| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wahrscheinlich "wieder" DeltasearchWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.05.2013, 19:27
| #1 |
| |  Wahrscheinlich "wieder" Deltasearch Hallo liebes Trojaner-Board Forum. Dies ist mein erster Post eines Problemes zu dem ich selber nicht in der Lage bin es aus eigener Hand zu lösen. Ich hoffe ich erreiche hier den einen oder Anderen der es kann  Folgendes : Vor nicht allzu langer Zeit wollte ich mir einen Game-booster downloaden und habe nicht darauf geachtet das ich in Wirklichkeit ein ganz anderes Programm gedownloaded und installiert habe. Nun habe ich das gute entfernbare Delta-search in meinem Firefox. Meine Anti-Spyware kann das Problem nicht lösen. Ich habe dabei auch verschiedene Softwareprodukte ausprobiert. Dann habe ich es versucht zu deinstallieren und bekahm folgende Meldung :  Also defogger konnte nix finden OTL : OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.05.2013 20:37:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tim\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 59,59% Memory free 7,49 Gb Paging File | 6,16 Gb Available in Paging File | 82,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,90 Gb Total Space | 4,42 Gb Free Space | 7,92% Space Free | Partition Type: NTFS Drive E: | 233,76 Gb Total Space | 197,23 Gb Free Space | 84,37% Space Free | Partition Type: NTFS Drive F: | 233,76 Gb Total Space | 233,07 Gb Free Space | 99,71% Space Free | Partition Type: NTFS Drive G: | 994,70 Mb Total Space | 30,47 Mb Free Space | 3,06% Space Free | Partition Type: FAT Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.10 20:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe PRC - [2013.04.17 03:17:26 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\Tim\AppData\Roaming\Yontoo\YontooDesktop.exe PRC - [2013.03.28 16:12:36 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.02.26 14:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.12.11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.22 14:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2006.11.03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2013.05.10 17:27:36 | 000,013,600 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013.02.14 22:50:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.09 18:43:05 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 18:42:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 18:42:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.09 18:42:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 18:42:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010.11.05 03:58:10 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.02.10 22:05:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.12 13:20:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.28 16:12:36 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.03.15 15:40:15 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.26 14:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2011.12.14 12:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.12 05:40:54 | 000,136,544 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 16:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.03.04 16:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.01.30 13:58:40 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.12 06:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.11.12 06:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.08.24 17:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.06.11 14:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2010.02.10 22:24:06 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.02.10 21:11:14 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.01.28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2006.12.05 12:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV - [2013.05.10 20:21:48 | 000,056,496 | ---- | M] (GMER) [Kernel | On_Demand | Unknown] -- C:\Users\Tim\AppData\Local\Temp\uwldipow.sys -- (uwldipow) DRV - [2011.12.12 19:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.03.02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2010.11.01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=9683BC5FF40A6837 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 4D C1 34 C6 A6 CD 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=9683BC5FF40A6837 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/watch?v=K9MrdsuQfNE&list=LL8l0WIN10FrIOKroNuK6GTQ|hxxp://www.facebook.com/home.php" FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 13:20:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:20:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.03.28 16:12:36 | 000,037,909 | ---- | M] () FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 13:20:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:20:46 | 000,000,000 | ---D | M] [2012.10.14 11:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions [2013.05.09 00:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\4kvrmurp.default\extensions [2012.12.04 20:01:50 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\4kvrmurp.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.02.22 15:04:08 | 000,000,000 | ---D | M] (British English Dictionary (Updated)) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\4kvrmurp.default\extensions\en-gb@flyingtophat.co.uk [2013.05.01 17:21:50 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\4kvrmurp.default\extensions\ffxtlbr@delta.com [2013.05.01 17:21:46 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\4kvrmurp.default\extensions\plugin@yontoo.com [2012.12.10 01:19:21 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\4kvrmurp.default\extensions\youtube2mp3@mondayx.de.xpi [2013.05.09 00:53:50 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\4kvrmurp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.01 17:21:58 | 000,006,473 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\4kvrmurp.default\searchplugins\babylon.xml [2013.05.01 17:21:58 | 000,006,473 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\4kvrmurp.default\searchplugins\BrowserProtect.xml [2013.05.01 17:21:52 | 000,001,294 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\4kvrmurp.default\searchplugins\delta.xml [2013.04.12 13:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 13:20:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.11.05 01:05:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.05.01 17:21:44 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.11.05 01:05:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.05 01:05:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.05 01:05:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.05 01:05:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.05 01:05:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Facebook Update] "C:\Users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\Tim\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B600747C-A174-4E7F-A648-83FB8D725DA7}: DhcpNameServer = 192.168.220.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3A30591-98D7-45C1-88CB-0FCE58EA5CE6}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.10 19:04:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.10 20:20:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe [2013.05.10 19:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.05.10 19:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.05.10 19:40:14 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.05.10 19:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.05.10 19:40:00 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Programs [2013.05.10 19:02:04 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.05.10 19:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.05.10 19:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.05.01 17:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3 [2013.05.01 17:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2013.05.01 17:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2013.05.01 17:22:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\Qtrax [2013.05.01 17:22:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTRAX [2013.05.01 17:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.05.01 17:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.05.01 17:21:57 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Mipony Download Manager Packages [2013.05.01 17:21:56 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.05.01 17:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.05.01 17:21:51 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\BabSolution [2013.05.01 17:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.05.01 17:21:47 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam [2013.05.01 17:21:46 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Yontoo [2013.05.01 17:21:44 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DSite [2013.05.01 17:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam [2013.05.01 17:21:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony [2013.05.01 17:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony [2013.05.01 17:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiPony [2013.05.01 17:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.04.28 13:28:54 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Beatels [2013.04.27 17:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.12 13:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.10 20:34:59 | 000,000,000 | ---- | M] () -- C:\Users\Tim\defogger_reenable [2013.05.10 20:23:25 | 000,050,477 | ---- | M] () -- C:\Users\Tim\Desktop\Defogger.exe [2013.05.10 20:21:33 | 000,377,856 | ---- | M] () -- C:\Users\Tim\Desktop\gmer_2.1.19163.exe [2013.05.10 20:21:03 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DSite.job [2013.05.10 20:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe [2013.05.10 19:40:17 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.05.10 19:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.10 19:18:04 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2447946031-2368864411-1565229735-1001UA.job [2013.05.10 19:04:00 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.05.10 19:03:41 | 000,002,254 | ---- | M] () -- C:\Users\Tim\Desktop\SpyHunter.lnk [2013.05.10 17:34:33 | 000,018,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.10 17:34:33 | 000,018,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.10 17:31:37 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.10 17:31:37 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.10 17:31:37 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.10 17:31:37 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.10 17:31:37 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.10 17:27:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.10 00:31:20 | 000,000,000 | ---- | M] () -- C:\end [2013.05.09 01:18:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2447946031-2368864411-1565229735-1001Core.job [2013.05.01 17:23:12 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2013.05.01 17:23:12 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk [2013.04.12 13:07:52 | 000,296,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.10 20:34:59 | 000,000,000 | ---- | C] () -- C:\Users\Tim\defogger_reenable [2013.05.10 20:23:24 | 000,050,477 | ---- | C] () -- C:\Users\Tim\Desktop\Defogger.exe [2013.05.10 20:21:33 | 000,377,856 | ---- | C] () -- C:\Users\Tim\Desktop\gmer_2.1.19163.exe [2013.05.10 19:40:17 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.05.10 19:40:17 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.05.10 19:04:00 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.05.10 19:02:04 | 000,002,254 | ---- | C] () -- C:\Users\Tim\Desktop\SpyHunter.lnk [2013.05.07 23:01:56 | 000,114,176 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\BabMaint.exe [2013.05.01 17:23:12 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2013.05.01 17:23:12 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk [2013.05.01 17:22:36 | 000,002,377 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk [2013.05.01 17:21:45 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\DSite.job [2013.05.01 17:21:43 | 000,000,000 | ---- | C] () -- C:\end [2012.10.10 11:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.13 13:47:38 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.15 15:40:59 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AniTuner [2012.10.14 11:31:51 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AVG2013 [2013.05.01 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\BabSolution [2013.05.01 17:21:44 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\DSite [2012.10.14 16:43:05 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Foxit Software [2012.10.10 14:10:48 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\FreePDF [2013.03.26 14:27:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ImgBurn [2012.12.09 21:37:02 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\LolClient [2013.05.01 17:21:57 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Mipony Download Manager Packages [2012.10.14 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\OpenOffice.org [2012.10.14 11:43:06 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Opera [2013.02.07 00:29:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PingPlotter Freeware [2012.12.15 16:04:08 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Stardock [2013.05.10 01:00:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TS3Client [2012.11.06 01:14:47 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ts3overlay [2012.10.14 11:30:05 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TuneUp Software [2013.05.10 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Yontoo ========== Purity Check ========== < End of report > Extra: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.05.2013 20:37:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tim\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,74 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 59,59% Memory free
7,49 Gb Paging File | 6,16 Gb Available in Paging File | 82,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,90 Gb Total Space | 4,42 Gb Free Space | 7,92% Space Free | Partition Type: NTFS
Drive E: | 233,76 Gb Total Space | 197,23 Gb Free Space | 84,37% Space Free | Partition Type: NTFS
Drive F: | 233,76 Gb Total Space | 233,07 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive G: | 994,70 Mb Total Space | 30,47 Mb Free Space | 3,06% Space Free | Partition Type: FAT
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EE13D4-568C-4FE5-A303-E5B9B5798D88}" = rport=137 | protocol=17 | dir=out | app=system |
"{067AE95C-68E4-4B48-9EE5-6315C5DFF64A}" = lport=56659 | protocol=6 | dir=in | name=pando media booster |
"{09921933-5C76-4C58-890D-F96B94316D35}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0ED1C5CF-A5EF-4159-8DF5-7D7DE20766CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{209E20D0-F15D-4E6F-ABA0-3DFEA9807BF4}" = lport=56659 | protocol=17 | dir=in | name=pando media booster |
"{2168AFE4-6691-4537-8B70-19E7C11C345A}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{2CBCE8A1-A278-4905-BA82-47292B8A4D6B}" = lport=137 | protocol=17 | dir=in | app=system |
"{37900106-5372-46E3-827D-542AE3A68DB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48CD82E9-4BDE-4758-A2F4-EEC30E6A167D}" = rport=138 | protocol=17 | dir=out | app=system |
"{51A98A28-26B7-44B9-B81D-DEB9DCFC1FD7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5207284A-11CF-4B63-91CB-00177823A812}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5A26AAAE-2224-424C-BE6D-E7A2F92371A0}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{5B99E615-D603-492D-B90D-7D359B1F6C61}" = lport=56659 | protocol=6 | dir=in | name=pando media booster |
"{64C7A86C-ECCB-4910-B365-511764FAC3B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{696A0DCB-FD23-4E4A-B4A4-38ACD3251B2F}" = lport=138 | protocol=17 | dir=in | app=system |
"{6BB1F169-4F66-4C81-926F-53ADD6AE186D}" = lport=56659 | protocol=17 | dir=in | name=pando media booster |
"{7ACE586E-3388-4769-A827-C544385BF019}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80306D7B-EBFD-4B97-9907-7423ADE011E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C62EB7C-E433-4E4B-886C-159EE9532B71}" = rport=139 | protocol=6 | dir=out | app=system |
"{92083802-461F-4121-A43B-CCE41D3CD755}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A9350B35-E78F-467B-81AB-213625FAC3F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD132D11-C158-4AB0-8400-6DDFCD900119}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D93A9950-DECB-44C8-8E26-C48A4FD3A9AA}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA7506E7-D108-47D4-BA64-DB8772252B32}" = lport=139 | protocol=6 | dir=in | app=system |
"{DE9B6E57-4B1A-4737-9F86-F6A0F4FBBCDD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4DE47F9-BB55-44B8-BBB1-170ED220C8CE}" = rport=445 | protocol=6 | dir=out | app=system |
"{E5EF3EFD-93E0-48A5-AD19-D896E63065DE}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{F4FFB1EA-9CEC-4336-8506-AD83655D0450}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007A8797-B896-4D8D-988D-5BB09756EB20}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{0339CD89-B746-46E2-A58F-B3B5D35EFEA2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{03D22C5D-EDFB-480B-B5AE-B86020975F0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05164230-3804-4B83-B3C8-64A185A23219}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{06967BD1-3DDF-4E1C-9A48-ACCBE4A729EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09B44613-03CC-4D83-8DBA-34A67B4BBD57}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{0A8C317A-C2FA-4FF6-A0CC-81028B23CD3B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1425021B-CC44-4BAD-9BC7-8F4DB2664837}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{166FCFAE-FC94-4942-A7A0-FC46A5D2BAA7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A7B331F-91E8-4293-A4D1-E47AD327FCB8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{1D0C6FE7-3010-4F42-9D40-D49FA3BFC591}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{247029E2-EB00-40B2-8D51-72D94ABB57F8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{2BD6754D-BABD-4EF6-8325-2066A2620ED9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2E4183A6-8048-4033-BB4A-D12AB48B549B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{31F21205-2443-4F15-A2A7-80F72EB49D67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{36CDAC30-B6C9-4CE3-95D1-1FCD486CC8D3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{44E83EA5-D1F9-4C89-8297-F33EBDEEEC5A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{45455B64-28E2-4911-A69B-96AA16642C97}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4C7872EB-4E3E-423A-B747-0F0F1CE026C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4CD0FA41-22C4-4F22-8A22-CBE3F67660DB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4DD40752-6D59-43D7-BC8B-7B407D97F5A1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{53C6CEF1-3D58-405F-9C8E-76FD7DA83EF1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{59EC0391-A505-4D5C-A5B6-D041D2AE4551}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61BEF429-00CF-42BE-8E26-21919FA665A4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{6CF01D5F-171A-4F43-A3D9-13F9151C090E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6D30AA85-81D0-4A77-95FC-296E423ACADD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6DA3C557-3F64-4937-9EE2-6968E9BC0FFD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{73357209-BEC1-400C-8C53-E25C9485C985}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{73B1D629-D06E-414C-9667-E74A43EE4BB6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83CD9E36-1FDB-4F94-B7F1-DFFC9D23A8A2}" = dir=in | app=c:\users\tim\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{99972A89-D9E3-4A23-9D76-E86A4B2C7EAA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{9DC2BFAA-AAFF-4758-BC40-E15B12CF7295}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{A0A09876-B0D5-488B-96D6-8FC6F4E02DDD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AA9A83D3-DDA8-483B-895A-C16D5234E29F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AA9EA6A7-D5B2-4943-8C7E-F22D3A2F72AB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B5AD6C2D-170B-426A-982C-7B54B2DDC179}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{B72D1998-7ABF-45F8-8C11-C86B0BBE6193}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{BDD7DAA3-E75B-49D1-A3F3-DC466FA0A68D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{C09280B5-5CBA-4B59-B8CA-95197332608F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{C0DB7DE8-6BEF-45D7-AB9C-9E83097C5DC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{C1E3E7E4-8F3A-4674-AE55-E980CF8D13E5}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{C5364F64-14E4-492C-9656-FB9412F776DA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{C712ACE8-53B8-4AB7-A72E-DCFDC708C235}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCC03358-081A-4C36-9A1B-ABF7B9E4DF42}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CF637516-08DB-4077-AFFE-9ECA82768B05}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D134D1C1-B125-42B0-BC24-D32564DC70A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D1EF9D1D-2CAA-4029-A2BC-20A3C5F87726}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{D379608F-2AFA-4CB6-9E28-F1D9BC3FFE1E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{D831551D-DB21-4A53-8977-0F355AFC06BB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D8AF80D2-26A3-47A2-81A3-4B682314D64C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D8D6AF9D-9862-4B68-849B-5A51BCB4C174}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD6B6D2C-592B-474D-92B2-D4A3E17A89E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F22431B0-F836-4DD0-8321-1AF618AD6ADF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB618C8B-238A-4181-A6EE-6C0050A27489}" = protocol=6 | dir=out | app=system |
"TCP Query User{315C700F-846B-478A-A0AC-66AC12BCED0D}F:\croteam\serious sam - the second encounter\bin\serioussam.exe" = protocol=6 | dir=in | app=f:\croteam\serious sam - the second encounter\bin\serioussam.exe |
"TCP Query User{399D8B8E-EEFE-42ED-B9F5-DEE92732F7B4}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{399E7A82-D386-45D0-9D49-02AA5DA1FD6C}E:\serious sam - the second encounter\bin\serioussam.exe" = protocol=6 | dir=in | app=e:\serious sam - the second encounter\bin\serioussam.exe |
"TCP Query User{4030D5DE-7A4B-431F-8EA6-2F84E92D71F3}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{54E65DCA-19DE-4AF5-9827-A228A8283FA2}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{58B31D63-BF3B-4848-A071-1BFF2154B9BD}C:\users\tim\desktop\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\tim\desktop\age of empires ii\age2_x1.exe |
"TCP Query User{B4823361-79F8-44B6-B7FA-F66F2C7913D4}E:\serious sam - the second encounter\bin\serioussam.exe" = protocol=6 | dir=in | app=e:\serious sam - the second encounter\bin\serioussam.exe |
"UDP Query User{299ADE28-1377-4E56-AFB3-B95879F14503}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{358CC118-E916-46D8-BDF3-AF0761AF3CD4}F:\croteam\serious sam - the second encounter\bin\serioussam.exe" = protocol=17 | dir=in | app=f:\croteam\serious sam - the second encounter\bin\serioussam.exe |
"UDP Query User{503A0C07-291A-44AA-98B4-E0B2EFB3E275}C:\users\tim\desktop\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\tim\desktop\age of empires ii\age2_x1.exe |
"UDP Query User{51877EB4-6ECB-42A0-9AA4-31EE472BF4BE}E:\serious sam - the second encounter\bin\serioussam.exe" = protocol=17 | dir=in | app=e:\serious sam - the second encounter\bin\serioussam.exe |
"UDP Query User{9D6909AA-FC21-469B-AE15-05EF62EAE7F8}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{B707568D-F3BD-4F9A-B8BB-CE7A8D3FB567}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{DA637345-D517-4751-BCD0-D2FC5DB03787}E:\serious sam - the second encounter\bin\serioussam.exe" = protocol=17 | dir=in | app=e:\serious sam - the second encounter\bin\serioussam.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C798FBB-2BA6-D113-C055-936965550F33}" = ATI Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{56BFB765-EC27-4BBE-4562-7D524A4E6876}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}" = SpyHunter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.052
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"AVG" = AVG 2013
"CCleaner" = CCleaner
"GPL Ghostscript 9.05" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"VLC media player" = VLC media player 2.0.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{179C9DAD-8A7E-E177-A099-9881BA6DB7E1}" = CCC Help Korean
"{1CA97896-6527-EFF2-15AF-F754A8345DB3}" = CCC Help Polish
"{1DE16DAD-6C8C-CE4B-6D0A-3B9C826EA7DF}" = Catalyst Control Center InstallProxy
"{207FE8B9-976B-8106-B8D8-75FD538B21AE}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2CA12532-C407-66B7-7872-998E86EB078A}" = CCC Help Thai
"{2F51311F-8A4B-4D17-9CB8-AAEACBBA9A92}" = AMD OverDrive
"{30646370-6577-DA44-F956-5179BD4FC81F}" = CCC Help Norwegian
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{36D8DF3D-B1E1-D8CA-C0F7-5FECF2ADB431}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E990010-3CFC-3451-1F07-ABD632895DED}" = Catalyst Control Center Localization All
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{653771EC-5AA7-9E1D-EBF9-BF6E9BDC0649}" = CCC Help Greek
"{69A05CAD-B0AA-4586-8FDD-D4827B2652DC}" = AniTuner
"{704985E4-596B-B30C-1B01-49A4E6386DF7}" = CCC Help Italian
"{7388AE07-F4E0-503F-6ADD-4FB9BED4C47E}" = CCC Help Czech
"{84178AE8-C22D-48CB-A6BA-D116FD3FE469}" = Qtrax Player
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE34925-34D7-4E53-FE56-B38C003FCE59}" = CCC Help Chinese Traditional
"{8C99C3CB-763F-4D87-8ACA-81B6899207B1}" = PingPlotter Freeware
"{913694EF-D62F-B372-7778-7C0DFD287EED}" = Catalyst Control Center Graphics Previews Common
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93F8D79A-EEC2-11F6-DE59-70EA8E50CAE2}" = CCC Help German
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98FBED7A-E9E1-5578-F5FD-391D51799524}" = CCC Help French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A259C1B6-7C3F-6827-657B-D6EDE5BF3CAE}" = CCC Help Finnish
"{A6D87A37-8620-FE7B-54C2-E654F4F92B95}" = Catalyst Control Center Graphics Full New
"{A96174C8-BB27-8E86-2AA8-22486DDF7B4B}" = Catalyst Control Center Core Implementation
"{AE9C87B3-0BF3-6FE1-404C-FA0EA33B4EC3}" = CCC Help Japanese
"{B1A1ACA0-54BF-6279-CD75-D4772DD16197}" = CCC Help Danish
"{B2C78D7A-D4D2-A1EF-DFAA-48A4152A5771}" = ccc-core-static
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BBD363AA-3F9E-4569-8A52-D1DEECCF5121}" = SoundPackager
"{C7A9BAF2-DA72-8503-F27F-44C6C2FF9F49}" = CCC Help Swedish
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D5348885-EB52-4355-C21B-27BD0E4CBA31}" = CCC Help Hungarian
"{D780486E-4F96-B025-4BBB-30D56E3C9418}" = CCC Help Portuguese
"{DE30220D-B7A6-EB8F-13E0-2521880E2F49}" = Catalyst Control Center Graphics Full Existing
"{E32BC396-8E51-BA3F-7001-EE463BB4EA75}" = CCC Help English
"{E481A482-A6A2-D3ED-0980-C741A9AAA96B}" = CCC Help Chinese Standard
"{E4AA1490-A0AE-5693-2C0B-4FF21C3721D8}" = CCC Help Dutch
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EBF0AA20-D891-1908-10CB-010E289C36CD}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9B431CB-5ACF-A7C1-5B96-9DF33AA25290}" = CCC Help Spanish
"{FFE7F452-F093-5859-C96E-E75310248A10}" = CCC Help Turkish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ant Renamer 2_is1" = Ant Renamer
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.57
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Foxit Reader_is1" = Foxit Reader
"FreePDF_XP" = FreePDF (Remove only)
"Game Booster_is1" = Game Booster 3
"GameSpy Arcade" = GameSpy Arcade
"ImgBurn" = ImgBurn
"MiPony" = MiPony 2.0.2
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.02.1578" = Opera 12.02
"SoundPackager" = SoundPackager
"Steam App 230410" = Warframe
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Wajam" = Wajam
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"822393099.portal.qtrax.com" = Qtrax Player
"DSite" = Update for Mipony Download Manager
"Mipony Download Manager Packages" = Mipony Download Manager Packages
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.04.2013 10:59:49 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 14.04.2013 11:29:06 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 17.04.2013 08:09:43 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 19.04.2013 14:32:07 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 25.04.2013 20:19:21 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 28.04.2013 15:59:31 | Computer Name = Tim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0x1784 Startzeit der fehlerhaften Anwendung: 0x01ce444a7b8bcef4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
234a5eb6-b03e-11e2-9675-bc5ff40a6837
Error - 01.05.2013 14:34:35 | Computer Name = Tim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0x1518 Startzeit der fehlerhaften Anwendung: 0x01ce46885db5298a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
c5684b10-b28d-11e2-b735-bc5ff40a6837
Error - 03.05.2013 12:03:55 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 04.05.2013 06:21:03 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 08.05.2013 12:12:36 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 10.05.2013 13:02:27 | Computer Name = Tim-PC | Source = MsiInstaller | ID = 11721
Description =
Error - 10.05.2013 13:44:02 | Computer Name = Tim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0x9d8 Startzeit der fehlerhaften Anwendung: 0x01ce4da42909f926 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
3352ea62-b999-11e2-95e6-bc5ff40a6837
[ System Events ]
Error - 10.05.2013 11:32:56 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 10.05.2013 11:32:56 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 10.05.2013 11:32:56 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 10.05.2013 13:05:31 | Computer Name = Tim-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden.
Error - 10.05.2013 13:05:31 | Computer Name = Tim-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden.
Error - 10.05.2013 13:05:31 | Computer Name = Tim-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden.
Error - 10.05.2013 13:59:18 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Yontoo Desktop Updater" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 10.05.2013 14:33:12 | Computer Name = Tim-PC | Source = PNRPSvc | ID = 102
Description =
Error - 10.05.2013 14:33:12 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 10.05.2013 14:33:12 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
GMER : GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-10 21:02:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-5 Corsair_Force_3_SSD rev.1.3 55,90GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Tim\AppData\Local\Temp\uwldipow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002db2000 45 bytes [00, 00, 19, 02, 41, 76, 67, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002db202f 16 bytes [00, 48, 0C, 00, 00, 14, 0E, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\PixArt\Pac207\Monitor.exe[1796] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\Windows\PixArt\Pac207\Monitor.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Windows\PixArt\Pac207\Monitor.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1156] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2152] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Users\Tim\AppData\Roaming\Yontoo\YontooDesktop.exe[2160] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\Users\Tim\AppData\Roaming\Yontoo\YontooDesktop.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Users\Tim\AppData\Roaming\Yontoo\YontooDesktop.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2444] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2636] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2656] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[2696] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[2932] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3144] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3236] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3340] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5728] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
.text C:\Users\Tim\Desktop\gmer_2.1.19163.exe[584] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000771fcfca 5 bytes JMP 0000000173634720
.text C:\Users\Tim\Desktop\gmer_2.1.19163.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75]
.text C:\Users\Tim\Desktop\gmer_2.1.19163.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
Geändert von Av4lon (10.05.2013 um 20:02 Uhr) Grund: Informationen fehlten |
|
10.05.2013, 21:49
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Wahrscheinlich "wieder" Deltasearch Hallo und
__________________ Zitat:
Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender? Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
10.05.2013, 23:20
| #3 |
| | Wahrscheinlich "wieder" Deltasearch Sorry ich hab nicht so viel Ahnung von Software. Ich weiß nicht wo ich neue loggs herkriegen soll. Habs einfach nach anleitung gemacht. Aber kannst du mir vieleicht mal sagen warum ich nicht genug Rechte habe dieses Programm zu deinstallieren? Oo
__________________ |
|
12.05.2013, 19:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wahrscheinlich "wieder" Deltasearch Wer hat dir diesen Rechner installiert, war die Pro-Edititon vllt schon beim Rechner dabei? Und mit weiteren Logs meine ich die von Virenscannern. Aber nru wenn der mal fündig geworden ist. Hat dein Virenscanner jemals einen Fund gemeldet?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2013, 20:29
| #5 |
| | Wahrscheinlich "wieder" Deltasearch Ja hat er.. entfehrnt und trotzdem hab ich den Mist noch im Browser. Ich habe den PC so geschenkt bekommen. Entweder haben die Leutchen von dem Laden den so gemacht oder mein Vater. |
|
12.05.2013, 21:16
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wahrscheinlich "wieder" DeltasearchZitat:
Ohne diese Infos kann dir nicht geholfen werden!
__________________ --> Wahrscheinlich "wieder" Deltasearch |
|
| Themen zu Wahrscheinlich "wieder" Deltasearch |
| 7-zip, andere, anderen, anderes, application/pdf:, defogger, deinstalliere, deinstallieren, delta, delta chrome toolbar, delta-search, deltasearch, downloaden, eigener, enigma, erreiche, hoffe, install.exe, installier, installiert, langer, meldung, mipony, msiinstaller, pando media booster, plug-in, programm, richtlinie, safer networking, spyware, tarma, troja, verschiedene, versuch, versucht, visual studio, wahrscheinlich, wajam |
Linear-Darstellung
