| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ads by browse to save was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.05.2013, 23:28
| #1 |
| |  ads by browse to save was nun? Hallo liebe Leute, Ich habe seid langem ein nerviges etwas Namens "ads by browse to save". Ich habe es via Facebook bermerkt und nicht für wichtig gehalten... Doch jetzt mache ich mir schon sorgen, und will das von meinem PC kriegen. Habe natürlich das Forum durchsucht, und Themen gefunden, aber in der Anleitung stand das man das Programm nur anwenden soll wenn man dazu aufgefordert wird.Deshalb verfasse ich ein neues Thema und bitte um eure Hilfe. ich danke im Vorraus. lg kaen |
|
13.05.2013, 11:06
| #3 |
| |  ads by browse to save was nun? OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 13.05.2013 11:12:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Privat\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,50% Memory free 8,00 Gb Paging File | 6,55 Gb Available in Paging File | 81,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,07 Gb Total Space | 78,92 Gb Free Space | 13,24% Space Free | Partition Type: NTFS Drive D: | 3,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PRIVAT-PC | User Name: Privat | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.13 11:11:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe PRC - [2013.05.02 12:00:56 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.28 07:22:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 07:22:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.25 09:56:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.02.23 22:24:55 | 000,107,520 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe PRC - [2013.02.11 09:42:26 | 000,572,928 | ---- | M] () -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe PRC - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.11.13 15:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.06.18 17:27:10 | 000,018,432 | ---- | M] () -- C:\Users\Privat\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe PRC - [2009.05.12 03:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\WsxService.exe ========== Modules (No Company Name) ========== MOD - [2012.11.13 15:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 15:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 15:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 15:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 15:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.03 21:22:15 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.04.23 22:36:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.28 07:22:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 07:22:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.25 09:56:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.23 22:24:55 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Privat\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate) SRV - [2013.02.11 09:42:26 | 000,572,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch) SRV - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.31 02:08:07 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.06.18 17:27:10 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Privat\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe -- (ColorZillaStatsUpdater) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.12 03:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files (x86)\Winstep\WsxService.exe -- (Winstep Xtreme Service) SRV - [2009.04.29 03:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 10:22:19 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2013.04.04 10:22:19 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2013.03.28 07:22:17 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.28 07:22:17 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.28 07:22:17 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.24 20:43:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 17:54:29 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2011.01.15 17:54:19 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2011.01.15 17:53:25 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2011.01.15 17:53:25 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2011.01.15 17:53:25 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2011.01.15 17:53:25 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2011.01.15 17:53:24 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2011.01.15 17:53:23 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA) DRV:64bit: - [2009.06.30 05:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV) DRV:64bit: - [2009.06.30 05:01:40 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2) DRV:64bit: - [2009.06.30 04:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 03:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006.06.19 06:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2010.01.29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{7D52BAA1-E516-4514-AE58-47EDF5FB8660}: "URL" = ${SEARCH_URL}{searchTerms} IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.searchonme.com/?l=1&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchab.com/?aff=7&uid=0aa185c0-7df7-11e2-947d-002185c11be1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {7D52BAA1-E516-4514-AE58-47EDF5FB8660} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=5095911a000000000000000000000000 IE - HKCU\..\SearchScopes\{55C80965-BCCA-45FB-BD86-C4FB241CE7A5}: "URL" = hxxp://www.mysearchresults.com/search?&c=4003&t=10&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{7D52BAA1-E516-4514-AE58-47EDF5FB8660}: "URL" = hxxp://searchab.com/?aff=7&uid=0aa185c0-7df7-11e2-947d-002185c11be1&q={searchTerms} IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.searchonme.com/?l=1&q={searchTerms} IE - HKCU\..\SearchScopes\{DD7D9723-DEE0-4399-8992-78E8AEA158DD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=659 IE - HKCU\..\SearchScopes\{EFB96639-CCA0-4814-8CA2-E3661D539BD7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://utilu.com/" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Privat\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Privat\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Privat\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) [2013.05.04 16:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions [2010.07.21 10:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.07.21 10:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} [2010.06.30 08:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2013.02.27 00:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\dltyhoh6.default\extensions [2013.02.23 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\dltyhoh6.default\extensions\staged [2012.07.08 01:49:57 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\dltyhoh6.default\extensions\stats@colorzilla.com [2013.02.27 00:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\gq83s5rl.Mozilla_Firefox_3.0\extensions [2013.02.23 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\gq83s5rl.Mozilla_Firefox_3.0\extensions\staged [2013.02.27 00:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\qkmk5rxg.Mozilla_Firefox_3.6\extensions [2013.02.23 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\qkmk5rxg.Mozilla_Firefox_3.6\extensions\staged [2013.02.27 00:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\x5oa6i22.Mozilla_Firefox_3.5\extensions [2013.02.23 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\x5oa6i22.Mozilla_Firefox_3.5\extensions\staged [2013.02.27 00:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\xsie5w90.Mozilla_Firefox_2.0\extensions [2013.02.23 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\xsie5w90.Mozilla_Firefox_2.0\extensions\staged [2010.07.21 10:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\SeaMonkey\Profiles\vjuyo9wf.default\extensions [2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\dltyhoh6.default\extensions\staged\addon@defaulttab.com.xpi [2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\gq83s5rl.Mozilla_Firefox_3.0\extensions\staged\addon@defaulttab.com.xpi [2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\qkmk5rxg.Mozilla_Firefox_3.6\extensions\staged\addon@defaulttab.com.xpi [2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\x5oa6i22.Mozilla_Firefox_3.5\extensions\staged\addon@defaulttab.com.xpi [2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\xsie5w90.Mozilla_Firefox_2.0\extensions\staged\addon@defaulttab.com.xpi [2013.05.04 16:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.26 15:46:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.02.26 15:46:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.02.26 15:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com [2013.02.14 00:20:40 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml ========== Chrome ========== CHR - default_search_provider: Privitize VPN (Enabled) CHR - default_search_provider: search_url = hxxp://searchab.com/?aff=7&uid=0aa185c0-7df7-11e2-947d-002185c11be1&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://searchab.com/?aff=7&uid=0aa185c0-7df7-11e2-947d-002185c11be1 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Privat\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Privat\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Privat\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromeToolBar.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Privat\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Codec-C = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg\1.0_0\ CHR - Extension: Movie2kDownloader = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\ CHR - Extension: YouTube = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: MagniPic = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafkkmpdpdoioeaodfinejoecgdadkpm\1\ CHR - Extension: Adblock Plus = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: ColorZillaStats = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfambohdeocadlemmdceabhlgccijal\2.7.12_0\ CHR - Extension: Google-Suche = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: KeyDownload = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\eodkncoddaagiibpdlfepebiggiijkbe\1.0_2\ CHR - Extension: DefaultTab = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\ CHR - Extension: Codecv = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdjoiiopoahhgcmddgogbanmjhpbfiaf\1.0_0\ CHR - Extension: Google Mail = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.02.13 01:54:36 | 000,444,830 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15276 more lines... O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (ColorZillaStats) - {59F7FE53-2860-44B1-968A-E54E3E949A07} - C:\Users\Privat\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStats.dll (Alex Sirota) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Privat\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.) O2 - BHO: (KeyDownload Class) - {C1EA4179-A319-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\KeyDownload-Addon\KeyDownload.dll (KeyDownload) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{300E1AF9-F5B3-482B-9323-94B4E4338542}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54182E56-6C71-4EA6-873C-93917D8985DB}: NameServer = 193.189.250.101 193.189.250.100 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.10.25 16:57:10 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{d46b9dc7-46ab-11e1-a832-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d46b9dc7-46ab-11e1-a832-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2012.10.25 16:57:12 | 000,350,032 | R--- | M] (Valve Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.13 11:11:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe [2013.05.07 13:44:21 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Dead End Tragedy - Panic Overdose (2011) [2013.05.04 13:08:46 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\Warframe [2013.05.04 12:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.05.04 12:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.05.04 12:03:38 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.05.02 12:01:24 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.01 18:06:23 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\Arma 3 Alpha Lite - Other Profiles [2013.05.01 18:03:40 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\Arma 3 Alpha Lite [2013.05.01 18:03:40 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\Arma 3 Alpha Lite [2013.05.01 11:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive [2013.04.26 11:34:41 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\Riptide [2013.04.24 14:59:50 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Dead ISSSLAND [2013.04.19 08:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.16 11:41:30 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\Bus Simulator 2012 [2013.04.16 11:41:30 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\Bus Simulator 2012 [2013.04.16 11:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus-Simulator 2012 [2013.04.16 11:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\astragon [2013.04.14 10:58:43 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\My Cheat Tables [2013.04.14 10:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2 [2013.04.14 10:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2 [2013.04.14 10:39:05 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\euro truck simulator 2 sicherung [2013.04.14 02:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick [2013.04.14 02:29:51 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\ssubtmr6.dll [2013.04.14 02:29:51 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\SysWow64\trayicon_handler.ocx [2013.04.14 02:29:51 | 000,028,672 | ---- | C] (-) -- C:\Windows\SysWow64\mousewheel.ocx [2013.04.14 02:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Flick [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.13 11:16:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-67096316-813246170-885154299-1001UA.job [2013.05.13 11:15:01 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job [2013.05.13 11:11:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe [2013.05.13 11:08:52 | 000,000,168 | ---- | M] () -- C:\Users\Privat\defogger_reenable [2013.05.13 11:07:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.13 11:07:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.13 11:07:30 | 000,050,477 | ---- | M] () -- C:\Users\Privat\Desktop\Defogger.exe [2013.05.13 11:04:52 | 002,496,698 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.13 11:04:52 | 000,732,760 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013.05.13 11:04:52 | 000,694,460 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.13 11:04:52 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.13 11:04:52 | 000,151,592 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013.05.13 11:04:52 | 000,147,584 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.13 11:04:52 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.13 10:59:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.13 03:16:26 | 002,740,298 | ---- | M] () -- C:\Users\Privat\Desktop\Smoke M - Kreislauf des Lebens.mp3 [2013.05.13 02:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.13 01:44:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-67096316-813246170-885154299-1001UA.job [2013.05.12 13:44:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-67096316-813246170-885154299-1001Core.job [2013.05.12 09:16:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-67096316-813246170-885154299-1001Core.job [2013.05.06 09:32:48 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.05.06 09:32:48 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.05.06 09:32:27 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.04 12:52:38 | 000,000,222 | ---- | M] () -- C:\Users\Privat\Desktop\Warframe.url [2013.05.02 12:01:09 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 02:54:56 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.30 02:54:56 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.29 20:43:15 | 000,001,408 | ---- | M] () -- C:\Users\Privat\Desktop\DayZ Commander.lnk [2013.04.26 11:29:21 | 000,000,222 | ---- | M] () -- C:\Users\Privat\Desktop\Dead Island Riptide.url [2013.04.16 11:40:41 | 000,001,417 | ---- | M] () -- C:\Users\Privat\Desktop\Bus-Simulator 2012 (High-Version).lnk [2013.04.14 10:51:09 | 000,001,081 | ---- | M] () -- C:\Users\Privat\Desktop\Cheat Engine.lnk [2013.04.14 02:29:54 | 000,001,910 | ---- | M] () -- C:\Users\Privat\Desktop\DVD Flick.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.13 11:08:52 | 000,000,168 | ---- | C] () -- C:\Users\Privat\defogger_reenable [2013.05.13 11:07:28 | 000,050,477 | ---- | C] () -- C:\Users\Privat\Desktop\Defogger.exe [2013.05.13 03:16:26 | 002,740,298 | ---- | C] () -- C:\Users\Privat\Desktop\Smoke M - Kreislauf des Lebens.mp3 [2013.05.04 12:52:38 | 000,000,222 | ---- | C] () -- C:\Users\Privat\Desktop\Warframe.url [2013.04.30 02:54:56 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.30 02:54:56 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.29 20:43:15 | 000,001,408 | ---- | C] () -- C:\Users\Privat\Desktop\DayZ Commander.lnk [2013.04.26 11:29:20 | 000,000,222 | ---- | C] () -- C:\Users\Privat\Desktop\Dead Island Riptide.url [2013.04.16 11:40:41 | 000,001,417 | ---- | C] () -- C:\Users\Privat\Desktop\Bus-Simulator 2012 (High-Version).lnk [2013.04.14 10:51:09 | 000,001,081 | ---- | C] () -- C:\Users\Privat\Desktop\Cheat Engine.lnk [2013.04.14 02:29:54 | 000,001,910 | ---- | C] () -- C:\Users\Privat\Desktop\DVD Flick.lnk [2013.04.11 13:12:54 | 000,647,168 | ---- | C] () -- C:\Windows\SysWow64\sonicismdsp.dll [2013.02.23 22:24:59 | 000,000,932 | RHS- | C] () -- C:\Users\Privat\ntuser.pol [2012.12.19 20:35:27 | 000,001,262 | ---- | C] () -- C:\Windows\wininit.ini [2012.04.20 20:54:29 | 000,510,976 | ---- | C] () -- C:\Windows\SysWow64\synsoacc.dll [2012.03.15 20:29:05 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.02.07 10:53:05 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2012.01.28 09:00:28 | 002,451,972 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.27 04:00:50 | 000,001,472 | ---- | C] () -- C:\Users\Privat\AppData\Local\RecConfig.xml [2012.01.25 00:58:37 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2012.01.24 22:07:24 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.24 22:07:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.01.24 22:07:21 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2011.01.15 17:54:10 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.06 07:32:20 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Amazon [2012.01.24 19:01:08 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\AnvSoft [2012.09.30 03:31:17 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Audacity [2013.05.04 16:56:59 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\DAEMON Tools Lite [2013.03.27 21:57:33 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\DarknessII [2012.11.03 12:59:45 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Day 1 Studios [2013.02.23 22:24:55 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\DefaultTab [2012.01.24 19:14:30 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Dream Aquarium [2012.02.08 22:20:52 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Foxit Software [2013.01.27 12:50:37 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\ICQ [2012.06.20 07:46:25 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\ICQ Search [2012.05.12 18:21:32 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Leadertech [2012.08.22 12:06:46 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Lionhead Studios [2013.02.27 00:01:45 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Nico Mak Computing [2012.10.08 15:55:23 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Notepad++ [2012.01.28 13:34:57 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Opera [2013.03.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Origin [2013.03.06 12:47:19 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Play withSIX [2012.09.14 11:14:07 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\PunkBuster [2012.01.24 23:19:33 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Rovio [2012.08.28 02:39:34 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Screaming Bee [2012.10.08 08:17:41 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\six-zsync [2012.03.18 11:10:14 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\SMSSender [2012.03.05 15:25:05 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Steinberg [2012.02.05 23:32:03 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\streamripper [2012.10.18 09:21:59 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\The Creative Assembly [2010.12.09 22:59:31 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Thunderbird [2013.02.24 02:10:24 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\TS3Client [2013.04.04 10:25:16 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Ubisoft [2013.03.06 07:32:06 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\uTorrent [2012.03.05 15:25:05 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\VST3 Presets ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013.02.24 00:36:59 | 000,000,000 | ---D | M](C:\Users\Privat\Documents\Sniper.Elite.V2.&.DLCs.MULTi2-R.G.????????) -- C:\Users\Privat\Documents\Sniper.Elite.V2.&.DLCs.MULTi2-R.G.Игроманы [2013.02.23 23:35:28 | 000,000,000 | ---D | C](C:\Users\Privat\Documents\Sniper.Elite.V2.&.DLCs.MULTi2-R.G.????????) -- C:\Users\Privat\Documents\Sniper.Elite.V2.&.DLCs.MULTi2-R.G.Игроманы < End of report > |
|
13.05.2013, 11:07
| #4 |
| | ads by browse to save was nun? OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.05.2013 11:12:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Privat\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,50% Memory free
8,00 Gb Paging File | 6,55 Gb Available in Paging File | 81,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 78,92 Gb Free Space | 13,24% Space Free | Partition Type: NTFS
Drive D: | 3,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PRIVAT-PC | User Name: Privat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05781B98-A0ED-446B-B4B0-CBC8CFE53956}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{0762A77F-4D94-42F8-8FBB-BD55E1AF4E0F}" = lport=445 | protocol=6 | dir=in | app=system |
"{07FB1F25-701C-4A23-8F36-49406AB375CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15E5FCDA-7DD8-439E-9B3E-40103BD914EE}" = rport=137 | protocol=17 | dir=out | app=system |
"{360BF304-F84E-4388-9E6F-BB39F2B73506}" = rport=445 | protocol=6 | dir=out | app=system |
"{39ABE051-373A-42F1-87A6-C6BA62433B0C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A76D769-89AE-4734-8DAE-08689212B2FF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3C2A3FAC-F3A3-4BEE-AABA-F5AE1E30E284}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3FBE16B1-B563-44AC-B913-7D645186A792}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4686BC82-C574-4CBE-BF2E-F03BE494725D}" = lport=139 | protocol=6 | dir=in | app=system |
"{5254EEE0-52D7-47C1-A257-423C10CF4757}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59442457-871B-482B-9F6D-3BE17FFE0AD5}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{5E2CA543-C3E4-4499-86DD-9C68E420DB03}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{669E1349-A467-4202-AA8F-DFF2D48DCC4B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6E6CFD7F-9B5B-4092-BB74-77824A11FD87}" = rport=138 | protocol=17 | dir=out | app=system |
"{8864CA68-3188-41EE-94B0-211927DEF416}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{98D0A63C-2559-404A-B61B-79DAC4955AEC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ADFE0E44-2484-415F-B490-539D55E121CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AE1CB119-8046-4C34-80C1-BF41F46D0C9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5B52B3C-013F-423D-BAC9-D83B34A52E14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC1E417F-822E-43C0-9116-3F1769B950AF}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{BEB7DF93-8D50-4559-83D2-ED6EC7192EE8}" = lport=137 | protocol=17 | dir=in | app=system |
"{C5426474-90D7-47E2-BBBE-B4F8DC13FFED}" = rport=139 | protocol=6 | dir=out | app=system |
"{DCA181F4-62D6-49C4-ADDA-FF4120C0C052}" = lport=138 | protocol=17 | dir=in | app=system |
"{EC399F17-1383-4439-854D-8220D9E4438E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F285F1E4-B9E0-4A9A-9B0D-75568257D9EB}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E8DCD5-7F73-490F-9342-B2B0192CEAC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0281BCF2-860D-4CB3-BDBF-BC7CCF8AE031}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{02AF5877-8E1C-4096-A348-6AEBCD1A4841}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\moshzirkus\synergy\hl2.exe |
"{02B8547A-B7A3-48CB-A60D-9AAA7CCF0947}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{02BC9851-20AA-4659-902E-7D71C0EF2821}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{06769722-4E23-4A40-9560-48744527424D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe |
"{085088F9-A395-4DF0-B793-77BB9515B323}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{09341779-2773-4854-A139-55F0F43110F0}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{0994E21A-197A-4DC5-A4B5-B4BFD86D1E19}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{0C58D9F1-5276-40EC-9A3B-5FB4A18474E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage64.exe |
"{0CEBD14B-C43F-435F-83AA-45F9BF0E2405}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{0CF7F688-3679-4991-87E3-C05ED965A707}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkness ii\darknessii.exe |
"{0FDC7C81-52EB-455A-BE8D-EE04A99C693F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{11C6AE3B-0C57-4DA1-B3D2-0D03573E1E43}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{11FB494D-96F5-4087-99F8-90E0B59C5BE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{13BD8D13-ABF5-4184-BC29-684BCF2C4532}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{1402A2EF-AF13-4403-A9EB-BA53CE3E580B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{15174DE7-EB0D-4930-AF8C-E2232D18AD81}" = protocol=17 | dir=in | app=c:\users\privat\desktop\dead isssland\dead island\deadislandgame.exe |
"{153008B6-F17B-40B4-9F18-F8BBB937A625}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{1705A554-8865-493C-8699-2524AEE8A39B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{1744E3A2-6BB7-4E37-8772-0A4FDD14C21C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{1AEF2C8C-4897-4DBC-8BF7-97A240C42951}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{1B56ADC8-29CF-4B3B-83E0-DC99C30D32E9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{1B738579-BD20-424F-BF2A-D6F5E02D387C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{1C45FD0B-63D8-4372-91F9-C69D7E31B001}" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"{1C515C3C-B2F3-47C9-9258-8601A68207F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{1C6AFAF0-54D8-4D2F-B4A3-ACEDBE73890C}" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"{1CD7778E-7143-425D-889C-B0B4CB75095B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{1D8DBEF9-6D24-430B-8F8F-6EDA36FB30FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{1DE6C07E-48F0-4176-9192-CC72844DD99E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin\origin.exe |
"{1E282D9C-4E98-47D2-A3BE-67F8AF40491D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkness ii\darknessii.exe |
"{1E553027-17E6-48D4-8E20-A4D497ECC45E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{1E6CBBF0-D3F4-4308-A718-8F4BE21D93A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{1EBB22FD-7942-4BF2-A717-F086F34C37E0}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{224F605E-8A43-4C65-B765-0E634FB4DE4E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{227855B2-9355-46D9-9CE4-E6066E7A9269}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{22F448BB-11A3-4D71-BCD0-276615844171}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{232FBFD3-B389-4180-BF15-451A518339AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25964DDE-E7B9-4D93-9D09-CACB45B3E01F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{272F16A5-0DEB-4D36-84B2-6F86D3C67E60}" = protocol=6 | dir=in | app=c:\users\privat\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"{27431CE5-D05C-47A2-BD77-65F2925EA32F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{2ADA7987-418C-4569-99EC-CA9B2D7FE465}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{2B4FA79F-11EF-49FC-8F5C-B990617DEB90}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{2BE045CE-BDCC-422D-B386-8BF62675801D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{2E0761B1-87EF-4700-A0A8-756B3AC5DA5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{2E75D68C-06C0-4666-99E3-C442EE57498F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\moshzirkus\synergy\hl2.exe |
"{2F591D8B-4BBA-45E4-A4C5-133A5B622D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{32CB225F-6095-4005-BF5C-2E5EC1954789}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{331613DD-D8D5-4C03-B9B1-DF53E492B1CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{3582B389-CA22-4961-9F09-89BF8B4E43E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{365F7798-617E-4E90-B044-05BA987605CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe |
"{3661AA74-EAF7-473B-BC0A-60179759BA9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{3803166B-0DFB-4ABB-A036-886747981934}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{3910DA25-622E-4654-A4DE-F3768365A1E1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3BE814B1-E733-479E-931B-28E3F4F2E617}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{3D88E684-DFAA-4795-A797-1C6588F093DB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{3E88056D-50B4-4724-B1AC-BB10B39D59DA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{3F32FC4A-3450-4C83-BC98-4CEB3E5B1A46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{3FFEEA4E-7ED7-49CD-9889-E6F4BEA45C5C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{404454C6-C0D8-48AC-B67D-AAA43A41B710}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4106D843-9B24-4051-9852-E85F13BA4971}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{41137896-DD51-4C7C-A8CD-D8125C045AC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{416DEBB8-AE31-47CC-B578-1F2C928FFED0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{437C24A7-5573-4791-95C5-A7B59FFB99ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{439E3A68-784F-4325-AD10-EB792963365F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{45300E9C-0BF8-46D4-94B2-DC60452A8156}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{461B9802-3F34-4973-8172-BABA6EA2F259}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{46DE38C2-F3E8-4A8D-A9C2-36500BF09095}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{4794A25F-7BE4-473C-954D-3836DFCD486F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{48293B8E-7AC1-4293-B2CC-A67C93B4F6A7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{49AFA9F6-0F01-47A2-887B-A9D06DB33FB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{49FF7CAE-5D16-41A9-A23F-8BF26FA14745}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{4A76EE41-A62E-4E0A-9797-7F35D56C9455}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{4BCCF1A6-FBAE-4723-9559-EF1133FB3A63}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{4BE17E94-80E9-4B9F-A254-8F07FB0C22B6}" = protocol=6 | dir=in | app=c:\users\privat\desktop\dead isssland\dead island\deadislandgame.exe |
"{4C42F876-BE84-4AC8-B19E-77B9437C3ECD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{4DFDD16B-EBEA-4D08-B12E-E97C5F4E2428}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{4EE2EE42-3788-4571-A235-FD1407EC3506}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4F8F868F-072F-45BA-B8BD-62F40B2D1357}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{503E4F1E-2F44-4BCF-A91D-E581395F9C3D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\moshzirkus\synergy\hl2.exe |
"{55165453-96F3-4BB2-B741-7A7AE05BDF00}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{5548E6BA-59B8-42A4-87E5-5C745B2D5E60}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{55B33A0C-ED09-47C3-A234-8AF2C98CF95B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{567AE1B0-5CA2-48F4-BD11-067B50BBD3E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58D68C2B-10D3-47F6-84F6-8DE2B121F790}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5B9FF637-3A43-4331-9594-9C8D3E59E19C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{5BA090ED-077B-4319-B9C7-1B7C52D2AE43}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{5C0AE084-351E-4E92-957B-A355E238ABB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{5C1D20F2-78F2-441B-87CB-DDC332B49E3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5C63AF3C-1885-4C9A-92B1-C5CBDAD59659}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{5E574318-A4FE-480E-AA5C-210625B88C72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{5EBADC68-A3D0-40B5-AF44-A45898D1EE6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{608A43A3-4DCC-4D6F-9177-274CB67967F3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{610CE56C-C8BB-4324-8381-8F6C591B2264}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{6140F5F6-4BA1-40C6-9B82-6BFD6E5FF2A4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{61BBBA36-1A56-4161-87AB-514743F2C6CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{6238A898-B8C9-4D55-9DBD-3E88D1AF3189}" = protocol=17 | dir=in | app=c:\users\privat\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"{62E02E41-1E79-44DB-A372-0B58C448FD1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{655BF943-5BD1-4F16-B6DF-6255807260E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{65B8C8B4-10FE-4610-8160-DE8BC8C72616}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{65DF2819-5FD2-4C0E-B301-F145597DE4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{6670AD42-E1AA-434E-AF54-F1491453C8C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{66B7DCB7-3DC9-4424-8FF2-B78416943DEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{6770E5A5-6AAA-4217-A826-1D058882A9BC}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{67DA8E9D-1B92-4746-B93D-20C63E806FA5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{67DE8D8D-6B64-4E98-AA00-273EE2F54D54}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{681FBB43-94F2-4589-98A7-04CD96AC424E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe |
"{68F10098-C8CD-4A2C-A8CE-16FB89B68BF9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{68FA9B66-4C83-4D1D-8B3A-C28518502EB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{690B0DEC-7252-422D-89DF-8155A7152894}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{69FBCC89-916E-4475-884A-944AD324E137}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{6AAFA6B7-EF09-45A1-A9C3-0545FFE240E0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6D602232-9518-4FD4-8EE1-8EE1A6D6CE0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{6E83C495-2970-4B46-A796-EE06DF8BF514}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\benchmark.exe |
"{6EF9DCFB-D987-4065-A400-2E94F4CE9CCC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7047CB56-0387-49F4-BB22-BE7C6C054E27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{706010EA-3614-4EEC-A488-27B757747926}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{7064D90D-1297-4E88-B703-5AC95B88431B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{7096A3CD-343A-4D2A-B98F-9A7479399DE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage64.exe |
"{7184CC63-22A0-4A62-86B7-794A825F7D2E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\benchmark.exe |
"{71E37684-8698-4E41-9F82-83E1757AD50B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{73C784FF-C286-4804-8BCE-19C2CF0110C6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{73D08999-98AC-4D8E-BEAE-26A532F2B77B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{75E9CD40-9E4A-4BA1-924F-77C684BE35A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{760D4556-9623-4854-9D63-2BC1A73A9D4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe |
"{78CD48CE-9D41-4D4A-AC4F-3F8B10005F91}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{799CFF11-E8DC-4955-B7FC-2FB0BDAAE698}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{7B20D2FA-11B7-4E7B-AEDA-EEF3BCDC0FF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BD49DAB-AAAD-4B8D-80D2-FABD712EFE5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{7F0B8F24-8753-46CD-9BFC-1F00C38C5F4A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7FEC5C20-1DB3-4CCB-B918-191502DDF539}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\moshzirkus\synergy\hl2.exe |
"{80611281-9271-4313-A053-92BB6149E911}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{81CD6381-A163-454F-8470-F2A63EFA7CF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{86E30F85-2362-478D-A09A-D824942D3D88}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{876ED209-534D-4170-874D-0E396187D6A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{88D186A4-E600-4CC6-8F02-C1594D642B15}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\diriptide\deadislandgame_x86_rwdi.exe |
"{89B8A8D0-AA93-4359-A4E0-664E794C4A4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{8AF70338-08E2-4785-9B68-BE7E476D18C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{8F984CBF-AACC-4AA0-AF1D-136869E6B29A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{8F9A1B5B-7330-452E-9998-12D2D2F1F3AA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{90D2D895-5E40-43BF-93BF-7398E8B8B639}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{917E5998-9E84-43F8-8DB6-45A39012BE4D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{922F5070-0AE5-486F-A9CC-C2EF5B50FC3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{923E3303-5511-41F9-B587-3BB25E1B15B2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{92D43DE5-0B4A-4AB7-9353-E1BE980DDF8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{92D76274-D18C-407F-BB52-308AF5CB52F9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{9330C9A2-1159-48E0-8A97-FC6D5D08A1EE}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{945DD8B4-A555-4880-A22D-9A83C39DD5B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{94C2DF2A-2654-424E-9D28-DA393E04F245}" = protocol=17 | dir=in | app=c:\program files (x86)\origin\origin.exe |
"{951757E0-349E-43ED-904C-C82455556CDA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{953545FC-0500-4C8B-928C-1101D93FB3B0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{97FA31BA-A53D-41D6-B311-9FCEB3F81D8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe |
"{98194B60-3189-4F3C-BDA5-D8D1322C1D21}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{98A8A8FB-0FAB-4A79-9A2A-78D7DECAC169}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{9B0FFB68-0250-4176-B941-B3CC2C4F928E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{9C0DAC71-28D6-44CF-AFE7-A03AFEC67071}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{9C1C1F37-4768-44E2-8A29-5C68E15498AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9FBFFD3F-7375-424B-9053-4D04ADBF78C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{A04A85C0-09AB-4D1D-8455-F4E7C3B7B374}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{A1C96A3D-133A-4FE6-B0C9-668F93BD573A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{A2F7F798-DA66-4949-944D-51448E5B6EB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{A30A9629-5C75-49CE-BF3E-61E92EE42854}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{A3E7719E-905C-4DB1-A780-D8002B3785D5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A50BA73F-4AC9-4E31-8ACE-484CA5158A61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A54D425D-2A42-4358-A5D2-9A2BCE50E088}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{A6197A7F-8048-41A4-BA64-068F14985BBA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A67E52FB-FD95-4368-A391-91427F779516}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{A7ECEC22-92FB-46AA-88C1-120545F70ECE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{AAA77150-E389-4BB5-845B-2F2A3C11B425}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB662F3D-4C0C-4CA6-8F2C-A88D70B196EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\diriptide\deadislandgame_x86_rwdi.exe |
"{AC0E2454-20F0-4156-9E88-85A163D09405}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{AD88886A-A24E-4772-9B14-5E718DAE82C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{AE815586-8DA3-4653-81ED-C97EC1948F7E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{AFFE915B-4E6E-484C-AEA6-22B132BE3793}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B2036821-909E-480C-894E-FB2B21E13790}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B253A27A-7CAD-4B48-AECE-8F8E13507CE7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{B3504A0F-0BD7-4F57-A1FD-DFB38DE3A13B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{B4EFDDF6-17EC-4C48-AB01-B5E4A576E5FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{B4F07D97-89AD-4C14-AF44-6CD3F73CD3C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{B9C74FE4-4438-44F3-995C-2EAB195E2EFC}" = protocol=6 | dir=out | app=system |
"{BD4BF9D9-A9E4-411C-9A61-76EFF2A34802}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{BEC193C7-1592-4FC6-A435-4FB7AC24F619}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{BEC3FE7E-C755-4AFB-AFAE-39C59F1BDC0E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{BEE84858-AC8D-49CD-9990-AE3A109EA53B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{BF625C0E-9E53-4931-9F51-5D3ABD3229FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{C0C043C1-BAC2-4808-B694-1088569C9BF9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{C0DEC82E-24D1-43A6-8E00-DF33B83BB714}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{C21FA82C-08C7-4D57-AAD0-2B8B1ED18384}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{C374C150-A697-411A-9964-8CC3FC1ABC27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{C46D3975-56B8-43D5-A503-A637271850BA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{C50F63D4-F60F-4AB2-8C37-62F937074273}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{C60409C4-619F-49A9-B587-8CFE69813DF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe |
"{C66ABE0B-A8AD-44B6-B06D-36E103FD2851}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{C9F84BBF-1023-49D2-A1AA-724D342411EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{CCE5CB88-13CB-40A7-AE87-30D885645FD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{D23C044F-7ACA-4323-8309-A38AF0278604}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{D2B3CEF8-1F48-4233-9323-97B8E35ACAF7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{D370BCBD-5AD5-4A72-AB3F-2BF4DA2F0FA3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{D3A22CFC-5616-4F61-9847-B1C6A1CDEDD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{D49461F8-0770-4431-AF06-BFAE6DEDC659}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{D7EB3E33-72A6-4400-A288-578BE2B39414}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{D901B7BF-5A62-4B3A-A410-95C1162C68C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{D9A8A94A-6837-4BFC-B2D1-6EFF243FD2BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe |
"{D9BA194D-7E1F-4A64-B79E-44B9AA4658AE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{DB33E8DD-8AE1-48D0-AA46-0D177A59EAEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{DB4A641A-09C1-480B-8C6F-DCE615BF993A}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DB4AC09E-6A79-4917-A1F9-685100BEE231}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe |
"{DCD9EAEF-CF4E-4295-8456-5309FBFC8381}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{DD1A9966-1FC9-4D0F-A87B-694A016537E3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{E2FD413B-1440-4BDD-AAC1-EE47BC1226C7}" = protocol=58 | dir=in | app=system |
"{E45521FD-F50C-4B11-98F3-169977CA7524}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{E72FC099-9858-4C15-BDBD-1F950BCED6FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{E7778F8F-F3DE-41FC-BFBE-15AB0FABE134}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E856C4C6-3746-4044-AB91-74E1489B3176}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{E8DF84E9-1D08-4F06-8AE1-C3261AE10B5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E9496129-B2C6-4053-8009-2ED9E229232E}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{EC793807-6A36-4DB6-BED3-2147EE6C35FE}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{ED6666F2-FE02-4CB4-AA2C-93E641B3D319}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{ED8834F9-284D-4CD1-9344-D05927819D13}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EE8C91E7-56AF-46E0-A4EE-B68206060148}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{EE94EF07-3B20-49B1-975B-D2626706CC80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EF435135-3600-49A9-B04A-535088031BA5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F056C45C-45ED-43CC-A031-5A76F9C15CF7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{F36051C2-9D71-48B3-8AA0-70D19DDD2B4F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{F392CD88-BE2A-4AE2-9C08-11D52EDA679D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{F5E16431-5C3E-4240-9C71-6D8F53FF7BFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F85A20A4-DA04-4CDD-906D-593F59692CFD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{F875B284-BD4F-4E0B-AD41-CD2D9B801FA3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{F8A80BDF-A32F-4E0D-A121-9AF8F7A5CA0A}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{F934C91F-0C0B-4484-BE39-803242384F80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{F963B87B-B398-4BBB-87D8-8E5512278BD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{F9C730AD-375C-4944-A88D-FC38B84E0784}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{F9FCFCE6-F203-4990-BB78-3666AF3A4BC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FBB28951-0F7D-41DA-A227-950530BB2D61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FCA753C9-6745-4618-A46A-52F309FB09BE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD3D319F-7606-4BDE-A27E-CC4D03CBAD08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{FDEF403D-C2B4-45AC-81B8-427707A76B26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{FFD6AE39-941C-40F9-ACA5-504CF9DC610E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"TCP Query User{065D78EF-BA17-4C6B-AAA5-D239CF0B0E7D}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe |
"TCP Query User{233D622B-E03F-4A37-BC6F-4870144D60F9}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"TCP Query User{4795DD2F-1F31-40EC-B30C-659078DFDD7E}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{6BF218A4-D2DB-48D3-B0D8-5158910DE6BA}C:\users\privat\desktop\dead isssland\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\users\privat\desktop\dead isssland\dead island\deadislandgame.exe |
"TCP Query User{72DAD974-723B-4D8D-A980-1A8370A22E51}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{A3499410-0F75-47B5-BE61-4EDD15E4F66C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{A5C27386-E34A-411E-8FE7-0B69AE427631}C:\users\privat\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\privat\documents\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{DFBF7B16-51D3-474E-BDDB-05FDBF3859D2}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe |
"TCP Query User{DFE46E54-810A-4EC9-BA2E-956F0DC097A8}C:\users\privat\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=6 | dir=in | app=c:\users\privat\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"TCP Query User{EA6CD96D-84DC-43FC-8BA2-2484D60214D1}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{02448649-4F14-4597-A4A6-F8239B800BC2}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{4970FAEE-8794-4080-8877-1F6C6A5481D1}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{6123844A-F20D-4980-BEB1-423F5D035C56}C:\users\privat\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\privat\documents\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{6A8F15EF-8FB3-437C-8668-E1E7F2A6A800}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{8C35E331-F97C-4973-BB12-17E8F6979445}C:\users\privat\desktop\dead isssland\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\users\privat\desktop\dead isssland\dead island\deadislandgame.exe |
"UDP Query User{AA537B31-3DD3-4BAB-9084-BF16E95B79A7}C:\users\privat\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=17 | dir=in | app=c:\users\privat\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"UDP Query User{B5A67C41-0BC8-4AE9-ABE9-1B9BCDAB1631}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{C6379902-244F-4E96-94F5-3BC9A38CFE16}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe |
"UDP Query User{EF07C867-2CE1-4B13-8EE8-35C52EB0A6D8}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{F29BCF34-0510-4F17-AC92-BE423336E265}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = PCI SoftV92 Modem
"HyperCam 2" = HyperCam 2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1346072B-7D7F-49FA-A435-675C311130CA}" = aerosoft's - ICE1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35E93AC6-D7E0-4F32-BEF3-FFBA011B0861}" = xDark™ Foxit Reader
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft SMS Sender
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{42DCB650-F003-4535-A5CD-32AD815CD2DD}" = Play withSIX
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C37DA51B-6B40-418C-BF7B-0E8DF8E80608}" = Anno 1404
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = xDark™ Chrome 8.0.555.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DED994FF-D39B-4937-9DB9-87EC4E91B316}" = USB RACING WHEEL
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E26BD696-7CB8-46F1-A2FE-86814CEF40AA}" = DayZ Commander
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = HDVidCodec
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS4" = Adobe Photoshop CS4
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Any Audio Converter_is1" = Any Audio Converter 3.0.7
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.0.7
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"Bus-Simulator 2012_is1" = Bus-Simulator 2012
"Call of Duty - Modern Warfare 2_is1" = Call of Duty - Modern Warfare 2 v1.0 Rus
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Collab" = Collab
"DAEMON Tools Lite" = DAEMON Tools Lite
"DefaultTab" = DefaultTab
"Diablo III" = Diablo III
"Dream Aquarium" = Dream Aquarium 1.234
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FL Studio 8" = FL Studio 8
"FLUX Spring Pack Bundle_is1" = FLUX Spring Pack Bundle v1.0.4.14
"Fraps" = Fraps (remove only)
"Guild Wars 2" = Guild Wars 2
"IL Download Manager" = IL Download Manager
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"KeyDownload" = KeyDownload
"LogMeIn Hamachi" = LogMeIn Hamachi
"Lord of the Rings - War in the North_is1" = Lord of the Rings - War in the North
"LUXONIX Ravity S VSTi v1.4.3" = LUXONIX Ravity S VSTi v1.4.3
"N.I Pro-53 v3.0-OxYGeN" = N.I Pro-53 v3.0-OxYGeN
"Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
"No23 Recorder" = No23 Recorder
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.61.1250" = Opera 11.61
"Origin" = Origin
"PoiZone" = PoiZone
"Polipo" = Polipo 1.0.4.1
"Predator_is1" = Rob Papen Predator V1.01b release
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Steam App 105400" = Fable III
"Steam App 107410" = Arma 3 Alpha
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 110800" = L.A. Noire
"Steam App 12210" = Grand Theft Auto IV
"Steam App 17450" = Dragon Age: Origins
"Steam App 205100" = Dishonored
"Steam App 21100" = F.E.A.R. 3
"Steam App 216250" = Dead Island Riptide
"Steam App 219540" = ARMA 2: Operation Arrowhead Beta
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 22380" = Fallout: New Vegas
"Steam App 227300" = Euro Truck Simulator 2
"Steam App 230410" = Warframe
"Steam App 24010" = Train Simulator 2013
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 34030" = Napoleon: Total War
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 4760" = Rome: Total War
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 67370" = The Darkness II
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 9200" = RAGE
"Steam App 9480" = Saints Row 2
"Steinberg Hypersonic v1.0" = Steinberg Hypersonic v1.0
"Streamripper" = Streamripper (Remove only)
"Tor" = Tor 0.2.3.1-alpha
"Toxic Biohazard" = Toxic Biohazard
"UltraISO_is1" = UltraISO Premium V9.36
"Vidalia" = Vidalia 0.3.0
"Vintage Vocoder 1.03 Build 1" = Vintage Vocoder 1.03 Build 1
"VLC media player" = VLC media player 1.1.11
"Voxengo Analogflux Suite VST v1.0" = Voxengo Analogflux Suite VST v1.0
"Voxengo Crunchessor VST 1.4" = Voxengo Crunchessor VST 1.4
"Voxengo CurveEQ VST" = Voxengo CurveEQ VST 2.0d
"Voxengo Deconvolver" = Voxengo Deconvolver 1.8
"Voxengo Elephant VST v2.2" = Voxengo Elephant VST v2.2
"Voxengo GlissEQ VST 2.4" = Voxengo GlissEQ VST 2.4
"Voxengo Impulse Modeler v1.7" = Voxengo Impulse Modeler v1.7
"Voxengo Lampthruster VST v2.1" = Voxengo Lampthruster VST v2.1
"Voxengo MarvelEQ VST v1.0" = Voxengo MarvelEQ VST v1.0
"Voxengo PHA-979 VST v1.2" = Voxengo PHA-979 VST v1.2
"Voxengo Polysquasher v1.4" = Voxengo Polysquasher v1.4
"Voxengo Prestine Space VST v1.3" = Voxengo Prestine Space VST v1.3
"Voxengo Pristine Space VST v1.0" = Voxengo Pristine Space VST v1.0
"Voxengo Redunoise VST" = Voxengo Redunoise VST 1.3
"Voxengo Soniformer VST v2.3" = Voxengo Soniformer VST v2.3
"Voxengo Transmodder VST v1.0" = Voxengo Transmodder VST v1.0
"Voxengo Voxformer VST" = Voxengo Voxformer VST 1.4
"Voxengo Warmifier VST v1.4" = Voxengo Warmifier VST v1.4
"Voxengo_RenderXM_1.8" = RenderXM 1.8
"Voxengo_Sonic_Finalizer_1.2a" = Sonic Finalizer VST 1.2a
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Winstep Xtreme_is1" = Nexus 10.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.05.2013 04:11:32 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
Zeitstempel: 0x511246e7 Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
0.0.0.0, Zeitstempel: 0x511246e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002c60
ID
des fehlerhaften Prozesses: 0x678 Startzeit der fehlerhaften Anwendung: 0x01ce49681e972760
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Berichtskennung:
65313800-b55b-11e2-a5a3-002185c11be1
Error - 05.05.2013 06:40:52 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
Zeitstempel: 0x511246e7 Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
0.0.0.0, Zeitstempel: 0x511246e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002c60
ID
des fehlerhaften Prozesses: 0x688 Startzeit der fehlerhaften Anwendung: 0x01ce497cfa9c7120
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Berichtskennung:
41bcc8c0-b570-11e2-a09d-002185c11be1
Error - 06.05.2013 03:06:02 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
Zeitstempel: 0x511246e7 Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
0.0.0.0, Zeitstempel: 0x511246e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002c60
ID
des fehlerhaften Prozesses: 0x67c Startzeit der fehlerhaften Anwendung: 0x01ce4a2821158200
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Berichtskennung:
691d7a80-b61b-11e2-ab30-002185c11be1
Error - 07.05.2013 05:58:28 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
Zeitstempel: 0x511246e7 Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
0.0.0.0, Zeitstempel: 0x511246e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002c60
ID
des fehlerhaften Prozesses: 0x694 Startzeit der fehlerhaften Anwendung: 0x01ce4b0963223c60
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Berichtskennung:
a9eb05f0-b6fc-11e2-a302-002185c11be1
Error - 08.05.2013 01:40:23 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
Zeitstempel: 0x511246e7 Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
0.0.0.0, Zeitstempel: 0x511246e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002c60
ID
des fehlerhaften Prozesses: 0x674 Startzeit der fehlerhaften Anwendung: 0x01ce4bae7fb1a3c0
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Berichtskennung:
c6c495b0-b7a1-11e2-acd1-002185c11be1
Error - 09.05.2013 03:35:16 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
Zeitstempel: 0x511246e7 Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
0.0.0.0, Zeitstempel: 0x511246e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002c60
ID
des fehlerhaften Prozesses: 0x690 Startzeit der fehlerhaften Anwendung: 0x01ce4c87b6c24520
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Berichtskennung:
fd9094c0-b87a-11e2-af37-002185c11be1
Error - 09.05.2013 17:25:57 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
Zeitstempel: 0x511246e7 Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
0.0.0.0, Zeitstempel: 0x511246e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002c60
ID
des fehlerhaften Prozesses: 0x674 Startzeit der fehlerhaften Anwendung: 0x01ce4cfbc24a5260
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Berichtskennung:
092d0c90-b8ef-11e2-9f01-002185c11be1
Error - 10.05.2013 03:23:00 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
Zeitstempel: 0x511246e7 Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
0.0.0.0, Zeitstempel: 0x511246e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002c60
ID
des fehlerhaften Prozesses: 0x698 Startzeit der fehlerhaften Anwendung: 0x01ce4d4f2a502e40
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Berichtskennung:
71242330-b942-11e2-985d-002185c11be1
Error - 11.05.2013 03:19:05 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
Zeitstempel: 0x511246e7 Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
0.0.0.0, Zeitstempel: 0x511246e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002c60
ID
des fehlerhaften Prozesses: 0x65c Startzeit der fehlerhaften Anwendung: 0x01ce4e17c8fbf1a0
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Berichtskennung:
0fbad7f0-ba0b-11e2-a020-002185c11be1
Error - 12.05.2013 17:36:00 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 11.0.1.0,
Zeitstempel: 0x499bf9b5 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0x40000015 Fehleroffset: 0x000046b4 ID des fehlerhaften
Prozesses: 0x618 Startzeit der fehlerhaften Anwendung: 0x01ce4f5864ad7240 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe Photoshop CS4\App\PhotoshopCS4\Photoshop.exe
Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
efa49450-bb4b-11e2-a494-002185c11be1
[ Spybot - Search and Destroy Events ]
Error - 19.12.2012 14:36:05 | Computer Name = Privat-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 19.12.2012 14:36:46 | Computer Name = Privat-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 20.12.2012 01:50:21 | Computer Name = Privat-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 09.05.2013 17:26:07 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DefaultTabSearch" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 10.05.2013 03:23:00 | Computer Name = Privat-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{95C22FBE-CD9F-4282-923E-F5FE1BC812FD}" kann nicht
zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Cannot
complete this function.
Error - 10.05.2013 03:23:03 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DefaultTabSearch" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 10.05.2013 07:23:06 | Computer Name = Privat-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 10.05.2013 22:23:35 | Computer Name = Privat-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{95C22FBE-CD9F-4282-923E-F5FE1BC812FD}" kann nicht
zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Cannot
complete this function.
Error - 11.05.2013 03:19:09 | Computer Name = Privat-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{95C22FBE-CD9F-4282-923E-F5FE1BC812FD}" kann nicht
zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Cannot
complete this function.
Error - 11.05.2013 03:19:08 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DefaultTabSearch" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 11.05.2013 17:38:33 | Computer Name = Privat-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{95C22FBE-CD9F-4282-923E-F5FE1BC812FD}" kann nicht
zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Cannot
complete this function.
Error - 12.05.2013 02:32:20 | Computer Name = Privat-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{95C22FBE-CD9F-4282-923E-F5FE1BC812FD}" kann nicht
zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Cannot
complete this function.
Error - 13.05.2013 05:00:13 | Computer Name = Privat-PC | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{95C22FBE-CD9F-4282-923E-F5FE1BC812FD}" kann nicht
zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Cannot
complete this function.
< End of report >
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-13 11:55:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400AAKS-07A7B0 rev.01.03B01 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Privat\AppData\Local\Temp\ugdiapob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031b1000 61 bytes [8A, C1, 48, 83, E2, FC, 24, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 622 fffff800031b103e 1 byte [2E]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[1316] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 000000006fd81a22 2 bytes [D8, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1316] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 000000006fd81ad0 2 bytes [D8, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1316] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 000000006fd81b08 2 bytes [D8, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1316] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 000000006fd81bba 2 bytes [D8, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1316] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 000000006fd81bda 2 bytes [D8, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1892] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1892] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3536] entry point in ".rdata" section 00000000733971e6
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007715f991 3 bytes [BA, 28, BE]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 9 000000007715f995 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007715fbd5 3 bytes [BA, 68, BE]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 9 000000007715fbd9 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007715fc05 3 bytes [BA, A8, BD]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 9 000000007715fc09 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007715fc1d 3 bytes [BA, 28, BD]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 9 000000007715fc21 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007715fc35 3 bytes [BA, 28, BF]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 9 000000007715fc39 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007715fc65 3 bytes [BA, 68, BF]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 9 000000007715fc69 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007715fce5 3 bytes [BA, E8, BE]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 9 000000007715fce9 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007715fcfd 3 bytes [BA, A8, BE]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 9 000000007715fd01 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007715fd49 3 bytes [BA, 68, BC]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 9 000000007715fd4d 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007715fe41 3 bytes [BA, A8, BC]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 9 000000007715fe45 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077160099 3 bytes [BA, 28, BC]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 9 000000007716009d 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771610a5 3 bytes [BA, E8, BD]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 9 00000000771610a9 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007716111d 3 bytes [BA, 68, BD]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 9 0000000077161121 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077161321 3 bytes [BA, E8, BC]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 9 0000000077161325 3 bytes [00, FF, E2]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007715f991 7 bytes {MOV EDX, 0x8aaa28; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007715fbd5 7 bytes {MOV EDX, 0x8aaa68; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007715fc05 7 bytes {MOV EDX, 0x8aa9a8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007715fc1d 7 bytes {MOV EDX, 0x8aa928; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007715fc35 7 bytes {MOV EDX, 0x8aab28; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007715fc65 7 bytes {MOV EDX, 0x8aab68; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007715fce5 7 bytes {MOV EDX, 0x8aaae8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007715fcfd 7 bytes {MOV EDX, 0x8aaaa8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007715fd49 7 bytes {MOV EDX, 0x8aa868; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007715fe41 7 bytes {MOV EDX, 0x8aa8a8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077160099 7 bytes {MOV EDX, 0x8aa828; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771610a5 7 bytes {MOV EDX, 0x8aa9e8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007716111d 7 bytes {MOV EDX, 0x8aa968; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077161321 7 bytes {MOV EDX, 0x8aa8e8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007715f991 7 bytes {MOV EDX, 0x41b228; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007715fbd5 7 bytes {MOV EDX, 0x41b268; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007715fc05 7 bytes {MOV EDX, 0x41b1a8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007715fc1d 7 bytes {MOV EDX, 0x41b128; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007715fc35 7 bytes {MOV EDX, 0x41b328; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007715fc65 7 bytes {MOV EDX, 0x41b368; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007715fce5 7 bytes {MOV EDX, 0x41b2e8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007715fcfd 7 bytes {MOV EDX, 0x41b2a8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007715fd49 7 bytes {MOV EDX, 0x41b068; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007715fe41 7 bytes {MOV EDX, 0x41b0a8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077160099 7 bytes {MOV EDX, 0x41b028; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771610a5 7 bytes {MOV EDX, 0x41b1e8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007716111d 7 bytes {MOV EDX, 0x41b168; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077161321 7 bytes {MOV EDX, 0x41b0e8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007715f991 7 bytes {MOV EDX, 0x1e3228; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007715fbd5 7 bytes {MOV EDX, 0x1e3268; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007715fc05 7 bytes {MOV EDX, 0x1e31a8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007715fc1d 7 bytes {MOV EDX, 0x1e3128; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007715fc35 7 bytes {MOV EDX, 0x1e3328; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007715fc65 7 bytes {MOV EDX, 0x1e3368; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007715fce5 7 bytes {MOV EDX, 0x1e32e8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007715fcfd 7 bytes {MOV EDX, 0x1e32a8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007715fd49 7 bytes {MOV EDX, 0x1e3068; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007715fe41 7 bytes {MOV EDX, 0x1e30a8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077160099 7 bytes {MOV EDX, 0x1e3028; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771610a5 7 bytes {MOV EDX, 0x1e31e8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007716111d 7 bytes {MOV EDX, 0x1e3168; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077161321 7 bytes {MOV EDX, 0x1e30e8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007715f991 7 bytes {MOV EDX, 0xde0228; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007715fbd5 7 bytes {MOV EDX, 0xde0268; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007715fc05 7 bytes {MOV EDX, 0xde01a8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007715fc1d 7 bytes {MOV EDX, 0xde0128; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007715fc35 7 bytes {MOV EDX, 0xde0328; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007715fc65 7 bytes {MOV EDX, 0xde0368; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007715fce5 7 bytes {MOV EDX, 0xde02e8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007715fcfd 7 bytes {MOV EDX, 0xde02a8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007715fd49 7 bytes {MOV EDX, 0xde0068; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007715fe41 7 bytes {MOV EDX, 0xde00a8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077160099 7 bytes {MOV EDX, 0xde0028; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771610a5 7 bytes {MOV EDX, 0xde01e8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007716111d 7 bytes {MOV EDX, 0xde0168; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077161321 7 bytes {MOV EDX, 0xde00e8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007715f991 7 bytes {MOV EDX, 0xb6ca28; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007715fbd5 7 bytes {MOV EDX, 0xb6ca68; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007715fc05 7 bytes {MOV EDX, 0xb6c9a8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007715fc1d 7 bytes {MOV EDX, 0xb6c928; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007715fc35 7 bytes {MOV EDX, 0xb6cb28; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007715fc65 7 bytes {MOV EDX, 0xb6cb68; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007715fce5 7 bytes {MOV EDX, 0xb6cae8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007715fcfd 7 bytes {MOV EDX, 0xb6caa8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007715fd49 7 bytes {MOV EDX, 0xb6c868; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007715fe41 7 bytes {MOV EDX, 0xb6c8a8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077160099 7 bytes {MOV EDX, 0xb6c828; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771610a5 7 bytes {MOV EDX, 0xb6c9e8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007716111d 7 bytes {MOV EDX, 0xb6c968; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077161321 7 bytes {MOV EDX, 0xb6c8e8; JMP RDX}
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75]
.text C:\Users\Privat\AppData\Local\Google\Chrome\Application\chrome.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
|
|
13.05.2013, 12:22
| #5 |
| /// TB-Ausbilder   | ads by browse to save was nun? Ok, dann so weiter: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
13.05.2013, 13:57
| #6 |
| | ads by browse to save was nun? Ja also hier nochmal 2 Logfiles AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.300 - Logfile created 05/13/2013 at 14:36:58
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Privat - PRIVAT-PC
# Boot Mode : Normal
# Running from : C:\Users\Privat\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
Stopped & Deleted : DefaultTabSearch
Stopped & Deleted : DefaultTabUpdate
***** [Files / Folders] *****
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\hdvidcodec.com
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\Program Files (x86)\KeyDownload-Addon
Folder Deleted : C:\Program Files (x86)\Movie2KDownloader.com
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\ProgramData\clsoft ltd
Folder Deleted : C:\ProgramData\Codecv
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\MagniPic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyDownload
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\check0r\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Folder Deleted : C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafkkmpdpdoioeaodfinejoecgdadkpm
Folder Deleted : C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\Privat\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Privat\AppData\Local\TempDir
Folder Deleted : C:\Users\Privat\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Privat\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Privat\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
***** [Registry] *****
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\KeyDownload
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\5e6d7dcbd3ded10
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\KeyDownload.DLL
Key Deleted : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\KeyDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7DDBC31B-22BD-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KeyDownload
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7DDBC31B-22BD-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16537
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchab.com/?aff=7&uid=0aa185c0-7df7-11e2-947d-002185c11be1 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Google Chrome v26.0.1410.64
File : C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.38] : keyword = "searchab.com",
Deleted [l.42] : search_url = "hxxp://searchab.com/?aff=7&uid=0aa185c0-7df7-11e2-947d-002185c11be1&q={searchTe[...]
Deleted [l.2455] : homepage = "hxxp://searchab.com/?aff=7&uid=0aa185c0-7df7-11e2-947d-002185c11be1",
-\\ Chromium v check_default_browser: false
File : C:\Users\Privat\AppData\Local\Chromium\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v11.61.1250.0
File : C:\Users\Privat\AppData\Roaming\Opera\Opera\operaprefs.ini
Deleted : Home URL=hxxp://start.icq.com/
Deleted : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera
*************************
AdwCleaner[S1].txt - [13657 octets] - [13/05/2013 14:36:58]
########## EOF - C:\AdwCleaner[S1].txt - [13718 octets] ##########
OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.05.2013 14:42:02 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Privat\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,71% Memory free 8,00 Gb Paging File | 6,39 Gb Available in Paging File | 79,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,07 Gb Total Space | 78,97 Gb Free Space | 13,25% Space Free | Partition Type: NTFS Drive D: | 3,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PRIVAT-PC | User Name: Privat | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.13 11:11:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe PRC - [2013.05.02 12:00:56 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.28 07:22:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 07:22:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.25 09:56:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.11.13 15:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.06.18 17:27:10 | 000,018,432 | ---- | M] () -- C:\Users\Privat\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe PRC - [2009.05.12 03:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\WsxService.exe ========== Modules (No Company Name) ========== MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Privat\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll MOD - [2013.04.09 10:57:06 | 013,130,704 | ---- | M] () -- C:\Users\Privat\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Privat\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Privat\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Privat\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Privat\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2012.11.13 15:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 15:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 15:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 15:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 15:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.03 21:22:15 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.04.23 22:36:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.28 07:22:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 07:22:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.25 09:56:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.31 02:08:07 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.06.18 17:27:10 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Privat\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe -- (ColorZillaStatsUpdater) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.12 03:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files (x86)\Winstep\WsxService.exe -- (Winstep Xtreme Service) SRV - [2009.04.29 03:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 10:22:19 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2013.04.04 10:22:19 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2013.03.28 07:22:17 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.28 07:22:17 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.28 07:22:17 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.24 20:43:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 17:54:29 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2011.01.15 17:54:19 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2011.01.15 17:53:25 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2011.01.15 17:53:25 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2011.01.15 17:53:25 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2011.01.15 17:53:25 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2011.01.15 17:53:24 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2011.01.15 17:53:23 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA) DRV:64bit: - [2009.06.30 05:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV) DRV:64bit: - [2009.06.30 05:01:40 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2) DRV:64bit: - [2009.06.30 04:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 03:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006.06.19 06:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2010.01.29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{7D52BAA1-E516-4514-AE58-47EDF5FB8660}: "URL" = ${SEARCH_URL}{searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\..\SearchScopes\{55C80965-BCCA-45FB-BD86-C4FB241CE7A5}: "URL" = hxxp://www.mysearchresults.com/search?&c=4003&t=10&q={searchTerms} IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\..\SearchScopes\{7D52BAA1-E516-4514-AE58-47EDF5FB8660}: "URL" = hxxp://searchab.com/?aff=7&uid=0aa185c0-7df7-11e2-947d-002185c11be1&q={searchTerms} IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\..\SearchScopes\{DD7D9723-DEE0-4399-8992-78E8AEA158DD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=659 IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\..\SearchScopes\{EFB96639-CCA0-4814-8CA2-E3661D539BD7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-67096316-813246170-885154299-1009\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-67096316-813246170-885154299-1009\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://utilu.com/" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Privat\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Privat\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Privat\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) [2013.05.04 16:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions [2010.07.21 10:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.07.21 10:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} [2010.06.30 08:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2013.02.27 00:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\dltyhoh6.default\extensions [2013.02.23 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\dltyhoh6.default\extensions\staged [2012.07.08 01:49:57 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\dltyhoh6.default\extensions\stats@colorzilla.com [2013.02.27 00:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\gq83s5rl.Mozilla_Firefox_3.0\extensions [2013.02.23 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\gq83s5rl.Mozilla_Firefox_3.0\extensions\staged [2013.02.27 00:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\qkmk5rxg.Mozilla_Firefox_3.6\extensions [2013.02.23 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\qkmk5rxg.Mozilla_Firefox_3.6\extensions\staged [2013.02.27 00:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\x5oa6i22.Mozilla_Firefox_3.5\extensions [2013.02.23 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\x5oa6i22.Mozilla_Firefox_3.5\extensions\staged [2013.02.27 00:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\xsie5w90.Mozilla_Firefox_2.0\extensions [2013.02.23 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\xsie5w90.Mozilla_Firefox_2.0\extensions\staged [2010.07.21 10:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\SeaMonkey\Profiles\vjuyo9wf.default\extensions [2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\dltyhoh6.default\extensions\staged\addon@defaulttab.com.xpi [2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\gq83s5rl.Mozilla_Firefox_3.0\extensions\staged\addon@defaulttab.com.xpi [2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\qkmk5rxg.Mozilla_Firefox_3.6\extensions\staged\addon@defaulttab.com.xpi [2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\x5oa6i22.Mozilla_Firefox_3.5\extensions\staged\addon@defaulttab.com.xpi [2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\xsie5w90.Mozilla_Firefox_2.0\extensions\staged\addon@defaulttab.com.xpi [2013.05.13 14:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.26 15:46:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.02.26 15:46:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} ========== Chrome ========== CHR - default_search_provider: Privitize VPN (Enabled) CHR - default_search_provider: search_url = hxxp://searchab.com/?aff=7&uid=0aa185c0-7df7-11e2-947d-002185c11be1&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Privat\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Privat\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Privat\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Privat\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\Privat\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll CHR - Extension: Codec-C = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg\1.0_0\ CHR - Extension: ColorZillaStats = C:\Users\Privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfambohdeocadlemmdceabhlgccijal\2.7.12_0\ O1 HOSTS File: ([2013.02.13 01:54:36 | 000,444,830 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15276 more lines... O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (ColorZillaStats) - {59F7FE53-2860-44B1-968A-E54E3E949A07} - C:\Users\Privat\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStats.dll (Alex Sirota) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-67096316-813246170-885154299-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-67096316-813246170-885154299-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-67096316-813246170-885154299-1009..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-67096316-813246170-885154299-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O7 - HKU\S-1-5-21-67096316-813246170-885154299-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O7 - HKU\S-1-5-21-67096316-813246170-885154299-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-67096316-813246170-885154299-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-67096316-813246170-885154299-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-67096316-813246170-885154299-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-67096316-813246170-885154299-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-67096316-813246170-885154299-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{300E1AF9-F5B3-482B-9323-94B4E4338542}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54182E56-6C71-4EA6-873C-93917D8985DB}: NameServer = 193.189.250.101 193.189.250.100 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.10.25 16:57:10 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{d46b9dc7-46ab-11e1-a832-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d46b9dc7-46ab-11e1-a832-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2012.10.25 16:57:12 | 000,350,032 | R--- | M] (Valve Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.13 11:11:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe [2013.05.07 13:44:21 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Dead End Tragedy - Panic Overdose (2011) [2013.05.04 13:08:46 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\Warframe [2013.05.04 12:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.05.04 12:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.05.04 12:03:38 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.05.02 12:01:24 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.01 18:06:23 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\Arma 3 Alpha Lite - Other Profiles [2013.05.01 18:03:40 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\Arma 3 Alpha Lite [2013.05.01 18:03:40 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\Arma 3 Alpha Lite [2013.05.01 11:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive [2013.04.26 11:34:41 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\Riptide [2013.04.24 14:59:50 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Dead ISSSLAND [2013.04.19 08:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.16 11:41:30 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\Bus Simulator 2012 [2013.04.16 11:41:30 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\Bus Simulator 2012 [2013.04.16 11:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus-Simulator 2012 [2013.04.16 11:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\astragon [2013.04.14 10:58:43 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\My Cheat Tables [2013.04.14 10:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2 [2013.04.14 10:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2 [2013.04.14 10:39:05 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\euro truck simulator 2 sicherung [2013.04.14 02:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick [2013.04.14 02:29:51 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\ssubtmr6.dll [2013.04.14 02:29:51 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\SysWow64\trayicon_handler.ocx [2013.04.14 02:29:51 | 000,028,672 | ---- | C] (-) -- C:\Windows\SysWow64\mousewheel.ocx [2013.04.14 02:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Flick [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.13 14:47:04 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.13 14:47:04 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.13 14:45:54 | 002,496,698 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.13 14:45:54 | 000,732,760 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013.05.13 14:45:54 | 000,694,460 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.13 14:45:54 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.13 14:45:54 | 000,151,592 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013.05.13 14:45:54 | 000,147,584 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.13 14:45:54 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.13 14:39:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.13 14:34:51 | 000,628,743 | ---- | M] () -- C:\Users\Privat\Desktop\adwcleaner.exe [2013.05.13 14:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.13 14:16:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-67096316-813246170-885154299-1001UA.job [2013.05.13 13:44:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-67096316-813246170-885154299-1001UA.job [2013.05.13 13:44:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-67096316-813246170-885154299-1001Core.job [2013.05.13 11:35:59 | 000,377,856 | ---- | M] () -- C:\Users\Privat\Desktop\gmer_2.1.19163.exe [2013.05.13 11:11:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe [2013.05.13 11:08:52 | 000,000,168 | ---- | M] () -- C:\Users\Privat\defogger_reenable [2013.05.13 11:07:30 | 000,050,477 | ---- | M] () -- C:\Users\Privat\Desktop\Defogger.exe [2013.05.13 03:16:26 | 002,740,298 | ---- | M] () -- C:\Users\Privat\Desktop\Smoke M - Kreislauf des Lebens.mp3 [2013.05.12 09:16:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-67096316-813246170-885154299-1001Core.job [2013.05.06 09:32:48 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.05.06 09:32:48 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.05.06 09:32:27 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.04 12:52:38 | 000,000,222 | ---- | M] () -- C:\Users\Privat\Desktop\Warframe.url [2013.05.02 12:01:09 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 02:54:56 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.30 02:54:56 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.29 20:43:15 | 000,001,408 | ---- | M] () -- C:\Users\Privat\Desktop\DayZ Commander.lnk [2013.04.26 11:29:21 | 000,000,222 | ---- | M] () -- C:\Users\Privat\Desktop\Dead Island Riptide.url [2013.04.16 11:40:41 | 000,001,417 | ---- | M] () -- C:\Users\Privat\Desktop\Bus-Simulator 2012 (High-Version).lnk [2013.04.14 10:51:09 | 000,001,081 | ---- | M] () -- C:\Users\Privat\Desktop\Cheat Engine.lnk [2013.04.14 02:29:54 | 000,001,910 | ---- | M] () -- C:\Users\Privat\Desktop\DVD Flick.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.13 14:34:50 | 000,628,743 | ---- | C] () -- C:\Users\Privat\Desktop\adwcleaner.exe [2013.05.13 11:35:58 | 000,377,856 | ---- | C] () -- C:\Users\Privat\Desktop\gmer_2.1.19163.exe [2013.05.13 11:08:52 | 000,000,168 | ---- | C] () -- C:\Users\Privat\defogger_reenable [2013.05.13 11:07:28 | 000,050,477 | ---- | C] () -- C:\Users\Privat\Desktop\Defogger.exe [2013.05.13 03:16:26 | 002,740,298 | ---- | C] () -- C:\Users\Privat\Desktop\Smoke M - Kreislauf des Lebens.mp3 [2013.05.04 12:52:38 | 000,000,222 | ---- | C] () -- C:\Users\Privat\Desktop\Warframe.url [2013.04.30 02:54:56 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.30 02:54:56 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.29 20:43:15 | 000,001,408 | ---- | C] () -- C:\Users\Privat\Desktop\DayZ Commander.lnk [2013.04.26 11:29:20 | 000,000,222 | ---- | C] () -- C:\Users\Privat\Desktop\Dead Island Riptide.url [2013.04.16 11:40:41 | 000,001,417 | ---- | C] () -- C:\Users\Privat\Desktop\Bus-Simulator 2012 (High-Version).lnk [2013.04.14 10:51:09 | 000,001,081 | ---- | C] () -- C:\Users\Privat\Desktop\Cheat Engine.lnk [2013.04.14 02:29:54 | 000,001,910 | ---- | C] () -- C:\Users\Privat\Desktop\DVD Flick.lnk [2013.04.11 13:12:54 | 000,647,168 | ---- | C] () -- C:\Windows\SysWow64\sonicismdsp.dll [2013.02.23 22:24:59 | 000,000,932 | RHS- | C] () -- C:\Users\Privat\ntuser.pol [2012.12.19 20:35:27 | 000,001,262 | ---- | C] () -- C:\Windows\wininit.ini [2012.04.20 20:54:29 | 000,510,976 | ---- | C] () -- C:\Windows\SysWow64\synsoacc.dll [2012.03.15 20:29:05 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.02.07 10:53:05 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2012.01.28 09:00:28 | 002,451,972 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.27 04:00:50 | 000,001,472 | ---- | C] () -- C:\Users\Privat\AppData\Local\RecConfig.xml [2012.01.25 00:58:37 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2012.01.24 22:07:24 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.24 22:07:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.01.24 22:07:21 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2011.01.15 17:54:10 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.04.02 10:26:35 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Opera [2013.03.06 07:32:20 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Amazon [2012.01.24 19:01:08 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\AnvSoft [2012.09.30 03:31:17 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Audacity [2013.05.04 16:56:59 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\DAEMON Tools Lite [2013.03.27 21:57:33 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\DarknessII [2012.11.03 12:59:45 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Day 1 Studios [2012.01.24 19:14:30 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Dream Aquarium [2012.02.08 22:20:52 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Foxit Software [2013.01.27 12:50:37 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\ICQ [2012.06.20 07:46:25 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\ICQ Search [2012.05.12 18:21:32 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Leadertech [2012.08.22 12:06:46 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Lionhead Studios [2013.02.27 00:01:45 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Nico Mak Computing [2012.10.08 15:55:23 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Notepad++ [2012.01.28 13:34:57 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Opera [2013.03.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Origin [2013.03.06 12:47:19 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Play withSIX [2012.09.14 11:14:07 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\PunkBuster [2012.01.24 23:19:33 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Rovio [2012.08.28 02:39:34 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Screaming Bee [2012.10.08 08:17:41 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\six-zsync [2012.03.18 11:10:14 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\SMSSender [2012.03.05 15:25:05 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Steinberg [2012.02.05 23:32:03 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\streamripper [2012.10.18 09:21:59 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\The Creative Assembly [2010.12.09 22:59:31 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Thunderbird [2013.02.24 02:10:24 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\TS3Client [2013.04.04 10:25:16 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Ubisoft [2013.03.06 07:32:06 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\uTorrent [2012.03.05 15:25:05 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\VST3 Presets ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013.02.24 00:36:59 | 000,000,000 | ---D | M](C:\Users\Privat\Documents\Sniper.Elite.V2.&.DLCs.MULTi2-R.G.????????) -- C:\Users\Privat\Documents\Sniper.Elite.V2.&.DLCs.MULTi2-R.G.Игроманы [2013.02.23 23:35:28 | 000,000,000 | ---D | C](C:\Users\Privat\Documents\Sniper.Elite.V2.&.DLCs.MULTi2-R.G.????????) -- C:\Users\Privat\Documents\Sniper.Elite.V2.&.DLCs.MULTi2-R.G.Игроманы < End of report > |
|
13.05.2013, 14:09
| #7 |
| /// TB-Ausbilder | ads by browse to save was nun? Hi, ist das Problem nach folgenden Schritten verschwunden? Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
[2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\dltyhoh6.default\extensions\staged\addon@defaulttab.com.xpi
[2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\gq83s5rl.Mozilla_Firefox_3.0\extensions\staged\addon@defaulttab.com.xpi
[2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\qkmk5rxg.Mozilla_Firefox_3.6\extensions\staged\addon@defaulttab.com.xpi
[2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\x5oa6i22.Mozilla_Firefox_3.5\extensions\staged\addon@defaulttab.com.xpi
[2013.02.23 22:24:55 | 000,029,602 | ---- | M] () (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\firefox\profiles\xsie5w90.Mozilla_Firefox_2.0\extensions\staged\addon@defaulttab.com.xpi
IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\..\SearchScopes\{55C80965-BCCA-45FB-BD86-C4FB241CE7A5}: "URL" = hxxp://www.mysearchresults.com/search?&c=4003&t=10&q={searchTerms}
IE - HKU\S-1-5-21-67096316-813246170-885154299-1001\..\SearchScopes\{7D52BAA1-E516-4514-AE58-47EDF5FB8660}: "URL" = hxxp://searchab.com/?aff=7&uid=0aa185c0-7df7-11e2-947d-002185c11be1&q={searchTerms}
:commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Schritt 5 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
14.05.2013, 07:14
| #8 |
| | ads by browse to save was nun? Ich werde die Logs allesamt inrar einpacken scan dauert jetzt erstmal Geändert von kaen666 (14.05.2013 um 07:55 Uhr) |
|
14.05.2013, 11:03
| #9 | |
| /// TB-Ausbilder | ads by browse to save was nun?Zitat:
__________________ cheers, Leo |
|
15.05.2013, 08:04
| #10 |
| | ads by browse to save was nun? habe die Logs drangehangen, und das Problem scheint verschwunden zu sein - vielen dank! |
|
15.05.2013, 11:51
| #11 |
| /// TB-Ausbilder | ads by browse to save was nun? Hallo, von solchem Crack-Dreck würd ich die Finger lassen.. Wir räumen auf. Schritt 1 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Schritt 2 Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:
Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
31.05.2013, 02:08
| #12 |
| /// TB-Ausbilder | ads by browse to save was nun? Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu ads by browse to save was nun? |
| ads, ads by browse to save, anleitung, anwenden, browse to save, durchsucht, facebook, forum, gefunde, kriege, leitung, leute, liebe, namens, natürlich, nerviges, neues, programm, sorge, sorgen, stand, thema, theme, themen, wichtig |
Textbox. 
Linear-Darstellung
