Antonio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Antonio\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.19 13:05:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.07.28 13:18:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.04.30 17:39:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.11 19:28:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.03.24 18:35:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.03.24 18:35:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.30 17:03:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:45:07 | 000,000,000 | ---D | M] [2013.04.30 17:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Extensions [2013.04.30 17:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions [2012.12.18 15:31:48 | 000,000,000 | ---D | M] (Online video Converter) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\{26DDE423-F085-4b2d-893B-BF98C9FAD0CF} [2013.02.21 13:35:43 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\exif_viewer@mozilla.doslash.org.xpi [2013.01.20 14:26:26 | 000,043,066 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\info@convert2mp3.net.xpi [2013.04.26 20:01:10 | 000,658,566 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013.04.16 19:33:53 | 000,382,710 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\jid1-aPwS0JCl36iLkQ@jetpack.xpi [2013.04.15 14:48:01 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\youtubeunblocker@unblocker.yt.xpi [2013.03.24 18:39:40 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013.02.14 16:21:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.21 13:10:15 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013.02.28 19:06:02 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.04.14 12:11:31 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2013.04.30 17:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.07.11 19:28:54 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2013.03.24 18:35:18 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013.04.12 13:45:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll [2013.03.24 18:34:22 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.02.28 14:04:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 17:03:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.28 14:04:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.28 14:04:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.30 23:02:14 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml [2012.02.28 14:04:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.28 14:04:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Plus! Network (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: AppUp (Enabled) = C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Antonio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Antonio\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Antonio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Docs = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: IClaro = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff\1.0_0\ CHR - Extension: RealDownloader = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: Skype Click to Call = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Norton Identity Protection = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\ CHR - Extension: ICQ Sparberater = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.2.662_0\ CHR - Extension: Google Mail = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Docs = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: IClaro = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff\1.0_0\ CHR - Extension: RealDownloader = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: Skype Click to Call = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Norton Identity Protection = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\ CHR - Extension: ICQ Sparberater = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.2.662_0\ CHR - Extension: Google Mail = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.04.30 17:40:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O3:64bit: - HKLM\..\Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [snp2uvc] C:\windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WAHELPER.EXE] C:\Program Files (x86)\WinArchiver\WAHELPER.EXE (Power Software Ltd) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001..\Run: [Akamai NetSession Interface] C:\Users\Antonio\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-694020154-2073930874-1152709320-1010..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-694020154-2073930874-1152709320-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-694020154-2073930874-1152709320-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antonio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antonio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACC33D24-B72F-4CE3-B4FE-3ECF51F39C7C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.30 17:46:57 | 000,000,000 | ---D | C] -- C:\windows\temp [2013.04.30 17:40:35 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.04.30 17:22:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.04.30 17:22:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.04.30 17:22:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.04.30 17:21:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.30 17:21:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.04.30 16:57:14 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.04.30 16:50:07 | 005,061,928 | R--- | C] (Swearware) -- C:\Users\Antonio\Desktop\ComboFix.exe [2013.04.29 21:51:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Antonio\Desktop\OTL.exe [2013.04.29 19:08:21 | 003,980,324 | ---- | C] (Phrozen ® Software 2012. ) -- C:\Users\Antonio\Desktop\PhrozenKeyloggerLite1-0R2_setup.exe [2013.04.29 19:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.04.29 19:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2013.04.29 19:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2013.04.29 19:00:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Antonio\Desktop\HijackThis.exe [2013.04.28 11:01:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PhrozenSoft [2013.04.28 11:01:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phrozen Keylogger Lite [2013.04.28 11:01:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.04.27 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.25 13:11:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix5 [2013.04.24 19:18:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Info [2013.04.24 16:01:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix4 [2013.04.24 15:28:10 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix3 [2013.04.24 14:22:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDustepMix2 [2013.04.24 14:00:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix [2013.04.22 18:48:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Skrillex [2013.04.20 16:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker [2013.04.20 16:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker [2013.04.20 16:03:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner (2) [2013.04.20 15:55:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinArchiver [2013.04.20 15:50:23 | 000,140,184 | ---- | C] (Power Software Ltd) -- C:\windows\SysNative\drivers\waemu.sys [2013.04.20 15:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinArchiver [2013.04.20 15:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinArchiver [2013.04.13 09:26:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wifite [2013.04.12 13:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.08 19:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.07 21:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! [2013.04.07 16:07:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.terasology [2013.04.06 16:35:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Minecraft Version Changer [2013.04.06 13:51:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Firefox Portable v.23 [2013.04.03 03:59:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Counter-Strike 1.6 - LAN [2013.04.03 00:46:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Warcraft III [2013.04.02 21:44:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DIE SIEDLER - DEdK [2013.04.01 11:53:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\PSP [9 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.30 17:50:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.04.30 17:47:55 | 000,009,696 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 17:47:55 | 000,009,696 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 17:40:23 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2013.04.30 17:40:13 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.30 17:39:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.04.30 17:38:43 | 3113,865,216 | -HS- | M] () -- C:\hiberfil.sys [2013.04.30 17:01:05 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.30 16:52:24 | 000,628,743 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.30 16:52:05 | 005,061,928 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.04.30 15:47:59 | 000,046,953 | ---- | M] () -- C:\Users\***\Desktop\Logs.rar [2013.04.30 15:16:05 | 000,001,146 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-694020154-2073930874-1152709320-1001UA.job [2013.04.30 13:48:00 | 001,652,184 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.04.30 13:48:00 | 000,710,530 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.04.30 13:48:00 | 000,664,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.04.30 13:48:00 | 000,154,462 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.04.30 13:48:00 | 000,126,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.04.29 21:54:17 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.29 21:53:00 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.29 21:52:50 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.29 21:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Antonio\Desktop\OTL.exe [2013.04.29 19:00:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Antonio\Desktop\HijackThis.exe [2013.04.29 18:16:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-694020154-2073930874-1152709320-1001Core.job [2013.04.29 17:58:42 | 005,469,414 | ---- | M] () -- C:\Users\***\Desktop\teaser-for-an-anime-tradition-episode.jpg [2013.04.28 17:29:48 | 000,000,456 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Antonio.job [2013.04.28 15:00:49 | 003,297,456 | ---- | M] () -- C:\Users\***\Desktop\RICHTER & SHOX - BEWEG DICH [HD OFFICIAL VIDEO] (LYRICS).mp3 [2013.04.26 21:45:53 | 004,143,039 | ---- | M] () -- C:\Users\***\Desktop\Wiz Khalifa - Let It Go feat. Akon NEW VIDEO 2013.mp3.mp3 [2013.04.25 18:47:28 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Express Files.lnk [2013.04.25 13:09:49 | 012,897,560 | ---- | M] () -- C:\Users\***\Desktop\MyOwnDubstepMix5.mp3 [2013.04.24 21:12:53 | 003,062,561 | ---- | M] () -- C:\Users\***\Desktop\Kollegah - Mondfinsternis (Official HD Video).mp3 [2013.04.24 13:57:30 | 000,656,973 | ---- | M] () -- C:\Users\***\Desktop\173119.jpg [2013.04.21 15:15:21 | 003,314,156 | ---- | M] () -- C:\Users\***\Desktop\AHMED - Du weißt-Kopffickerexclusive (Beat by DOPETONES and T-MAN).MP3 [2013.04.20 15:50:25 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\WinArchiver.lnk [2013.04.17 21:24:07 | 003,107,702 | ---- | M] () -- C:\Users\***\Desktop\4tune - Splash Qualifikation 2013 (prod. by Hookbeats & Sadikbeatz).mp3 [2013.04.17 15:28:22 | 002,375,020 | ---- | M] () -- C:\Users\***\Desktop\DER ASIATE UND DIE REIMEBUDE JULIENSÖHNE (BACKSPIN TV EXCLUSIVE).mp3 [2013.04.16 09:51:14 | 000,140,184 | ---- | M] (Power Software Ltd) -- C:\windows\SysNative\drivers\waemu.sys [2013.04.11 13:54:55 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2013.04.11 12:27:32 | 000,271,064 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.04.09 21:10:55 | 000,260,956 | ---- | M] () -- C:\Users\***\Desktop\FPSBild.jpg [2013.04.08 19:16:43 | 000,000,000 | ---- | M] () -- C:\cookies.sqlite [2013.04.07 21:18:08 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\osu!.lnk [2013.04.07 14:44:19 | 000,001,460 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2013.04.05 21:57:47 | 180,398,760 | ---- | M] () -- C:\Users\***\Desktop\Best Dubstep mix 2012 (New Free Download Songs, 2 Hours, Complete playlist, High audio quality).MP3 [2013.04.05 20:32:26 | 002,389,648 | ---- | M] () -- C:\Users\***\Desktop\JBB 2013 - Chosen (Qualifikation).mp3 [2013.04.04 23:07:14 | 009,562,273 | ---- | M] () -- C:\Users\***\Desktop\06 - Exochrist.mp3 [2013.04.03 03:07:08 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf [2013.04.03 03:07:08 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf [2013.04.02 21:44:17 | 000,002,823 | ---- | M] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Nebelreich spielen.lnk [2013.04.02 21:44:17 | 000,002,823 | ---- | M] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Legenden spielen.lnk [2013.04.02 21:44:16 | 000,002,694 | ---- | M] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige - Gold Edition.lnk [2013.04.02 15:34:35 | 003,056,711 | ---- | M] () -- C:\Users\***\Desktop\RICHTER - JULIAS BLOG [OFFICIAL VIDEO HD] 2013 (Juliensblog Diss).mp3 [2013.03.31 22:01:25 | 003,092,238 | ---- | M] () -- C:\Users\***\Desktop\JBB 2013 - Cashisclay (Qualifikation).mp3 [9 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.30 17:22:29 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.04.30 17:22:29 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.04.30 17:22:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.04.30 17:22:29 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.04.30 17:22:29 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.04.30 16:52:19 | 000,628,743 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.30 15:47:59 | 000,046,953 | ---- | C] () -- C:\Users\***\Desktop\Logs.rar [2013.04.29 21:54:17 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.29 21:52:53 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.29 21:52:49 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.29 17:57:49 | 005,469,414 | ---- | C] () -- C:\Users\***\Desktop\teaser-for-an-anime-tradition-episode.jpg [2013.04.28 15:00:40 | 003,297,456 | ---- | C] () -- C:\Users\***\Desktop\RICHTER & SHOX - BEWEG DICH [HD OFFICIAL VIDEO] (LYRICS).mp3 [2013.04.26 21:45:36 | 004,143,039 | ---- | C] () -- C:\Users\***\Desktop\Wiz Khalifa - Let It Go feat. Akon NEW VIDEO 2013.mp3.mp3 [2013.04.25 13:09:14 | 012,897,560 | ---- | C] () -- C:\Users\***\Desktop\MyOwnDubstepMix5.mp3 [2013.04.24 21:04:41 | 003,062,561 | ---- | C] () -- C:\Users\***\Desktop\Kollegah - Mondfinsternis (Official HD Video).mp3 [2013.04.24 13:57:28 | 000,656,973 | ---- | C] () -- C:\Users\***\Desktop\173119.jpg [2013.04.21 15:14:49 | 003,314,156 | ---- | C] () -- C:\Users\***\Desktop\AHMED - Du weißt-Kopffickerexclusive (Beat by DOPETONES and T-MAN).MP3 [2013.04.20 19:37:16 | 006,410,985 | ---- | C] () -- C:\Users\***\Desktop\matryoshka.mp3 [2013.04.20 15:50:25 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\WinArchiver.lnk [2013.04.17 21:23:54 | 003,107,702 | ---- | C] () -- C:\Users\***\Desktop\4tune - Splash Qualifikation 2013 (prod. by Hookbeats & Sadikbeatz).mp3 [2013.04.17 15:28:15 | 002,375,020 | ---- | C] () -- C:\Users\***\Desktop\DER ASIATE UND DIE REIMEBUDE JULIENSÖHNE (BACKSPIN TV EXCLUSIVE).mp3 [2013.04.11 13:54:55 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2013.04.11 13:13:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.04.09 21:09:58 | 000,260,956 | ---- | C] () -- C:\Users\***\Desktop\FPSBild.jpg [2013.04.08 19:16:43 | 000,000,000 | ---- | C] () -- C:\cookies.sqlite [2013.04.07 21:18:06 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\osu!.lnk [2013.04.07 14:44:19 | 000,001,460 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2013.04.06 14:25:28 | 009,562,273 | ---- | C] () -- C:\Users\***\Desktop\06 - Exochrist.mp3 [2013.04.05 20:55:40 | 180,398,760 | ---- | C] () -- C:\Users\***\Desktop\Best Dubstep mix 2012 (New Free Download Songs, 2 Hours, Complete playlist, High audio quality).MP3 [2013.04.05 20:32:19 | 002,389,648 | ---- | C] () -- C:\Users\***\Desktop\JBB 2013 - Chosen (Qualifikation).mp3 [2013.04.03 03:07:08 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf [2013.04.03 03:07:08 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf [2013.04.02 21:44:17 | 000,002,823 | ---- | C] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Legenden spielen.lnk [2013.04.02 21:44:16 | 000,002,823 | ---- | C] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Nebelreich spielen.lnk [2013.04.02 21:44:16 | 000,002,694 | ---- | C] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige - Gold Edition.lnk [2013.04.02 15:34:27 | 003,056,711 | ---- | C] () -- C:\Users\***\Desktop\RICHTER - JULIAS BLOG [OFFICIAL VIDEO HD] 2013 (Juliensblog Diss).mp3 [2013.03.31 22:01:17 | 003,092,238 | ---- | C] () -- C:\Users\***\Desktop\JBB 2013 - Cashisclay (Qualifikation).mp3 [2013.02.19 20:25:05 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.01.07 16:53:22 | 000,000,350 | ---- | C] () -- C:\windows\doom3.ini [2012.07.25 18:49:44 | 000,000,079 | ---- | C] () -- C:\windows\iPlayer.INI [2012.07.18 19:13:57 | 000,008,704 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.08 21:29:06 | 000,002,180 | ---- | C] () -- C:\Users\***\.lmmsrc.xml [2012.05.20 13:15:11 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\Access.dat [2012.05.10 17:16:37 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2012.04.23 18:10:36 | 000,000,680 | RHS- | C] () -- C:\Users\Antonio\ntuser.pol [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2012.03.13 18:39:29 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI [2011.12.06 21:27:03 | 000,069,632 | R--- | C] () -- C:\windows\SysWow64\xmltok.dll [2011.12.06 21:27:03 | 000,036,864 | R--- | C] () -- C:\windows\SysWow64\xmlparse.dll [2011.11.07 18:44:14 | 000,000,095 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2011.10.27 17:16:58 | 000,007,599 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.10.25 15:52:37 | 000,111,928 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2011.10.25 15:52:30 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\windows\SysWow64\bdmjpeg.dll [2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\windows\SysWow64\bdmpegv.dll [2011.09.15 07:12:41 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{E7D498F8-7C09-4345-B848-23C9A1D8D55D} [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011.02.18 19:14:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.29 18:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2013.04.07 16:07:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.terasology [2013.04.28 15:00:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012.07.28 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BANDISOFT [2011.10.28 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations [2011.06.23 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.socialbox.socialbox [2012.01.14 15:19:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys [2013.01.07 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.12.21 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2012.09.16 15:08:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.07.29 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeScreenToVideo [2011.10.28 12:58:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2012.12.14 20:18:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.01.24 23:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HomebrewStore Downloader [2012.08.23 12:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IClaro [2012.04.18 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.11.03 17:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ijjigame [2011.10.09 21:26:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2012.06.01 21:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit [2011.10.28 13:56:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.11.06 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2013.04.11 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Minecraft Version Changer [2013.03.07 20:58:13 | 000,000,000 | ---D | M] -- C:\Users\A***o\AppData\Roaming\Mp3tag [2011.10.07 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World [2012.06.13 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2012.01.04 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite [2012.06.13 18:07:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite [2013.03.17 14:01:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.07.19 17:53:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2013.03.09 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.09.12 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2013.04.28 11:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhrozenSoft [2013.04.24 21:37:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2013.02.16 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz [2011.12.20 21:52:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz Help [2013.02.25 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia [2013.01.21 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.10.10 19:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TechSmith [2011.10.19 18:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds [2011.04.14 20:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2013.04.22 15:21:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2012.05.20 13:15:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle [2012.01.24 23:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net [2013.04.20 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinArchiver [2012.08.29 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2012.10.10 17:36:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark [2012.02.07 19:04:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XLink Kai [2012.10.05 13:40:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.10.11 21:38:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012.07.26 20:02:10 | 000,000,000 | ---D | M](C:\windows\SysWow64\????sers) -- C:\windows\SysWow64\œ粠œsers [2012.07.26 20:02:10 | 000,000,000 | ---D | C](C:\windows\SysWow64\????sers) -- C:\windows\SysWow64\œ粠œsers < End of report > Code:
ATTFilter ComboFix 13-04-29.01 - *** 30.04.2013 17:25:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2048 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-28 bis 2013-04-30 ))))))))))))))))))))))))))))))
.
.
2013-04-30 15:36 . 2013-04-30 15:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-30 15:36 . 2013-04-30 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-30 15:11 . 2013-04-30 15:11 0 ----a-w- c:\windows\SysWow64\sho3B54.tmp
2013-04-29 17:02 . 2013-04-29 17:41 -------- d-----w- c:\programdata\SecTaskMan
2013-04-29 17:02 . 2013-04-29 17:02 -------- d-----w- c:\program files (x86)\Security Task Manager
2013-04-29 16:19 . 2013-04-29 16:20 -------- d-----w- c:\users\Administrator
2013-04-29 10:54 . 2013-04-29 10:54 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-28 09:01 . 2013-04-28 09:01 -------- d-----w- c:\users\***\AppData\Roaming\PhrozenSoft
2013-04-28 09:01 . 2013-04-28 09:01 -------- d-----w- c:\users\***\AppData\Local\Programs
2013-04-27 13:54 . 2013-04-27 13:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-27 13:54 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 10:33 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-20 14:35 . 2013-04-20 14:59 -------- d-----w- c:\program files (x86)\Resource Hacker
2013-04-20 13:55 . 2013-04-20 13:55 -------- d-----w- c:\users\***\AppData\Roaming\WinArchiver
2013-04-20 13:50 . 2013-04-16 07:51 140184 ----a-w- c:\windows\system32\drivers\waemu.sys
2013-04-20 13:50 . 2013-04-20 13:50 -------- d-----w- c:\program files (x86)\WinArchiver
2013-04-10 20:42 . 2013-02-21 10:30 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-04-10 20:42 . 2013-02-21 10:15 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-04-10 20:42 . 2013-02-21 10:14 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-04-10 20:42 . 2013-02-21 10:14 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-04-10 20:42 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-10 19:05 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 19:00 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 19:00 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 19:00 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 19:00 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 19:00 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 19:00 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 19:00 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-08 17:16 . 2013-04-08 17:16 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-07 14:07 . 2013-04-07 14:07 -------- d-----w- c:\users\***\AppData\Roaming\.terasology
2013-04-06 14:35 . 2013-04-11 16:53 -------- d-----w- c:\users\***\AppData\Roaming\Minecraft Version Changer
2013-04-02 19:38 . 2012-08-23 15:09 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 20:43 . 2011-01-19 14:24 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-24 16:34 . 2012-07-11 17:28 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-03-24 16:34 . 2012-07-11 17:28 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-03-14 16:51 . 2012-07-13 13:13 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-14 16:51 . 2011-10-09 09:38 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-13 17:52 . 2012-04-08 13:49 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 17:52 . 2011-05-18 05:08 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2012-10-10 20:22 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2012-10-10 20:22 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2012-10-10 20:23 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2010-07-09 22:38 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2012-02-09 20:43 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2012-10-10 20:23 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2012-10-10 20:23 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-18 07:22 . 2013-02-18 07:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2013-02-18 07:22 . 2013-02-18 07:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 07:22 . 2013-02-18 07:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-03-13 18:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 18:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 18:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 18:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 18:03 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 18:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-26 10:39 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}]
2011-08-25 07:15 50240 ----a-w- c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\***\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-04-03 4288048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-24 295512]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"WAHELPER.EXE"="c:\program files (x86)\WinArchiver\WAHELPER.EXE" [2013-04-16 480792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam-DE\GameGuard\dump_wmimmc.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;c:\windows\system32\DRIVERS\libusb0.sys [2006-08-27 31744]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 40464]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2012-02-07 51776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-04-19 736104]
R4 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120]
S0 waemu;waemu;c:\windows\system32\Drivers\waemu.sys [2013-04-16 140184]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-04-12 1390680]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-05 283200]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130426.001\IDSvia64.sys [2012-09-01 513184]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-19 2320920]
S2 WinArchiver Service;WinArchiver Service;c:\program files (x86)\WinArchiver\WAService.exe [2013-04-16 202264]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-02-16 138912]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2012-02-01 694376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 04:30 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 17:52]
.
2013-04-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-694020154-2073930874-1152709320-1001Core.job
- c:\users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 16:11]
.
2013-04-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-694020154-2073930874-1152709320-1001UA.job
- c:\users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 16:11]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 06:14]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 06:14]
.
2013-04-28 c:\windows\Tasks\Norton Security Scan for Antonio.job
- c:\progra~2\NORTON~2\Engine\351~1.10\Nss.exe [2012-01-19 00:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Free YouTube to MP3 Converter - c:\users\Antonio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-03-17 09:02; jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack; c:\users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi
FF - ExtSQL: 2013-03-24 17:35; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{6b9c3e37-fcbd-4834-a71a-fa45c106a001} - (no file)
URLSearchHooks-{88ac3cb6-596b-4217-964c-b6757ef9602d} - (no file)
Toolbar-Locked - (no file)
Toolbar-!{338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)
Toolbar-!{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
Wow6432Node-HKCU-Run-Phrozen Mon_KP - c:\users\Antonio\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-!{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
WebBrowser-{6B9C3E37-FCBD-4834-A71A-FA45C106A001} - (no file)
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-694020154-2073930874-1152709320-1001\Software\SecuROM\License information*]
"datasecu"=hex:d3,88,71,78,4d,26,f0,4a,02,13,62,d7,e4,2a,c5,b1,d3,79,d6,ab,ef,
17,b2,bb,0e,23,ed,47,4a,48,86,cf,96,a8,00,af,6f,6b,47,b3,19,5e,3f,cb,1c,09,\
"rkeysecu"=hex:2f,20,05,df,a2,92,8b,f3,ae,d7,c1,81,bf,ba,1a,b8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-30 17:46:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-30 15:46
.
Vor Suchlauf: 24 Verzeichnis(se), 363.897.495.552 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 367.439.040.512 Bytes frei
.
- - End Of File - - FBA43EE23448A065E29ECFC11A4952E7
So danke für Deine Hilfe der Task-Manager und die Regedit lassen sich wieder öffnen, gibt es denn noch etwas was ich noch tun muss, damit sowas nicht nochmal passiert?  EDIT: Ist denn jetzt alles wieder behoben? Weil der Task-Manager und die Regedit gehen ja wieder? Geändert von DerAmpelmeis (30.04.2013 um 17:20 Uhr) |
|
30.04.2013, 17:44
| #12 |
| /// TB-Ausbilder | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. Wir sind noch nicht ganz durch.  Hinweis: Deaktivierte BenutzerkontensteuerungIch sehe, dass die Benutzerkontensteuerung (UAC) bei dir deaktiviert ist. Hast du sie bewusst selbst ausgeschaltet? Aus der Sicherheitsperspektive her gesehen sollte man die Benutzerkontensteuerung eingeschaltet lassen, auch wenn sie manchmal etwas mühsam ist. Ich empfehle dir, sie gemäss dieser Anleitung wieder zu aktivieren. Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
:commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
30.04.2013, 18:13
| #13 |
| | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. Das ist schon mal der erste schritt: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-694020154-2073930874-1152709320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10510 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 16651894 bytes
->Flash cache emptied: 56468 bytes
User: All Users
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 20831573 bytes
->Java cache emptied: 2453878 bytes
->FireFox cache emptied: 14229954 bytes
->Google Chrome cache emptied: 424766567 bytes
->Opera cache emptied: 87447715 bytes
->Flash cache emptied: 56996 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59549321 bytes
->Flash cache emptied: 57345 bytes
User: ***
->Temp folder emptied: 0 bytes
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 331762503 bytes
->Flash cache emptied: 56468 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95538 bytes
RecycleBin emptied: 210726 bytes
Total Files Cleaned = 914,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04302013_185113
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Was genau war denn jetzt falsch gelaufeen bei mir das sowas passiert ist? Schritt 2: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.30.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 *** :: ***-PC [Administrator] 30.04.2013 19:10:55 mbam-log-2013-04-30 (19-10-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 335752 Laufzeit: 4 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phrozen Keylogger Lite (Keylogger.PKL) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 2 C:\Users\***\Desktop\PhrozenKeyloggerLite1-0R2_setup.exe (Keylogger.PKL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phrozen Keylogger Lite\Phrozen Keylogger Lite.lnk (Keylogger.PKL) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7882294819b98e4686002bf492078684
# engine=13729
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-30 09:28:42
# local_time=2013-04-30 11:28:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 16 1 23882549 23882549 0 0
# compatibility_mode=3591 16777213 100 95 2391641 129953907 0 0
# compatibility_mode=5893 16776574 100 94 23887466 118987172 0 0
# scanned=386674
# found=1
# cleaned=0
# scan_time=13537
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\Users\Antonio\Desktop\REST!!\Alte Firefox-Daten\extensions\plugin@yontoo.com\content\overlay.js"
Code:
ATTFilter Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 9 Adobe Reader XI Mozilla Firefox (20.0.1) Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
30.04.2013, 22:47
| #14 |
| /// TB-Ausbilder | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. Hi, ja das sieht wieder gut aus. Ich kann dir auch nicht sagen, was da genau passiert ist. Räumen wir auf. Schritt 1 Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:
Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________ cheers, Leo |
|
01.05.2013, 10:16
| #15 |
| | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. Hier noch der Letzte Log von DelFix: Code:
ATTFilter # DelFix v10.2 - Datei am 01/05/2013 um 11:08:33 erstellt # Aktualisiert am 02/04/2013 von Xplode # Benutzer : *** - ***-PC ~ Aktiviere die Benutzerkontensteuerung ... OK ~ Entferne die Bereinigungsprogramme ... Gelöscht : C:\_OTL Gelöscht : C:\AdwCleaner[S1].txt Gelöscht : C:\ComboFix.txt Gelöscht : C:\Users\***\Desktop\adwcleaner.exe Gelöscht : C:\Users\***\Desktop\Defogger.exe Gelöscht : C:\Users\***\Desktop\defogger_enable.log Gelöscht : C:\Users\***\Desktop\HijackThis.exe Gelöscht : C:\Users\***\Desktop\OTL.exe Gelöscht : C:\Users\***\Desktop\SecurityCheck.exe Gelöscht : HKLM\SOFTWARE\OldTimer Tools Gelöscht : HKLM\SOFTWARE\AdwCleaner Gelöscht : HKLM\SOFTWARE\Swearware Gelöscht : HKLM\SOFTWARE\TrendMicro\Hijackthis ~ Erstelle ein Backup der Registrierungsdatenbank ... OK ~ Lösche die Wiederherstellungspunkte ... Gelöscht : RP #372 [ComboFix created restore point | 05/01/2013 09:06:32] Ein neuer Wiederherstellungspunkt wurde erstellt ! ~ Stelle die Systemeinstellungen wieder her ... OK ########## - EOF - ########## und hoffentlich passiert das nicht nochmal, weil dann weiß ich wo ich hingehn muss Danke euch  EDIT: Wenn ich jetzt noch nach resten suchen will, wo muss ich das suchen? (Dateipfade) EDIT2: Gibt es denn noch Programme mit denen ich unbenutzte Dateien und Ordner löschen kann? Bzw. das mein PC ansich vlt. ein bisschen schneller läuft? EDIT3: Ich hab mal mit Everything mein C:\ laufwerk durch sucht nach OTL usw. habe noch ein ordner gefunden von Gmer (denke mal er ist davon wegen dem "AppHang_gmer_2.1.19169.e... und da ist eine datei die "Report.wer" heißt darf ich die Löschen wenn ja, haben die anderen Programme auch noch solche Ordner bzw. Dateien hinterlassen und wo muss ich die dann suchen? [Siehe EDIT:] Code:
ATTFilter C:\Users\***\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_gmer_2.1.19163.e_b12896ccdb18929833cd696511d80a27d7c236_19fd0072
Geändert von DerAmpelmeis (01.05.2013 um 10:56 Uhr) |
|
| Themen zu Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. |
| acrobat update, adobe, akamai, bho, bingbar, converter, desktop, explorer, firefox, flash player, google, hijack, hijackthis, internet, internet explorer, mozilla, mp3, object, pando media booster, plug-in, pricepeep, registry, scan, search results toolbar, security, software, starten, sweetpacks, symantec, task-manager, temp, windows, winload toolbar |
Textbox. 
Linear-Darstellung
