| |
| |||||||
Log-Analyse und Auswertung: Wie entferne ich facebook.vbs?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.05.2013, 01:48
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Wie entferne ich facebook.vbs? Sry das ist Quatsch. Wenn du es auf dem Desktop abspeichert oder es dorthin verschiebst, dann ist es keine Verknüpfung. Das ist ein Bedienfehler von dir. Hier war nirgendwo geschrieben, du sollst es an den Desktop senden, sondern auf den Desktop speichern bzw. die combofix.exe nach dem Download dorthin verschieben
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.05.2013, 12:31
| #17 |
 | Wie entferne ich facebook.vbs? Okay hier sind sie:
__________________Code:
ATTFilter ComboFix 13-05-16.02 - Nils 19.05.2013 13:04:33.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.2211 [GMT 2:00]
ausgeführt von:: c:\users\Nils\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Nils\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\found.000
c:\found.000\file0000.chk
c:\users\Nils\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Nils\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-19 bis 2013-05-19 ))))))))))))))))))))))))))))))
.
.
2013-05-19 11:21 . 2013-05-19 11:21 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-05-19 11:21 . 2013-05-19 11:21 -------- d-----w- c:\users\TEMP.Nils-PC\AppData\Local\temp
2013-05-19 11:21 . 2013-05-19 11:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-17 14:49 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6224FF0D-E8CC-48D3-BB19-771541598F46}\mpengine.dll
2013-05-16 08:59 . 2013-05-16 08:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-16 08:59 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 11:20 . 2010-01-16 17:30 81984 ----a-w- c:\windows\system32\bdod.bin
2013-05-15 21:48 . 2006-11-02 12:35 75016696 ----a-w- c:\windows\system32\mrt.exe
2013-05-14 20:08 . 2012-03-29 12:42 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 20:08 . 2011-07-14 09:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2012-12-16 14:09 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-03-27 19:51 . 2012-10-01 13:20 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-27 19:51 . 2011-03-17 08:26 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-19 19:16 . 2013-03-19 19:16 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-03-19 19:16 . 2013-03-19 19:16 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-03-19 19:16 . 2013-03-19 19:16 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-03-19 19:16 . 2013-03-19 19:16 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-03-11 13:33 . 2013-04-10 19:21 4691304 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-10 14:09 . 2013-03-10 14:00 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-03-10 14:07 . 2013-03-10 14:02 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-03-10 14:00 . 2013-03-10 14:00 682280 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-03-09 04:16 . 2013-04-10 19:21 85504 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:48 . 2013-04-10 19:21 75264 ----a-w- c:\windows\system32\smss.exe
2013-03-08 04:18 . 2013-04-10 19:21 451072 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 04:17 . 2013-04-10 19:21 2425344 ----a-w- c:\windows\system32\mstscax.dll
2013-03-08 03:52 . 2013-04-10 19:21 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-03-06 23:33 . 2013-03-15 18:19 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-03-15 18:19 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2012-12-02 11:20 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-12-02 11:18 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-12-02 11:18 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-12-02 11:20 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-12-02 11:20 127136 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-03-06 23:33 . 2012-12-02 11:18 59144 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2012-12-02 11:18 263096 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-03-06 23:33 . 2012-12-02 11:18 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-03-06 23:33 . 2012-12-02 11:18 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-12-02 11:17 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-12-02 11:18 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-03 19:13 . 2013-04-10 19:21 1513320 ----a-w- c:\windows\system32\drivers\ntfs.sys
2003-09-11 12:32 . 2010-03-18 21:29 958464 ----a-w- c:\program files\Steam.exe
2003-08-21 11:41 . 2010-03-18 21:28 245760 ----a-w- c:\program files\WriteMiniDump.exe
2003-08-21 11:41 . 2010-03-18 21:28 489984 ----a-w- c:\program files\dbghelp.dll
2001-11-05 08:30 . 2010-03-18 21:29 165376 ------w- c:\program files\UNWISE.EXE
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D8278076-BC68-4484-9233-6E7F1628B56C}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" [2013-02-15 130696]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}]
[HKEY_CLASSES_ROOT\TypeLib\{7C4EE486-5EA5-4683-8C23-BF520933BB5E}]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2012-10-21 07:26 450472 ----a-w- c:\program files (x86)\PriceGong\2.6.8\PriceGongIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-01-29 13:29 170840 ----a-w- c:\program files\IB Updater\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{5347542D-5341-5400-76A7-7A786E7484D7}]
2013-02-15 08:27 13448 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
2012-02-27 08:42 88976 ----a-w- c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll" [2012-02-27 88976]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{5347542D-5341-5400-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" [2013-02-15 13448]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5347542d-5341-5400-76a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-28 68856]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Facebook Update"="c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-03-02 338808]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-03-26 3497552]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Akamai NetSession Interface"="c:\users\Nils\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Facebook.vbs"="c:\users\Nils\AppData\Local\Temp\Facebook.vbs" [2013-02-23 6796]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="c:\program files (x86)\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-08-13 172032]
"WarReg_PopUp"="c:\program files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SWPROguard"="c:\program files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe" [2010-03-11 586376]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2010-09-08 282624]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-02-15 1483912]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook.vbs [2013-2-23 6796]
FlashPlayerPlug.lnk - c:\users\Nils\AppData\Local\Temp\FlashPlayerMsj.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:08]
.
2013-05-19 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-07-19 12:41]
.
2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
- c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 09:22]
.
2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
- c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 09:22]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-28 11:32]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-28 11:32]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
- c:\users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29 11:07]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
- c:\users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29 11:07]
.
2013-05-18 c:\windows\Tasks\Norton Security Scan for Nils.job
- c:\progra~2\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-28 00:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-22 15844384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-22 82464]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"Setresolution"="c:\acer\config\1680x1050.cmd" [BU]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 67072]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2010-02-16 468480]
"Ocs_SM"="c:\users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-08-11 106496]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\WI371A~1\Datamngr\x64\IEBHO.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=APN10375&gct=hp&apn_ptnrs=^AHP&apn_dtid=^YYYYYY^YY^DE&p2=^AHP^YYYYYY^YY^DE&tpid=SGT-SAT&apn_dbr=cr_23.0.1271.95&apn_uid=F3E85BB7-DBD8-4C2F-86B2-7C534A60EE96&itbv=11.3.0.661&doi=2012-12-11
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s%s
mSearchAssistant = ${SEARCH_URL_IE7}
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
IE: {{DB38E21A-0133-419d-92AD-ECDFD5244D6D}
IE: {{EB620C54-E229-4942-87CE-E717109FC8C6}
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com Search
FF - prefs.js: browser.startup.homepage - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=
FF - ExtSQL: !HIDDEN! 2010-02-19 10:41; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-05-23 07:01; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyVLEVED4&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - b8bf317b000000000000001d72b78b03
FF - user.js: extensions.incredibar_i.instlDay - 15674
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:51
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyVLEVED4
FF - user.js: extensions.incredibar_i.upn2n - 92262540729902894
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - b8bf317b000000000000001d72b78b03
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15701
FF - user.js: extensions.claro.vrsn - 1.8.8.5
FF - user.js: extensions.claro.vrsni - 1.8.8.5
FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.518:56
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro_i.excTlbr - false
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro.rvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.Softonic.hpOld0 - hxxp://www.giga.de/go/wwr
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - b8bf317b000000000000001d72b78b03
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 15744
FF - user.js: extensions.Softonic.vrsn - 1.8.8.11
FF - user.js: extensions.Softonic.vrsni - 1.8.8.11
FF - user.js: extensions.Softonic_i.vrsnTs - 1.8.8.1120:12
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive
FF - user.js: extensions.Softonic.instlRef - MOY00009
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic_i.excTlbr - false
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - true
FF - user.js: extensions.Softonic_i.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.Softonic_i.dnsErr - true
FF - user.js: extensions.Softonic_i.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=15&cc=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - (no file)
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{5347542D-5341-5400-76A7-7A786E7484D7} - (no file)
AddRemove-HBLiteSA - c:\program files (x86)\HBLite\bin\11.0.384.0\HBLiteUninstaller.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-ShoppingReport2 - c:\program files (x86)\ShoppingReport2\Uninst.exe
AddRemove-toolplugin - c:\users\Nils\AppData\Local\Temp\WZSE0.TMP\setup.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\SecuROM\License information*]
"datasecu"=hex:f6,19,96,69,15,07,71,98,07,65,23,ef,b6,2f,30,56,ad,9e,c0,e1,62,
0c,17,13,6e,63,7e,eb,b0,46,13,54,b2,3a,82,b8,12,f0,2f,4b,4c,dd,12,fd,08,0f,\
"rkeysecu"=hex:06,e8,04,18,97,15,1c,32,59,db,e0,e3,99,68,9b,cf
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2013-05-19 13:26:34
ComboFix-quarantined-files.txt 2013-05-19 11:26
ComboFix2.txt 2013-05-17 22:10
.
Vor Suchlauf: 27 Verzeichnis(se), 269.905.645.568 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 269.832.396.800 Bytes frei
.
- - End Of File - - 385036B647C988293C86B41DB1B7C983
|
|
19.05.2013, 20:36
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich facebook.vbs? Rootkitscan mit GMER
__________________Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
20.05.2013, 18:47
| #19 |
| | Wie entferne ich facebook.vbs? Okay, hier sind die ersten Logdaten vom ersten Scan: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
v2013.05.20.03
Windows Vista Service Pack 2 x64 NTFS
7.0.6002.18005
Nils :: NILS-PC
20.05.2013 18:46:11
mbar-log-2013-05-20 (18-46-11).txt
32596
18 , 1
0
0
34
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\CLASSES\TYPELIB\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\CLASSES\TYPELIB\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) ->
HKLM\SOFTWARE\CLASSES\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF} (Adware.Hotbar) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{618AAD04-921F-44C2-BE38-C0818AF69861} (Adware.Hotbar) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} (Adware.Hotbar) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{618AAD04-921F-44C2-BE38-C0818AF69861} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF} (Adware.Hotbar) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\CLASSES\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\HBLite (Adware.HotBar) ->
HKLM\SOFTWARE\WOW6432NODE\ShoppingReport2 (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HBLiteSA (Adware.HotBar) ->
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ShoppingReport2 (Adware.Hotbar) ->
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (PUP.InstallBrain) ->
1
HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|HBLite@HBLite.com (Adware.HotBar) -> C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox\extensions ->
0
2
c:\ProgramData\IBUpdaterService (PUP.InstallBrain) ->
c:\aighfrshdgf (Trojan.SpyEyes) ->
4
c:\Users\Nils\Downloads\FlashPlayer_V.69388466c.exe (Adware.DomaIQ) ->
c:\Users\Nils\Downloads\installer_counter-strike_1_6_Deutsch_Deutsch.exe (PUP.SmsPay.pns) ->
c:\Users\Nils\Downloads\cacuqu_v8_downloader.exe (PUP.ForceInstaller) ->
c:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) ->
Und hier die zweite: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
v2013.05.20.06
Windows Vista Service Pack 2 x64 NTFS
7.0.6002.18005
Nils :: NILS-PC
20.05.2013 19:43:42
mbar-log-2013-05-20 (19-43-42).txt
32533
14 , 14
0
0
0
0
0
0
0
|
|
21.05.2013, 12:28
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich facebook.vbs? Was zum Geier hast du mit den Logs gemacht?  Poste sie bitte richtig und nicht zerwürfelt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.05.2013, 21:20
| #21 |
| | Wie entferne ich facebook.vbs? Warum, ich habe es doch so befolgt wie du gesagt hast. Nach dem zweiten Scan hat er ja nichts mehr gefunden, den hätte ich auch weg lassen können.  |
|
21.05.2013, 22:04
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich facebook.vbs? Trotzdem sind die Logs sehr zerwürfelt... aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2013, 06:53
| #23 |
| | Wie entferne ich facebook.vbs? Hier die Log aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-22 07:04:31
-----------------------------
07:04:31.265 OS Version: Windows x64 6.0.6002 Service Pack 2
07:04:31.265 Number of processors: 4 586 0x203
07:04:31.266 ComputerName: NILS-PC UserName: Nils
07:04:36.608 Initialize success
07:04:39.170 AVAST engine defs: 13052101
07:06:10.777 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
07:06:10.780 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 6
07:06:10.963 Disk 0 MBR read successfully
07:06:10.966 Disk 0 MBR scan
07:06:10.971 Disk 0 unknown MBR code
07:06:10.994 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
07:06:11.049 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 466322 MB offset 41945088
07:06:11.074 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 467064 MB offset 996972606
07:06:11.297 Disk 0 scanning C:\Windows\system32\drivers
07:06:44.646 Service scanning
07:07:20.988 Modules scanning
07:07:20.999 Disk 0 trace - called modules:
07:07:21.027 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
07:07:21.037 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e1b790]
07:07:21.045 3 CLASSPNP.SYS[fffffa60010a3c33] -> nt!IofCallDriver -> [0xfffffa8003d2d930]
07:07:21.052 5 acpi.sys[fffffa60008fefde] -> nt!IofCallDriver -> \Device\00000060[0xfffffa8003d39060]
07:07:22.749 AVAST engine scan C:\Windows
07:07:32.200 AVAST engine scan C:\Windows\system32
07:15:13.113 AVAST engine scan C:\Windows\system32\drivers
07:16:32.102 AVAST engine scan C:\Users\Nils
07:35:35.964 Disk 0 MBR has been saved successfully to "C:\Users\Nils\Desktop\MBR.dat"
07:35:35.977 The log file has been saved successfully to "C:\Users\Nils\Desktop\aswMBR.txt"
Hier die Log vom TDSSKiller: Code:
ATTFilter 07:42:26.0249 7748 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:42:26.0691 7748 ============================================================
07:42:26.0691 7748 Current date / time: 2013/05/22 07:42:26.0691
07:42:26.0691 7748 SystemInfo:
07:42:26.0691 7748
07:42:26.0691 7748 OS Version: 6.0.6002 ServicePack: 2.0
07:42:26.0691 7748 Product type: Workstation
07:42:26.0691 7748 ComputerName: NILS-PC
07:42:26.0692 7748 UserName: Nils
07:42:26.0692 7748 Windows directory: C:\Windows
07:42:26.0692 7748 System windows directory: C:\Windows
07:42:26.0692 7748 Running under WOW64
07:42:26.0692 7748 Processor architecture: Intel x64
07:42:26.0692 7748 Number of processors: 4
07:42:26.0692 7748 Page size: 0x1000
07:42:26.0692 7748 Boot type: Normal boot
07:42:26.0692 7748 ============================================================
07:42:27.0401 7748 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:42:27.0413 7748 ============================================================
07:42:27.0413 7748 \Device\Harddisk0\DR0:
07:42:27.0419 7748 MBR partitions:
07:42:27.0419 7748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x38EC9000
07:42:27.0419 7748 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B6C983E, BlocksNum 0x3903C183
07:42:27.0419 7748 ============================================================
07:42:27.0464 7748 C: <-> \Device\Harddisk0\DR0\Partition1
07:42:27.0492 7748 D: <-> \Device\Harddisk0\DR0\Partition2
07:42:27.0506 7748 ============================================================
07:42:27.0506 7748 Initialize success
07:42:27.0506 7748 ============================================================
07:42:37.0229 9128 ============================================================
07:42:37.0229 9128 Scan started
07:42:37.0229 9128 Mode: Manual; SigCheck; TDLFS;
07:42:37.0229 9128 ============================================================
07:42:39.0179 9128 ================ Scan system memory ========================
07:42:39.0179 9128 System memory - ok
07:42:39.0180 9128 ================ Scan services =============================
07:43:00.0065 9128 0204311369124529mcinstcleanup - ok
07:43:00.0176 9128 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
07:43:00.0438 9128 ACPI - ok
07:43:00.0567 9128 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:43:00.0602 9128 AdobeFlashPlayerUpdateSvc - ok
07:43:00.0676 9128 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
07:43:00.0742 9128 adp94xx - ok
07:43:00.0811 9128 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
07:43:00.0855 9128 adpahci - ok
07:43:00.0874 9128 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
07:43:00.0909 9128 adpu160m - ok
07:43:00.0919 9128 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
07:43:00.0944 9128 adpu320 - ok
07:43:00.0993 9128 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:43:01.0136 9128 AeLookupSvc - ok
07:43:01.0186 9128 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
07:43:01.0265 9128 AFD - ok
07:43:01.0295 9128 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:43:01.0312 9128 agp440 - ok
07:43:01.0346 9128 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
07:43:01.0365 9128 aic78xx - ok
07:43:01.0395 9128 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
07:43:01.0575 9128 ALG - ok
07:43:01.0615 9128 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
07:43:01.0645 9128 aliide - ok
07:43:01.0674 9128 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
07:43:01.0705 9128 amdide - ok
07:43:01.0724 9128 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
07:43:01.0806 9128 AmdK8 - ok
07:43:01.0918 9128 [ 8549D4B927C6AE13A118296F2251CC51 ] APNMCP C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
07:43:01.0951 9128 APNMCP - ok
07:43:02.0006 9128 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
07:43:02.0073 9128 Appinfo - ok
07:43:02.0110 9128 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
07:43:02.0144 9128 arc - ok
07:43:02.0174 9128 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
07:43:02.0208 9128 arcsas - ok
07:43:02.0531 9128 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:43:02.0630 9128 aspnet_state - ok
07:43:02.0669 9128 [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
07:43:02.0782 9128 aswFsBlk - ok
07:43:02.0833 9128 [ E0106296D9BAF77F94BDC46A6300310C ] aswFW C:\Windows\system32\drivers\aswFW.sys
07:43:02.0867 9128 aswFW - ok
07:43:02.0930 9128 [ 36949EB7E71C5779C5163AF6AFB2A161 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
07:43:02.0959 9128 aswKbd - ok
07:43:02.0999 9128 [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
07:43:03.0031 9128 aswMonFlt - ok
07:43:03.0049 9128 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys
07:43:03.0065 9128 aswNdis - ok
07:43:03.0101 9128 [ 37D73565082D0CBFE62EA436EF4AE998 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys
07:43:03.0131 9128 aswNdis2 - ok
07:43:03.0153 9128 [ EC4BC131437D17DD40D0243D7CB875C0 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
07:43:03.0170 9128 AswRdr - ok
07:43:03.0216 9128 [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
07:43:03.0237 9128 aswRvrt - ok
07:43:03.0275 9128 [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
07:43:03.0340 9128 aswSnx - ok
07:43:03.0377 9128 [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP C:\Windows\system32\drivers\aswSP.sys
07:43:03.0437 9128 aswSP - ok
07:43:03.0481 9128 [ D62C10D1829C65115111C160EA956260 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
07:43:03.0513 9128 aswTdi - ok
07:43:03.0549 9128 [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
07:43:03.0585 9128 aswVmm - ok
07:43:03.0627 9128 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:43:03.0713 9128 AsyncMac - ok
07:43:03.0760 9128 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
07:43:03.0793 9128 atapi - ok
07:43:03.0879 9128 [ 81AC7567F476AA6D9AE7C84C4B3A5F81 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
07:43:03.0984 9128 Ati External Event Utility - ok
07:43:04.0391 9128 [ 8EA545F0F90E6388DCACA8F4F9404DC5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
07:43:04.0644 9128 atikmdag - ok
07:43:04.0687 9128 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:43:04.0755 9128 AudioEndpointBuilder - ok
07:43:04.0767 9128 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:43:04.0841 9128 AudioSrv - ok
07:43:04.0896 9128 [ F431DC5D94F4B2FDBC927655D8A9B10E ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
07:43:04.0912 9128 Autodesk Content Service - ok
07:43:05.0083 9128 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:43:05.0100 9128 avast! Antivirus - ok
07:43:05.0148 9128 [ DA387EDDBA421A7A8132E256343C2799 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
07:43:05.0166 9128 avast! Firewall - ok
07:43:05.0197 9128 AVFSFilter - ok
07:43:05.0378 9128 [ 4AA81E69A0A99035392880DBC953B1A1 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe
07:43:05.0417 9128 BBSvc - ok
07:43:05.0503 9128 [ 49CBA45AB82D25A6FFC4ECB3307BC9E7 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe
07:43:05.0543 9128 BBUpdate - ok
07:43:05.0594 9128 [ 1381FBB6547BFD901DF32950975038EB ] bdfsfltr C:\Windows\system32\DRIVERS\bdfsfltr.sys
07:43:05.0628 9128 bdfsfltr - ok
07:43:05.0725 9128 [ 20E5855A9DDF35E25D87887E225A5043 ] bdftdif C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
07:43:05.0756 9128 bdftdif - ok
07:43:05.0820 9128 BDSelfPr - ok
07:43:05.0827 9128 Beep - ok
07:43:05.0887 9128 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
07:43:06.0023 9128 BFE - ok
07:43:06.0102 9128 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
07:43:06.0291 9128 BITS - ok
07:43:06.0324 9128 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
07:43:06.0403 9128 blbdrive - ok
07:43:06.0444 9128 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:43:06.0517 9128 bowser - ok
07:43:06.0543 9128 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
07:43:06.0619 9128 BrFiltLo - ok
07:43:06.0635 9128 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
07:43:06.0684 9128 BrFiltUp - ok
07:43:06.0724 9128 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
07:43:06.0791 9128 Browser - ok
07:43:06.0912 9128 [ 4C260DE6B554A670546578426BB0C604 ] BrowserProtect C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
07:43:06.0992 9128 BrowserProtect - ok
07:43:07.0028 9128 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
07:43:07.0220 9128 Brserid - ok
07:43:07.0240 9128 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
07:43:07.0317 9128 BrSerWdm - ok
07:43:07.0323 9128 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
07:43:07.0429 9128 BrUsbMdm - ok
07:43:07.0450 9128 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
07:43:07.0544 9128 BrUsbSer - ok
07:43:07.0558 9128 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
07:43:07.0621 9128 BTHMODEM - ok
07:43:07.0704 9128 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
07:43:07.0762 9128 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
07:43:07.0762 9128 BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
07:43:07.0788 9128 catchme - ok
07:43:07.0824 9128 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:43:07.0906 9128 cdfs - ok
07:43:07.0951 9128 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:43:08.0020 9128 cdrom - ok
07:43:08.0085 9128 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
07:43:08.0150 9128 CertPropSvc - ok
07:43:08.0177 9128 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
07:43:08.0270 9128 circlass - ok
07:43:08.0315 9128 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
07:43:08.0403 9128 CLFS - ok
07:43:08.0487 9128 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:43:08.0519 9128 clr_optimization_v2.0.50727_32 - ok
07:43:08.0569 9128 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:43:08.0649 9128 clr_optimization_v2.0.50727_64 - ok
07:43:08.0708 9128 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:43:08.0780 9128 clr_optimization_v4.0.30319_32 - ok
07:43:08.0803 9128 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:43:08.0865 9128 clr_optimization_v4.0.30319_64 - ok
07:43:08.0890 9128 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:43:08.0920 9128 cmdide - ok
07:43:08.0927 9128 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
07:43:08.0957 9128 Compbatt - ok
07:43:08.0965 9128 COMSysApp - ok
07:43:08.0981 9128 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
07:43:08.0999 9128 crcdisk - ok
07:43:09.0050 9128 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:43:09.0113 9128 CryptSvc - ok
07:43:09.0220 9128 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
07:43:09.0329 9128 DcomLaunch - ok
07:43:09.0390 9128 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:43:09.0467 9128 DfsC - ok
07:43:09.0585 9128 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
07:43:09.0820 9128 DFSR - ok
07:43:09.0880 9128 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
07:43:09.0983 9128 Dhcp - ok
07:43:10.0011 9128 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
07:43:10.0045 9128 disk - ok
07:43:10.0068 9128 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:43:10.0122 9128 Dnscache - ok
07:43:10.0163 9128 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
07:43:10.0235 9128 dot3svc - ok
07:43:10.0284 9128 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
07:43:10.0376 9128 DPS - ok
07:43:10.0403 9128 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:43:10.0474 9128 drmkaud - ok
07:43:10.0522 9128 [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:43:10.0626 9128 DXGKrnl - ok
07:43:10.0650 9128 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
07:43:10.0733 9128 E1G60 - ok
07:43:10.0766 9128 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
07:43:10.0860 9128 EapHost - ok
07:43:10.0891 9128 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
07:43:10.0927 9128 Ecache - ok
07:43:11.0020 9128 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:43:11.0081 9128 ehRecvr - ok
07:43:11.0101 9128 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
07:43:11.0134 9128 ehSched - ok
07:43:11.0157 9128 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
07:43:11.0217 9128 ehstart - ok
07:43:11.0247 9128 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
07:43:11.0273 9128 elxstor - ok
07:43:11.0313 9128 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
07:43:11.0400 9128 EMDMgmt - ok
07:43:11.0418 9128 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:43:11.0463 9128 ErrDev - ok
07:43:11.0511 9128 [ 20D3741680AB88269BADCDB161B36705 ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
07:43:11.0538 9128 ETService ( UnsignedFile.Multi.Generic ) - warning
07:43:11.0539 9128 ETService - detected UnsignedFile.Multi.Generic (1)
07:43:11.0591 9128 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
07:43:11.0678 9128 EventSystem - ok
07:43:11.0742 9128 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
07:43:11.0801 9128 exfat - ok
07:43:11.0840 9128 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:43:11.0926 9128 fastfat - ok
07:43:11.0946 9128 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:43:12.0016 9128 fdc - ok
07:43:12.0062 9128 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
07:43:12.0156 9128 fdPHost - ok
07:43:12.0182 9128 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
07:43:12.0285 9128 FDResPub - ok
07:43:12.0303 9128 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:43:12.0334 9128 FileInfo - ok
07:43:12.0370 9128 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:43:12.0432 9128 Filetrace - ok
07:43:12.0812 9128 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
07:43:12.0968 9128 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
07:43:12.0968 9128 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
07:43:13.0124 9128 [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
07:43:13.0243 9128 FLEXnet Licensing Service 64 - ok
07:43:13.0274 9128 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:43:13.0343 9128 flpydisk - ok
07:43:13.0400 9128 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:43:13.0442 9128 FltMgr - ok
07:43:13.0484 9128 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:43:13.0513 9128 FontCache3.0.0.0 - ok
07:43:13.0613 9128 [ 03EC8C6EEB24E245DAD858C9FC6A1B68 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\bin32\nSvcAppFlt.exe
07:43:13.0697 9128 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
07:43:13.0697 9128 ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
07:43:13.0728 9128 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
07:43:13.0758 9128 fssfltr - ok
07:43:13.0868 9128 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
07:43:13.0952 9128 fsssvc - ok
07:43:14.0018 9128 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:43:14.0085 9128 Fs_Rec - ok
07:43:14.0120 9128 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
07:43:14.0154 9128 gagp30kx - ok
07:43:14.0198 9128 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
07:43:14.0226 9128 ggflt - ok
07:43:14.0264 9128 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
07:43:14.0292 9128 ggsemc - ok
07:43:14.0385 9128 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
07:43:14.0469 9128 gpsvc - ok
07:43:14.0550 9128 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:43:14.0581 9128 gupdate - ok
07:43:14.0650 9128 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:43:14.0679 9128 gupdatem - ok
07:43:14.0725 9128 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:43:14.0758 9128 gusvc - ok
07:43:14.0805 9128 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:43:14.0851 9128 HdAudAddService - ok
07:43:14.0887 9128 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
07:43:15.0045 9128 HDAudBus - ok
07:43:15.0068 9128 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
07:43:15.0188 9128 HidBth - ok
07:43:15.0209 9128 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
07:43:15.0325 9128 HidIr - ok
07:43:15.0386 9128 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
07:43:15.0465 9128 hidserv - ok
07:43:15.0495 9128 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:43:15.0547 9128 HidUsb - ok
07:43:15.0571 9128 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
07:43:15.0620 9128 hkmsvc - ok
07:43:15.0659 9128 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
07:43:15.0677 9128 HpCISSs - ok
07:43:15.0727 9128 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:43:15.0808 9128 HTTP - ok
07:43:15.0833 9128 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
07:43:15.0850 9128 i2omp - ok
07:43:15.0879 9128 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
07:43:15.0922 9128 i8042prt - ok
07:43:15.0932 9128 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
07:43:15.0956 9128 iaStorV - ok
07:43:16.0022 9128 [ 2B794D16EA8D5A8BBFC2E066E855D790 ] IB Updater C:\Program Files\IB Updater\ExtensionUpdaterService.exe
07:43:16.0039 9128 IB Updater - ok
07:43:16.0109 9128 [ 7A95A3AD931B97FEC5067E40636CE37F ] ICQ Service C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
07:43:16.0128 9128 ICQ Service - ok
07:43:16.0198 9128 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:43:16.0222 9128 IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:43:16.0223 9128 IDriverT - detected UnsignedFile.Multi.Generic (1)
07:43:16.0381 9128 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:43:16.0456 9128 idsvc - ok
07:43:16.0471 9128 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
07:43:16.0503 9128 iirsp - ok
07:43:16.0535 9128 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
07:43:16.0661 9128 IKEEXT - ok
07:43:16.0728 9128 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
07:43:16.0757 9128 int15 - ok
07:43:16.0848 9128 [ 2C62599E693372A9221C262B8040E3AC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:43:16.0961 9128 IntcAzAudAddService - ok
07:43:16.0983 9128 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
07:43:17.0015 9128 intelide - ok
07:43:17.0060 9128 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:43:17.0148 9128 intelppm - ok
07:43:17.0178 9128 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:43:17.0268 9128 IPBusEnum - ok
07:43:17.0319 9128 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:43:17.0373 9128 IpFilterDriver - ok
07:43:17.0401 9128 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:43:17.0491 9128 iphlpsvc - ok
07:43:17.0499 9128 IpInIp - ok
07:43:17.0521 9128 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
07:43:17.0583 9128 IPMIDRV - ok
07:43:17.0612 9128 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
07:43:17.0685 9128 IPNAT - ok
07:43:17.0713 9128 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:43:17.0767 9128 IRENUM - ok
07:43:17.0799 9128 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:43:17.0816 9128 isapnp - ok
07:43:17.0944 9128 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
07:43:17.0983 9128 iScsiPrt - ok
07:43:18.0022 9128 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
07:43:18.0052 9128 iteatapi - ok
07:43:18.0108 9128 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
07:43:18.0126 9128 iteraid - ok
07:43:18.0152 9128 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:43:18.0171 9128 kbdclass - ok
07:43:18.0195 9128 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:43:18.0244 9128 kbdhid - ok
07:43:18.0270 9128 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
07:43:18.0317 9128 KeyIso - ok
07:43:18.0358 9128 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:43:18.0407 9128 KSecDD - ok
07:43:18.0449 9128 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:43:18.0532 9128 ksthunk - ok
07:43:18.0613 9128 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
07:43:18.0744 9128 KtmRm - ok
07:43:18.0769 9128 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
07:43:18.0844 9128 LanmanServer - ok
07:43:18.0893 9128 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:43:18.0982 9128 LanmanWorkstation - ok
07:43:19.0039 9128 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
07:43:19.0049 9128 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
07:43:19.0050 9128 LightScribeService - detected UnsignedFile.Multi.Generic (1)
07:43:19.0171 9128 [ 94E3D35A8B34277E70E2585D1964AAA3 ] LIVESRV C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
07:43:19.0304 9128 LIVESRV ( UnsignedFile.Multi.Generic ) - warning
07:43:19.0304 9128 LIVESRV - detected UnsignedFile.Multi.Generic (1)
07:43:19.0341 9128 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:43:19.0422 9128 lltdio - ok
07:43:19.0507 9128 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:43:19.0610 9128 lltdsvc - ok
07:43:19.0654 9128 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:43:19.0759 9128 lmhosts - ok
07:43:19.0778 9128 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
07:43:19.0813 9128 LSI_FC - ok
07:43:19.0831 9128 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
07:43:19.0867 9128 LSI_SAS - ok
07:43:19.0894 9128 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
07:43:19.0930 9128 LSI_SCSI - ok
07:43:19.0961 9128 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
07:43:20.0014 9128 luafv - ok
07:43:20.0049 9128 [ 8BB169810C66B32364886A8751325181 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
07:43:20.0071 9128 LVRS64 - ok
07:43:20.0183 9128 [ D49858FB1432A0601FCE2A9E452D6BC9 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
07:43:20.0662 9128 LVUVC64 - ok
07:43:20.0984 9128 [ F8040A47A0E447F96144A8D3E1170119 ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
07:43:21.0015 9128 McAfee SiteAdvisor Service - ok
07:43:21.0044 9128 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:43:21.0080 9128 Mcx2Svc - ok
07:43:21.0115 9128 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
07:43:21.0148 9128 megasas - ok
07:43:21.0180 9128 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
07:43:21.0227 9128 MegaSR - ok
07:43:21.0264 9128 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
07:43:21.0327 9128 MMCSS - ok
07:43:21.0345 9128 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
07:43:21.0394 9128 Modem - ok
07:43:21.0418 9128 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:43:21.0457 9128 monitor - ok
07:43:21.0474 9128 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:43:21.0495 9128 mouclass - ok
07:43:21.0528 9128 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:43:21.0589 9128 mouhid - ok
07:43:21.0610 9128 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
07:43:21.0628 9128 MountMgr - ok
07:43:21.0688 9128 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
07:43:21.0708 9128 mpio - ok
07:43:21.0725 9128 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:43:21.0777 9128 mpsdrv - ok
07:43:21.0912 9128 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
07:43:21.0979 9128 MpsSvc - ok
07:43:21.0989 9128 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
07:43:22.0006 9128 Mraid35x - ok
07:43:22.0032 9128 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:43:22.0066 9128 MRxDAV - ok
07:43:22.0112 9128 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:43:22.0163 9128 mrxsmb - ok
07:43:22.0191 9128 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:43:22.0232 9128 mrxsmb10 - ok
07:43:22.0259 9128 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:43:22.0296 9128 mrxsmb20 - ok
07:43:22.0330 9128 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
07:43:22.0362 9128 msahci - ok
07:43:22.0370 9128 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:43:22.0406 9128 msdsm - ok
07:43:22.0431 9128 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
07:43:22.0495 9128 MSDTC - ok
07:43:22.0526 9128 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:43:22.0576 9128 Msfs - ok
07:43:22.0597 9128 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:43:22.0614 9128 msisadrv - ok
07:43:22.0652 9128 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:43:22.0699 9128 MSiSCSI - ok
07:43:22.0706 9128 msiserver - ok
07:43:22.0766 9128 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:43:22.0822 9128 MSKSSRV - ok
07:43:22.0848 9128 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:43:22.0893 9128 MSPCLOCK - ok
07:43:22.0905 9128 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:43:22.0949 9128 MSPQM - ok
07:43:23.0062 9128 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:43:23.0104 9128 MsRPC - ok
07:43:23.0130 9128 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
07:43:23.0162 9128 mssmbios - ok
07:43:23.0194 9128 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:43:23.0281 9128 MSTEE - ok
07:43:23.0318 9128 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
07:43:23.0352 9128 Mup - ok
07:43:23.0403 9128 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
07:43:23.0541 9128 napagent - ok
07:43:23.0599 9128 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:43:23.0653 9128 NativeWifiP - ok
07:43:23.0722 9128 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:43:23.0804 9128 NDIS - ok
07:43:23.0826 9128 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:43:23.0889 9128 NdisTapi - ok
07:43:23.0920 9128 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:43:24.0003 9128 Ndisuio - ok
07:43:24.0046 9128 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:43:24.0104 9128 NdisWan - ok
07:43:24.0139 9128 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:43:24.0180 9128 NDProxy - ok
07:43:24.0215 9128 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:43:24.0304 9128 NetBIOS - ok
07:43:24.0357 9128 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
07:43:24.0416 9128 netbt - ok
07:43:24.0442 9128 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
07:43:24.0477 9128 Netlogon - ok
07:43:24.0616 9128 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
07:43:24.0714 9128 Netman - ok
07:43:24.0789 9128 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:43:24.0823 9128 NetMsmqActivator - ok
07:43:24.0830 9128 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:43:24.0860 9128 NetPipeActivator - ok
07:43:24.0944 9128 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
07:43:25.0032 9128 netprofm - ok
07:43:25.0039 9128 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:43:25.0069 9128 NetTcpActivator - ok
07:43:25.0076 9128 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:43:25.0108 9128 NetTcpPortSharing - ok
07:43:25.0137 9128 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
07:43:25.0154 9128 nfrd960 - ok
07:43:25.0176 9128 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
07:43:25.0239 9128 NlaSvc - ok
07:43:25.0282 9128 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:43:25.0330 9128 Npfs - ok
07:43:25.0370 9128 npggsvc - ok
07:43:25.0388 9128 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
07:43:25.0441 9128 nsi - ok
07:43:25.0485 9128 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:43:25.0580 9128 nsiproxy - ok
07:43:25.0605 9128 [ C5117E7FF9F373AD470CE5379617F464 ] nSvcIp C:\Program Files\bin32\nSvcIp.exe
07:43:25.0631 9128 nSvcIp ( UnsignedFile.Multi.Generic ) - warning
07:43:25.0631 9128 nSvcIp - detected UnsignedFile.Multi.Generic (1)
07:43:25.0708 9128 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:43:25.0832 9128 Ntfs - ok
07:43:25.0931 9128 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
07:43:25.0985 9128 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
07:43:25.0985 9128 NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
07:43:26.0006 9128 [ 7D397449AAF52B0E7C79B64F6AD4473E ] NTIDrvr C:\Windows\system32\Drivers\NTIDrvr.sys
07:43:26.0033 9128 NTIDrvr - ok
07:43:26.0047 9128 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
07:43:26.0059 9128 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
07:43:26.0059 9128 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
07:43:26.0070 9128 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
07:43:26.0144 9128 Null - ok
07:43:26.0204 9128 [ 211D111D01D4B74015D4E58E84588F86 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
07:43:26.0292 9128 NVENETFD - ok
07:43:26.0316 9128 [ 73B0ABBCA290A5709A193C3B6877D34E ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
07:43:26.0331 9128 NVHDA - ok
07:43:27.0054 9128 [ 6169DDFB59E5106523BB660CC12A3657 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:43:27.0549 9128 nvlddmkm - ok
07:43:27.0584 9128 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:43:27.0622 9128 nvraid - ok
07:43:27.0655 9128 [ F6C6D8298DD85507F680437EC2E6899C ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
07:43:27.0669 9128 nvsmu - ok
07:43:27.0684 9128 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:43:27.0703 9128 nvstor - ok
07:43:27.0718 9128 [ 14E8409CCE4BFC7591F8697A8748DC5B ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
07:43:27.0735 9128 nvstor64 - ok
07:43:27.0790 9128 [ 6D8D2B6740CD5788DCD06893C0972E80 ] nvsvc C:\Windows\system32\nvvsvc.exe
07:43:27.0854 9128 nvsvc - ok
07:43:27.0876 9128 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:43:27.0895 9128 nv_agp - ok
07:43:27.0902 9128 NwlnkFlt - ok
07:43:27.0910 9128 NwlnkFwd - ok
07:43:28.0121 9128 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:43:28.0193 9128 odserv - ok
07:43:28.0240 9128 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
07:43:28.0314 9128 ohci1394 - ok
07:43:28.0356 9128 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:43:28.0389 9128 ose - ok
07:43:28.0452 9128 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
07:43:28.0564 9128 p2pimsvc - ok
07:43:28.0591 9128 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
07:43:28.0662 9128 p2psvc - ok
07:43:28.0715 9128 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
07:43:28.0841 9128 Parport - ok
07:43:28.0877 9128 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:43:28.0910 9128 partmgr - ok
07:43:28.0930 9128 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
07:43:28.0967 9128 PcaSvc - ok
07:43:29.0002 9128 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
07:43:29.0024 9128 pci - ok
07:43:29.0052 9128 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
07:43:29.0069 9128 pciide - ok
07:43:29.0134 9128 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
07:43:29.0170 9128 pcmcia - ok
07:43:29.0232 9128 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:43:29.0343 9128 PEAUTH - ok
07:43:29.0582 9128 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:43:29.0679 9128 PerfHost - ok
07:43:30.0097 9128 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
07:43:30.0230 9128 pla - ok
07:43:30.0260 9128 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:43:30.0336 9128 PlugPlay - ok
07:43:30.0361 9128 PnkBstrA - ok
07:43:30.0406 9128 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
07:43:30.0460 9128 PNRPAutoReg - ok
07:43:30.0530 9128 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
07:43:30.0584 9128 PNRPsvc - ok
07:43:30.0685 9128 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:43:30.0885 9128 PolicyAgent - ok
07:43:30.0918 9128 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:43:30.0992 9128 PptpMiniport - ok
07:43:31.0016 9128 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:43:31.0082 9128 Processor - ok
07:43:31.0119 9128 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
07:43:31.0163 9128 ProfSvc - ok
07:43:31.0186 9128 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
07:43:31.0205 9128 ProtectedStorage - ok
07:43:31.0258 9128 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
07:43:31.0288 9128 PSched - ok
07:43:31.0318 9128 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
07:43:31.0415 9128 ql2300 - ok
07:43:31.0423 9128 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
07:43:31.0441 9128 ql40xx - ok
07:43:31.0470 9128 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
07:43:31.0508 9128 QWAVE - ok
07:43:31.0531 9128 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:43:31.0551 9128 QWAVEdrv - ok
07:43:31.0573 9128 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:43:31.0631 9128 RasAcd - ok
07:43:31.0654 9128 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
07:43:31.0704 9128 RasAuto - ok
07:43:31.0726 9128 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:43:31.0775 9128 Rasl2tp - ok
07:43:31.0804 9128 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
07:43:31.0840 9128 RasMan - ok
07:43:31.0866 9128 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:43:31.0907 9128 RasPppoe - ok
07:43:31.0922 9128 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:43:31.0951 9128 RasSstp - ok
07:43:31.0984 9128 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:43:32.0017 9128 rdbss - ok
07:43:32.0037 9128 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:43:32.0074 9128 RDPCDD - ok
07:43:32.0122 9128 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
07:43:32.0176 9128 rdpdr - ok
07:43:32.0182 9128 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:43:32.0227 9128 RDPENCDD - ok
07:43:32.0268 9128 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:43:32.0321 9128 RDPWD - ok
07:43:32.0352 9128 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:43:32.0445 9128 RemoteAccess - ok
07:43:32.0476 9128 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:43:32.0556 9128 RemoteRegistry - ok
07:43:32.0591 9128 [ C1C132455200AD4704142442C89D0FA4 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
07:43:32.0620 9128 RichVideo ( UnsignedFile.Multi.Generic ) - warning
07:43:32.0620 9128 RichVideo - detected UnsignedFile.Multi.Generic (1)
07:43:32.0652 9128 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
07:43:32.0702 9128 RpcLocator - ok
07:43:32.0756 9128 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
07:43:32.0830 9128 RpcSs - ok
07:43:32.0856 9128 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:43:32.0894 9128 rspndr - ok
07:43:32.0909 9128 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
07:43:32.0927 9128 SamSs - ok
07:43:32.0949 9128 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:43:32.0967 9128 sbp2port - ok
07:43:33.0071 9128 [ 144F1AF19E9DBE23201B705FA2BDEF27 ] scan C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll
07:43:33.0097 9128 scan ( UnsignedFile.Multi.Generic ) - warning
07:43:33.0097 9128 scan - detected UnsignedFile.Multi.Generic (1)
07:43:33.0127 9128 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:43:33.0202 9128 SCardSvr - ok
07:43:33.0401 9128 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
07:43:33.0494 9128 Schedule - ok
07:43:33.0529 9128 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
07:43:33.0583 9128 SCPolicySvc - ok
07:43:33.0619 9128 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:43:33.0722 9128 SDRSVC - ok
07:43:33.0768 9128 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
07:43:33.0784 9128 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
07:43:33.0784 9128 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
07:43:33.0810 9128 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:43:33.0880 9128 secdrv - ok
07:43:33.0908 9128 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
07:43:33.0961 9128 seclogon - ok
07:43:34.0011 9128 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
07:43:34.0053 9128 seehcri - ok
07:43:34.0065 9128 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
07:43:34.0118 9128 SENS - ok
07:43:34.0151 9128 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
07:43:34.0235 9128 Serenum - ok
07:43:34.0253 9128 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
07:43:34.0318 9128 Serial - ok
07:43:34.0324 9128 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
07:43:34.0378 9128 sermouse - ok
07:43:34.0418 9128 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
07:43:34.0474 9128 SessionEnv - ok
07:43:34.0486 9128 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:43:34.0542 9128 sffdisk - ok
07:43:34.0564 9128 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:43:34.0617 9128 sffp_mmc - ok
07:43:34.0634 9128 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:43:34.0692 9128 sffp_sd - ok
07:43:34.0717 9128 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
07:43:34.0790 9128 sfloppy - ok
07:43:34.0817 9128 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:43:34.0892 9128 SharedAccess - ok
07:43:34.0933 9128 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:43:35.0001 9128 ShellHWDetection - ok
07:43:35.0008 9128 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
07:43:35.0026 9128 SiSRaid2 - ok
07:43:35.0042 9128 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
07:43:35.0060 9128 SiSRaid4 - ok
07:43:35.0101 9128 [ DAEBFA1E3F7491F1C1F73F9451CB3D0E ] SiteAdvisor Service C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
07:43:35.0122 9128 SiteAdvisor Service - ok
07:43:35.0219 9128 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
07:43:35.0242 9128 SkypeUpdate - ok
07:43:35.0352 9128 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
07:43:35.0556 9128 slsvc - ok
07:43:35.0590 9128 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
07:43:35.0645 9128 SLUINotify - ok
07:43:35.0678 9128 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:43:35.0739 9128 Smb - ok
07:43:35.0770 9128 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:43:35.0809 9128 SNMPTRAP - ok
07:43:35.0897 9128 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
07:43:35.0922 9128 Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - warning
07:43:35.0922 9128 Sony Ericsson PCCompanion - detected UnsignedFile.Multi.Generic (1)
07:43:35.0957 9128 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
07:43:35.0990 9128 spldr - ok
07:43:36.0027 9128 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
07:43:36.0099 9128 Spooler - ok
07:43:36.0131 9128 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
07:43:36.0227 9128 srv - ok
07:43:36.0272 9128 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:43:36.0356 9128 srv2 - ok
07:43:36.0378 9128 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:43:36.0427 9128 srvnet - ok
07:43:36.0474 9128 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:43:36.0571 9128 SSDPSRV - ok
07:43:36.0631 9128 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:43:36.0690 9128 SstpSvc - ok
07:43:36.0729 9128 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
07:43:36.0803 9128 stisvc - ok
07:43:36.0831 9128 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
07:43:36.0861 9128 swenum - ok
07:43:36.0917 9128 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
07:43:37.0024 9128 swprv - ok
07:43:37.0042 9128 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
07:43:37.0059 9128 Symc8xx - ok
07:43:37.0066 9128 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
07:43:37.0092 9128 Sym_hi - ok
07:43:37.0098 9128 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
07:43:37.0126 9128 Sym_u3 - ok
07:43:37.0275 9128 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
07:43:37.0374 9128 SysMain - ok
07:43:37.0411 9128 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:43:37.0462 9128 TabletInputService - ok
07:43:37.0546 9128 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
07:43:37.0621 9128 TapiSrv - ok
07:43:37.0645 9128 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
07:43:37.0699 9128 TBS - ok
07:43:37.0878 9128 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:43:38.0017 9128 Tcpip - ok
07:43:38.0057 9128 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
07:43:38.0157 9128 Tcpip6 - ok
07:43:38.0183 9128 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:43:38.0299 9128 tcpipreg - ok
07:43:38.0328 9128 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:43:38.0407 9128 TDPIPE - ok
07:43:38.0420 9128 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:43:38.0502 9128 TDTCP - ok
07:43:38.0541 9128 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:43:38.0594 9128 tdx - ok
07:43:38.0670 9128 [ 42D4B341CEF8B2CF4A31E289CDD1BBE3 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
07:43:39.0165 9128 TeamViewer6 - ok
07:43:39.0200 9128 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
07:43:39.0234 9128 TermDD - ok
07:43:39.0336 9128 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
07:43:39.0447 9128 TermService - ok
07:43:39.0478 9128 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
07:43:39.0520 9128 Themes - ok
07:43:39.0575 9128 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
07:43:39.0614 9128 THREADORDER - ok
07:43:39.0643 9128 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
07:43:39.0695 9128 TrkWks - ok
07:43:39.0736 9128 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:43:39.0786 9128 TrustedInstaller - ok
07:43:39.0831 9128 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:43:39.0906 9128 tssecsrv - ok
07:43:39.0998 9128 [ EE1BD87C9F470945D41F54585DBC989A ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
07:43:40.0097 9128 TuneUp.UtilitiesSvc - ok
07:43:40.0124 9128 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
07:43:40.0139 9128 TuneUpUtilitiesDrv - ok
07:43:40.0170 9128 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
07:43:40.0224 9128 tunmp - ok
07:43:40.0242 9128 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:43:40.0288 9128 tunnel - ok
07:43:40.0321 9128 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
07:43:40.0355 9128 uagp35 - ok
07:43:40.0375 9128 [ 00C8CE31657624A125FDB90EFD554371 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
07:43:40.0401 9128 UBHelper - ok
07:43:40.0528 9128 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:43:40.0607 9128 udfs - ok
07:43:40.0658 9128 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:43:40.0701 9128 UI0Detect - ok
07:43:40.0765 9128 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:43:40.0783 9128 uliagpkx - ok
07:43:40.0806 9128 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
07:43:40.0829 9128 uliahci - ok
07:43:40.0836 9128 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
07:43:40.0855 9128 UlSata - ok
07:43:40.0863 9128 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
07:43:40.0890 9128 ulsata2 - ok
07:43:40.0902 9128 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:43:40.0940 9128 umbus - ok
07:43:40.0995 9128 [ 6AA98EEB910E3D3A718592834EBE61D7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
07:43:41.0018 9128 UMVPFSrv - ok
07:43:41.0047 9128 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
07:43:41.0165 9128 upnphost - ok
07:43:41.0206 9128 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
07:43:41.0275 9128 usbaudio - ok
07:43:41.0316 9128 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:43:41.0393 9128 usbccgp - ok
07:43:41.0416 9128 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:43:41.0535 9128 usbcir - ok
07:43:41.0549 9128 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:43:41.0591 9128 usbehci - ok
07:43:41.0615 9128 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:43:41.0664 9128 usbhub - ok
07:43:41.0689 9128 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
07:43:41.0730 9128 usbohci - ok
07:43:41.0745 9128 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
07:43:41.0844 9128 usbprint - ok
07:43:41.0866 9128 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:43:41.0935 9128 USBSTOR - ok
07:43:41.0953 9128 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
07:43:41.0988 9128 usbuhci - ok
07:43:42.0020 9128 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
07:43:42.0086 9128 usbvideo - ok
07:43:42.0126 9128 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
07:43:42.0167 9128 UxSms - ok
07:43:42.0232 9128 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
07:43:42.0288 9128 vds - ok
07:43:42.0303 9128 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:43:42.0356 9128 vga - ok
07:43:42.0395 9128 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:43:42.0449 9128 VgaSave - ok
07:43:42.0470 9128 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
07:43:42.0486 9128 viaide - ok
07:43:42.0495 9128 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:43:42.0513 9128 volmgr - ok
07:43:42.0560 9128 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:43:42.0586 9128 volmgrx - ok
07:43:42.0633 9128 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:43:42.0654 9128 volsnap - ok
07:43:42.0682 9128 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
07:43:42.0702 9128 vsmraid - ok
07:43:42.0760 9128 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
07:43:42.0936 9128 VSS - ok
07:43:43.0140 9128 [ 835FF57B3CD435E517A3B89239B077E7 ] VSSERV C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
07:43:43.0290 9128 VSSERV ( UnsignedFile.Multi.Generic ) - warning
07:43:43.0290 9128 VSSERV - detected UnsignedFile.Multi.Generic (1)
07:43:43.0342 9128 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
07:43:43.0441 9128 W32Time - ok
07:43:43.0471 9128 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
07:43:43.0580 9128 WacomPen - ok
07:43:43.0620 9128 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
07:43:43.0695 9128 Wanarp - ok
07:43:43.0701 9128 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:43:43.0750 9128 Wanarpv6 - ok
07:43:43.0812 9128 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:43:43.0868 9128 wcncsvc - ok
07:43:43.0894 9128 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:43:43.0937 9128 WcsPlugInService - ok
07:43:43.0961 9128 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
07:43:43.0978 9128 Wd - ok
07:43:44.0009 9128 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:43:44.0071 9128 Wdf01000 - ok
07:43:44.0084 9128 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:43:44.0138 9128 WdiServiceHost - ok
07:43:44.0144 9128 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:43:44.0184 9128 WdiSystemHost - ok
07:43:44.0219 9128 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
07:43:44.0282 9128 WebClient - ok
07:43:44.0308 9128 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:43:44.0352 9128 Wecsvc - ok
07:43:44.0362 9128 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:43:44.0398 9128 wercplsupport - ok
07:43:44.0417 9128 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
07:43:44.0468 9128 WerSvc - ok
07:43:44.0500 9128 WinDefend - ok
07:43:44.0513 9128 WinHttpAutoProxySvc - ok
07:43:44.0589 9128 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:43:44.0635 9128 Winmgmt - ok
07:43:44.0723 9128 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll
07:43:44.0863 9128 WinRM - ok
07:43:44.0926 9128 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
07:43:44.0993 9128 WinUSB - ok
07:43:45.0081 9128 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:43:45.0163 9128 Wlansvc - ok
07:43:45.0214 9128 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
07:43:45.0262 9128 WmiAcpi - ok
07:43:45.0301 9128 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:43:45.0359 9128 wmiApSrv - ok
07:43:45.0388 9128 WMPNetworkSvc - ok
07:43:45.0425 9128 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:43:45.0501 9128 WPCSvc - ok
07:43:45.0523 9128 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:43:45.0599 9128 WPDBusEnum - ok
07:43:45.0866 9128 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:43:45.0967 9128 WPFFontCache_v0400 - ok
07:43:45.0996 9128 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:43:46.0057 9128 ws2ifsl - ok
07:43:46.0108 9128 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
07:43:46.0131 9128 wscsvc - ok
07:43:46.0137 9128 WSearch - ok
07:43:46.0281 9128 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
07:43:46.0431 9128 wuauserv - ok
07:43:46.0487 9128 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:43:46.0601 9128 WUDFRd - ok
07:43:46.0633 9128 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:43:46.0710 9128 wudfsvc - ok
07:43:46.0751 9128 [ 654F7A9A450F3A19618F53E4888A7692 ] XCOMM C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
07:43:46.0758 9128 XCOMM ( UnsignedFile.Multi.Generic ) - warning
07:43:46.0758 9128 XCOMM - detected UnsignedFile.Multi.Generic (1)
07:43:46.0764 9128 ================ Scan global ===============================
07:43:46.0783 9128 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
07:43:46.0809 9128 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
07:43:46.0848 9128 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
07:43:46.0881 9128 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
07:43:46.0891 9128 [Global] - ok
07:43:46.0892 9128 ================ Scan MBR ==================================
07:43:46.0900 9128 [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
07:43:50.0362 9128 \Device\Harddisk0\DR0 - ok
07:43:50.0363 9128 ================ Scan VBR ==================================
07:43:50.0399 9128 [ 274C9AF179B2F1CAB9B3D10FB136351E ] \Device\Harddisk0\DR0\Partition1
07:43:50.0409 9128 \Device\Harddisk0\DR0\Partition1 - ok
07:43:50.0435 9128 [ DDE409F505314754E3C3285FB8B2D751 ] \Device\Harddisk0\DR0\Partition2
07:43:50.0462 9128 \Device\Harddisk0\DR0\Partition2 - ok
07:43:50.0462 9128 ============================================================
07:43:50.0462 9128 Scan finished
07:43:50.0462 9128 ============================================================
07:43:50.0479 5192 Detected object count: 16
07:43:50.0479 5192 Actual detected object count: 16
07:50:53.0601 5192 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0601 5192 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0604 5192 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0604 5192 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0607 5192 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0607 5192 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0610 5192 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0610 5192 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0612 5192 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0612 5192 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0615 5192 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0615 5192 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0618 5192 LIVESRV ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0618 5192 LIVESRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0620 5192 nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0620 5192 nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0623 5192 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0623 5192 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0626 5192 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0626 5192 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0628 5192 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0629 5192 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0631 5192 scan ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0631 5192 scan ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0634 5192 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0634 5192 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0636 5192 Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0637 5192 Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0639 5192 VSSERV ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0639 5192 VSSERV ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0642 5192 XCOMM ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0642 5192 XCOMM ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:00.0062 3948 Deinitialize success
|
|
22.05.2013, 07:51
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich facebook.vbs? JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2013, 21:16
| #25 |
| | Wie entferne ich facebook.vbs? Nicht wundern, aber das "Junkware Removal Tool" braucht bei mir nur extrem lange, weiß nicht woran das liegt. Okay, als erstes hier die Logfile von JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Nils on 23.05.2013 at 22:49:56,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] icq service
Successfully deleted: [Service] icq service
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
~~~ Registry Keys
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT1460988
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2431245
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Nils\AppData\Local\asktoolbar"
Successfully deleted: [Folder] "C:\Users\Nils\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Failed to delete: [Folder] "C:\Program Files (x86)\askpartnernetwork"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\user.js
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\askcomsearch.xml
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\mystart search.xml
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\search_results.xml
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\softonic.xml
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}"
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchqutoolbar
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\ffxtlbr@babylon.com
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\engine@conduit.com
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\ffxtlbr@incredibar.com
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\toolbar@ask.com
Failed to delete: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}
Successfully deleted the following from C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\prefs.js
user_pref("browser.search.defaultthis.engineName", "ST-de3 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "Ask.com Search");
user_pref("browser.startup.homepage", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=");
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1460988&SearchSource=13,hxxp://search.conduit.com/?ctid=CT1460988&SearchSource=13,hxxp://
user_pref("CommunityToolbar.ConduitSearchList", "Web Search,Web Search,Web Search,Web Search,ST-de3 Customized Web Search,Web Search,ST-de3 Customized Web Search,Web Search,ST
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/10896/10676/DE", "\"0\");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1460988", "\"1359611868\");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", "\"1334580802\");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "G9mW7heT/8xIX1frcduu0A==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "G9mW7heT/8xIX1frcduu0A==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "2E1/v7EfCEDbv3VaBQMELg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "2E1/v7EfCEDbv3VaBQMELg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "k9un27OkAvkwB2ZmvXxTnA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "UgzXjW7BIkfdx+x39Ruv3w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "4BgM4MhF/sOgPsDNmIs3Yw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "4BgM4MhF/sOgPsDNmIs3Yw==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:0\");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1460988", "\"e139de4683379d27a8b98ba428716462\");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245", "\"e139de4683379d27a8b98ba428716462\");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1460988/CT1460988", "\"0735d987176dff3bbb6eef8ad88778063\");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245", "\"d169250793c63879c950ae4d1743944a3\");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"1a3ee3803418ceee8e35120c2f74f3d8\");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"c8f4319f4dedb977709a3febbafe5c53\");
user_pref("CommunityToolbar.globalUserId", "a7b26036-543a-486c-80db-ed48c75c0e48");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2431245");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Nils\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\aave9duk.default\\conduitCommon\\modules\\3.18.0.7");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Apr 16 2013 16:46:39 GMT+0200");
user_pref("CommunityToolbar.notifications.alertEnabled", true);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Apr 16 2013 16:46:43 GMT+0200");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Apr 16 2013 16:46:36 GMT+0200");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "7b784112-21a5-45b1-a94b-155652f5c8f1");
user_pref("CommunityToolbar.originalHomepage", "hxxp://search.chatzum.com");
user_pref("CommunityToolbar.originalSearchEngine", "Ask Search");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=");
user_pref("CommunityToolbar.ToolbarsList", "CT1460988,CT2431245");
user_pref("CommunityToolbar.ToolbarsList2", "CT1460988,CT2431245");
user_pref("CommunityToolbar.ToolbarsList4", "CT1460988,CT2431245");
user_pref("CT1460988..clientLogIsEnabled", false);
user_pref("CT1460988..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT1460988..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT1460988.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT1460988.alertChannelId", "10896");
user_pref("CT1460988.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT1460988.BrowserCompStateIsOpen_1000515", true);
user_pref("CT1460988.BrowserCompStateIsOpen_130040854674636737", true);
user_pref("CT1460988.CommunitiesChangesLastCheckTime", "Tue Apr 16 2013 16:46:29 GMT+0200");
user_pref("CT1460988.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=ToolbarsInfo&ctids=CT1669115,CT1670222,CT1668860,CT1667811,CT16
user_pref("CT1460988.CommunityChanged", true);
user_pref("CT1460988.components.1000515", true);
user_pref("CT1460988.CT1460988", "CT1460988");
user_pref("CT1460988.CT1667811.alertChannelId", "24183");
user_pref("CT1460988.CT1667811.CommunityChanged", true);
user_pref("CT1460988.CT1668860.alertChannelId", "24247");
user_pref("CT1460988.CT1668860.CommunityChanged", true);
user_pref("CT1460988.CT1668889.alertChannelId", "24250");
user_pref("CT1460988.CT1668889.CommunityChanged", true);
user_pref("CT1460988.CT1669100.alertChannelId", "24264");
user_pref("CT1460988.CT1669100.CommunityChanged", true);
user_pref("CT1460988.CT1669115.alertChannelId", "24266");
user_pref("CT1460988.CT1669115.CommunityChanged", true);
user_pref("CT1460988.CT1670222.alertChannelId", "24349");
user_pref("CT1460988.CT1670222.CommunityChanged", true);
user_pref("CT1460988.CT1670245.alertChannelId", "24350");
user_pref("CT1460988.CT1670245.CommunityChanged", true);
user_pref("CT1460988.CT1729581.alertChannelId", "28311");
user_pref("CT1460988.CT1729581.CommunityChanged", true);
user_pref("CT1460988.CT1729585.alertChannelId", "28312");
user_pref("CT1460988.CT1729585.CommunityChanged", true);
user_pref("CT1460988.CT1729587.alertChannelId", "28313");
user_pref("CT1460988.CT1729587.CommunityChanged", true);
user_pref("CT1460988.CT1729593.alertChannelId", "28315");
user_pref("CT1460988.CT1729593.CommunityChanged", true);
user_pref("CT1460988.CT2164362.alertChannelId", "563458");
user_pref("CT1460988.CT2164362.CommunityChanged", true);
user_pref("CT1460988.CT2651538.alertChannelId", "1044202");
user_pref("CT1460988.CT2651538.CommunityChanged", true);
user_pref("CT1460988.CurrentServerDate", "16-4-2013");
user_pref("CT1460988.DialogsAlignMode", "LTR");
user_pref("CT1460988.DialogsGetterLastCheckTime", "Tue Apr 16 2013 16:46:35 GMT+0200");
user_pref("CT1460988.DownloadReferralCookieData", "");
user_pref("CT1460988.DSInstall", true);
user_pref("CT1460988.EMailNotifierPollDate", "Tue Apr 16 2013 16:46:31 GMT+0200");
user_pref("CT1460988.FeedLastCount128460900971181341", 296);
user_pref("CT1460988.FeedPollDate128460898315556274", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.FeedPollDate128460899415556929", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.FeedPollDate128460899564463182", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.FeedPollDate128460899661963361", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.FeedPollDate128460899768994715", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.FeedPollDate128479826070094154", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.FeedTTL128460898315556274", 10);
user_pref("CT1460988.FeedTTL128460899415556929", 5);
user_pref("CT1460988.FeedTTL128460899564463182", 15);
user_pref("CT1460988.FeedTTL128460899661963361", 15);
user_pref("CT1460988.FirstServerDate", "16-4-2013");
user_pref("CT1460988.FirstTime", true);
user_pref("CT1460988.FirstTimeFF3", true);
user_pref("CT1460988.FirstTimeHiddenVer", true);
user_pref("CT1460988.FixPageNotFoundErrors", true);
user_pref("CT1460988.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT1460988.globalFirstTimeInfoLastCheckTime", "Tue Apr 16 2013 16:46:36 GMT+0200");
user_pref("CT1460988.GroupingLastCheckTime", "Tue Apr 16 2013 16:46:29 GMT+0200");
user_pref("CT1460988.GroupingLastErrorCode", "");
user_pref("CT1460988.GroupingLastResponse", true);
user_pref("CT1460988.GroupingLastServerUpdateTime", "130105805552070000");
user_pref("CT1460988.GroupingServerCheckInterval", 1440);
user_pref("CT1460988.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT1460988.HasUserGlobalKeys", true);
user_pref("CT1460988.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13");
user_pref("CT1460988.homepageProtectorEnableByLogin", true);
user_pref("CT1460988.HomePageProtectorEnabled", false);
user_pref("CT1460988.HPChangedManually", true);
user_pref("CT1460988.HPInstall", true);
user_pref("CT1460988.initDone", true);
user_pref("CT1460988.Initialize", true);
user_pref("CT1460988.InitializeCommonPrefs", true);
user_pref("CT1460988.InstallationAndCookieDataSentCount", 1);
user_pref("CT1460988.InstallationType", "Unknown");
user_pref("CT1460988.InstalledDate", "Tue Apr 16 2013 16:46:34 GMT+0200");
user_pref("CT1460988.InvalidateCache", false);
user_pref("CT1460988.isAppTrackingManagerOn", false);
user_pref("CT1460988.isFirstRadioInstallation", false);
user_pref("CT1460988.IsGrouping", true);
user_pref("CT1460988.IsInitSetupIni", true);
user_pref("CT1460988.IsMulticommunity", false);
user_pref("CT1460988.IsOpenThankYouPage", true);
user_pref("CT1460988.IsOpenUninstallPage", true);
user_pref("CT1460988.IsProtectorsInit", true);
user_pref("CT1460988.LanguagePackLastCheckTime", "Tue Apr 16 2013 16:46:34 GMT+0200");
user_pref("CT1460988.LanguagePackReloadIntervalMM", 1440);
user_pref("CT1460988.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT1460988.LastLogin_3.18.0.7", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.LatestVersion", "3.18.0.7");
user_pref("CT1460988.Locale", "en-us");
user_pref("CT1460988.MCDetectTooltipHeight", "83");
user_pref("CT1460988.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT1460988.MCDetectTooltipWidth", "295");
user_pref("CT1460988.myStuffEnabled", true);
user_pref("CT1460988.MyStuffEnabledAtInstallation", true);
user_pref("CT1460988.myStuffPublihserMinWidth", 400);
user_pref("CT1460988.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT1460988.myStuffServiceIntervalMM", 1440);
user_pref("CT1460988.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT1460988.navigateToUrlOnSearch", false);
user_pref("CT1460988.OriginalFirstVersion", "3.18.0.7");
user_pref("CT1460988.RadioIsPodcast", false);
user_pref("CT1460988.RadioLastCheckTime", "Tue Apr 16 2013 16:47:00 GMT+0200");
user_pref("CT1460988.RadioLastUpdateIPServer", "3");
user_pref("CT1460988.RadioLastUpdateServer", "128929877726170000");
user_pref("CT1460988.RadioMediaID", "6820481");
user_pref("CT1460988.RadioMediaType", "Media Player");
user_pref("CT1460988.RadioMenuSelectedID", "EBRadioMenu_CT14609886820481");
user_pref("CT1460988.RadioShrinkedFromSetup", false);
user_pref("CT1460988.RadioStationName", "100.7%20FM%20ICRT");
user_pref("CT1460988.RadioStationURL", "hxxp://live.giga.net.tw/icrt16.asx");
user_pref("CT1460988.revertSettingsEnabled", true);
user_pref("CT1460988.SavedHomepage", "hxxp://search.chatzum.com");
user_pref("CT1460988.SearchCaption", "Web Search");
user_pref("CT1460988.SearchEngineBeforeUnload", "ICQ Search");
user_pref("CT1460988.SearchFromAddressBarIsInit", true);
user_pref("CT1460988.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
user_pref("CT1460988.SearchInNewTabEnabled", true);
user_pref("CT1460988.SearchInNewTabIntervalMM", 1440);
user_pref("CT1460988.SearchInNewTabLastCheckTime", "Tue Apr 16 2013 16:47:02 GMT+0200");
user_pref("CT1460988.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT1460988.searchProtectorDialogDelayInSec", 10);
user_pref("CT1460988.searchProtectorEnableByLogin", true);
user_pref("CT1460988.SearchProtectorEnabled", false);
user_pref("CT1460988.SearchProtectorToolbarDisabled", false);
user_pref("CT1460988.SendProtectorDataViaLogin", true);
user_pref("CT1460988.ServiceMapLastCheckTime", "Tue Apr 16 2013 16:46:30 GMT+0200");
user_pref("CT1460988.SettingsLastCheckTime", "Tue Apr 16 2013 16:46:30 GMT+0200");
user_pref("CT1460988.SettingsLastUpdate", "1366096155");
user_pref("CT1460988.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1460988&SearchSource=13");
user_pref("CT1460988.testingCtid", "");
user_pref("CT1460988.ThirdPartyComponentsInterval", 504);
user_pref("CT1460988.ThirdPartyComponentsLastCheck", "Tue Apr 16 2013 16:46:29 GMT+0200");
user_pref("CT1460988.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT1460988.toolbarAppMetaDataLastCheckTime", "Tue Apr 16 2013 16:46:36 GMT+0200");
user_pref("CT1460988.toolbarContextMenuLastCheckTime", "Tue Apr 16 2013 16:46:34 GMT+0200");
user_pref("CT1460988.ToolbarShrinkedFromSetup", false);
user_pref("CT1460988.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT1460988.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1460988");
user_pref("CT1460988.UserID", "UN58416854245369397");
user_pref("CT1460988.WeatherNetwork", "");
user_pref("CT1460988.WeatherPollDate", "Tue Apr 16 2013 16:47:04 GMT+0200");
user_pref("CT1460988.WeatherUnit", "C");
user_pref("CT2431245..clientLogIsEnabled", true);
user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2431245.alertChannelId", "825452");
user_pref("CT2431245.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2431245.BrowserCompStateIsOpen_1000515", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129453394044193841", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129682601309982614", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129780209672379590", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129790544018252482", true);
user_pref("CT2431245.components.1000234", true);
user_pref("CT2431245.components.1000515", true);
user_pref("CT2431245.CT2431245", "CT2431245");
user_pref("CT2431245.CurrentServerDate", "16-4-2013");
user_pref("CT2431245.DialogsAlignMode", "LTR");
user_pref("CT2431245.DialogsGetterLastCheckTime", "Tue Apr 16 2013 16:46:38 GMT+0200");
user_pref("CT2431245.DownloadReferralCookieData", "");
user_pref("CT2431245.DSChangedManually", false);
user_pref("CT2431245.DSInstall", true);
user_pref("CT2431245.EMailNotifierPollDate", "Tue Apr 16 2013 16:47:00 GMT+0200");
user_pref("CT2431245.FirstServerDate", "16-4-2013");
user_pref("CT2431245.FirstTime", true);
user_pref("CT2431245.FirstTimeFF3", true);
user_pref("CT2431245.FirstTimeHiddenVer", true);
user_pref("CT2431245.FixPageNotFoundErrors", true);
user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2431245.globalFirstTimeInfoLastCheckTime", "Tue Apr 16 2013 16:46:39 GMT+0200");
user_pref("CT2431245.GroupingServerCheckInterval", 1440);
user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2431245.HasUserGlobalKeys", true);
user_pref("CT2431245.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13");
user_pref("CT2431245.homepageProtectorEnableByLogin", true);
user_pref("CT2431245.HomePageProtectorEnabled", true);
user_pref("CT2431245.HPInstall", true);
user_pref("CT2431245.initDone", true);
user_pref("CT2431245.Initialize", true);
user_pref("CT2431245.InitializeCommonPrefs", true);
user_pref("CT2431245.InstallationAndCookieDataSentCount", 1);
user_pref("CT2431245.InstallationType", "Unknown");
user_pref("CT2431245.InstalledDate", "Tue Apr 16 2013 16:47:17 GMT+0200");
user_pref("CT2431245.InvalidateCache", false);
user_pref("CT2431245.isAppTrackingManagerOn", false);
user_pref("CT2431245.isFirstRadioInstallation", false);
user_pref("CT2431245.IsGrouping", false);
user_pref("CT2431245.IsInitSetupIni", true);
user_pref("CT2431245.IsMulticommunity", false);
user_pref("CT2431245.IsOpenThankYouPage", true);
user_pref("CT2431245.IsOpenUninstallPage", true);
user_pref("CT2431245.IsProtectorsInit", true);
user_pref("CT2431245.LanguagePackLastCheckTime", "Tue Apr 16 2013 16:46:39 GMT+0200");
user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2431245.LastLogin_3.18.0.7", "Tue Apr 16 2013 16:47:31 GMT+0200");
user_pref("CT2431245.LatestVersion", "3.18.0.7");
user_pref("CT2431245.Locale", "de-de");
user_pref("CT2431245.MCDetectTooltipHeight", "83");
user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2431245.MCDetectTooltipWidth", "295");
user_pref("CT2431245.myStuffEnabled", true);
user_pref("CT2431245.MyStuffEnabledAtInstallation", true);
user_pref("CT2431245.myStuffPublihserMinWidth", 400);
user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2431245.navigateToUrlOnSearch", false);
user_pref("CT2431245.OriginalFirstVersion", "3.18.0.7");
user_pref("CT2431245.RadioIsPodcast", false);
user_pref("CT2431245.RadioLastCheckTime", "Tue Apr 16 2013 16:47:03 GMT+0200");
user_pref("CT2431245.RadioLastUpdateIPServer", "3");
user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
user_pref("CT2431245.RadioMediaID", "20503672");
user_pref("CT2431245.RadioMediaType", "Media Player");
user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
user_pref("CT2431245.RadioShrinkedFromSetup", false);
user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
user_pref("CT2431245.revertSettingsEnabled", true);
user_pref("CT2431245.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT1460988&SearchSource=13");
user_pref("CT2431245.SearchCaption", "ST-de3 Customized Web Search");
user_pref("CT2431245.SearchEngineBeforeUnload", "ICQ Search");
user_pref("CT2431245.SearchFromAddressBarIsInit", true);
user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
user_pref("CT2431245.SearchInNewTabEnabled", true);
user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
user_pref("CT2431245.SearchInNewTabLastCheckTime", "Tue Apr 16 2013 16:47:35 GMT+0200");
user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2431245.searchProtectorDialogDelayInSec", 10);
user_pref("CT2431245.searchProtectorEnableByLogin", true);
user_pref("CT2431245.SearchProtectorEnabled", true);
user_pref("CT2431245.SearchProtectorToolbarDisabled", false);
user_pref("CT2431245.SendProtectorDataViaLogin", true);
user_pref("CT2431245.ServiceMapLastCheckTime", "Tue Apr 16 2013 16:46:35 GMT+0200");
user_pref("CT2431245.SettingsLastCheckTime", "Tue Apr 16 2013 16:46:35 GMT+0200");
user_pref("CT2431245.SettingsLastUpdate", "1366099981");
user_pref("CT2431245.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13");
user_pref("CT2431245.testingCtid", "");
user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Tue Apr 16 2013 16:46:33 GMT+0200");
user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1331806000");
user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Tue Apr 16 2013 16:46:39 GMT+0200");
user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Tue Apr 16 2013 16:46:38 GMT+0200");
user_pref("CT2431245.ToolbarShrinkedFromSetup", false);
user_pref("CT2431245.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2431245");
user_pref("CT2431245.UserID", "UN88698334109269313");
user_pref("CT2431245.WeatherNetwork", "");
user_pref("CT2431245.WeatherPollDate", "Tue Apr 16 2013 16:47:31 GMT+0200");
user_pref("CT2431245.WeatherUnit", "C");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
user_pref("extensions.asktb.nero.userName", "");
user_pref("extensions.asktb.sa-enabled", "false");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "orgnl");
user_pref("extensions.BabylonToolbar.bbDpng", 16);
user_pref("extensions.BabylonToolbar.dfltLng", "de");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://www.claro-search.com/?affID=114506&tt=5212_3&babsrc=KW_clro&mntrId=b8bf317b000000000000001d72b78b03&q=");
user_pref("extensions.BabylonToolbar.lastDP", 16);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "5.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://www.claro-search.com/?affID=114506&tt=5212_3&babsrc=NT_clro&mntrId=b8bf317b000000000000001d72b78b03");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.propectorlck", 104683625);
user_pref("extensions.BabylonToolbar.smplGrp", "czb");
user_pref("extensions.claro.admin", false);
user_pref("extensions.claro.aflt", "babsst");
user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
user_pref("extensions.claro.autoRvrt", "false");
user_pref("extensions.claro.dfltLng", "en");
user_pref("extensions.claro.excTlbr", false);
user_pref("extensions.claro.id", "b8bf317b000000000000001d72b78b03");
user_pref("extensions.claro.instlDay", "15701");
user_pref("extensions.claro.instlRef", "sst");
user_pref("extensions.claro.prdct", "claro");
user_pref("extensions.claro.prtnrId", "claro");
user_pref("extensions.claro.rvrt", "false");
user_pref("extensions.claro.tlbrId", "claro");
user_pref("extensions.claro.tlbrSrchUrl", "");
user_pref("extensions.claro.vrsn", "1.8.8.5");
user_pref("extensions.claro.vrsni", "1.8.8.5");
user_pref("extensions.claro_i.excTlbr", false);
user_pref("extensions.claro_i.newTab", false);
user_pref("extensions.claro_i.smplGrp", "none");
user_pref("extensions.claro_i.vrsnTs", "1.8.8.518:56:36");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10665");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "b8bf317b000000000000001d72b78b03");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15674");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyVLEVED4&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6OyVLEVED4");
user_pref("extensions.incredibar_i.upn2n", "92262540729902894");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:51:23");
user_pref("extensions.SGT-SAT.hpr", "\"hxxp://de.ask.com/?l=dis&o=APN10375&gct=hp&apn_ptnrs=^AHP&apn_dtid=^YYYYYY^YY^DE&p2=^AHP^YYYYYY^YY^DE&tpid=SGT-SAT&apn_dbr=cr_23.0.1271.
user_pref("extensions.Softonic.admin", false);
user_pref("extensions.Softonic.aflt", "SD");
user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic.dfltLng", "de");
user_pref("extensions.Softonic.dfltSrch", true);
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=");
user_pref("extensions.Softonic.hpOld0", "hxxp://www.giga.de/go/wwr");
user_pref("extensions.Softonic.id", "b8bf317b000000000000001d72b78b03");
user_pref("extensions.Softonic.instlDay", "15744");
user_pref("extensions.Softonic.instlRef", "MOY00009");
user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&q=");
user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=15&cc=");
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.rvrt", "true");
user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
user_pref("extensions.Softonic.tlbrId", "BASEirobinhoodActive");
user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.Softonic.vrsn", "1.8.8.11");
user_pref("extensions.Softonic.vrsni", "1.8.8.11");
user_pref("extensions.Softonic_i.dnsErr", true);
user_pref("extensions.Softonic_i.excTlbr", false);
user_pref("extensions.Softonic_i.hmpg", true);
user_pref("extensions.Softonic_i.newTab", true);
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic_i.vrsnTs", "1.8.8.1120:12:56");
user_pref("id_chatzum_tabpage", "hxxp%3A//search.chatzum.com");
user_pref("browser.search.defaultengine", "Ask.com Search");user_pref("extensions.autoDisableScopes", 0);
user_pref("browser.search.order.1", "Ask.com Search");
user_pref("browser.search.defaultenginename", "Ask.com Search");
~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Folder] C:\Users\Nils\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Folder] C:\Users\Nils\appdata\local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.05.2013 at 22:58:23,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 23/05/2013 um 23:02:17 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Nils - NILS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Nils\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : SearchAnonymizer
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\ChatZum.xml
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\claro.xml
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Public\Desktop\iLivid.lnk
Gelöscht mit Neustart : C:\Program Files (x86)\askpartnernetwork
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Gelöscht mit Neustart : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Gelöscht mit Neustart : C:\Program Files\Babylon
Gelöscht mit Neustart : C:\Program Files\IB Updater
Gelöscht mit Neustart : C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
Gelöscht mit Neustart : C:\ProgramData\APN
Gelöscht mit Neustart : C:\ProgramData\askpartnernetwork
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Gelöscht mit Neustart : C:\ProgramData\ICQ\ICQToolbar
Gelöscht mit Neustart : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Gelöscht mit Neustart : C:\Users\Nils\AppData\Local\askpartnernetwork
Gelöscht mit Neustart : C:\Users\Nils\AppData\Local\PackageAware
Gelöscht mit Neustart : C:\Users\Nils\AppData\Local\Temp\APN
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\Conduit
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\CT1460988
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\CT2269050
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\CT2269050
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\CT2431245
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\CT2431245
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}(232)
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}(233)
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\welcome@toolmin.com
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\OCS
Gelöscht mit Neustart : C:\Windows\Installer\{069B290F-5398-4629-A009-85B4BCB4B1B9}
Gelöscht mit Neustart : C:\Windows\SysWOW64\BrowserProtect
Gelöscht mit Neustart : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\ClaroDirectory
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{069B290F-5398-4629-A009-85B4BCB4B1B9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hblitesa
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchAnonymizer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport2
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\toolplugin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF77B894-4018-47CF-9BD5-95A797500BF6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\9e8c8fb73deb13
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF77B894-4018-47CF-9BD5-95A797500BF6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\9e8c8fb73deb13
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C08C46E5-5B12-49F0-8D07-A5556FB930A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF77B894-4018-47CF-9BD5-95A797500BF6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dcillohgikpecbmgioknapdpcjofaafl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23B12237-08EF-4E8C-8197-1143D456D6C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{543B9157-71D6-41CB-A6CE-1EC27E4F6E09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{069B290F-5398-4629-A009-85B4BCB4B1B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\toolplugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6002.18005
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v5.0.1 (de)
Datei : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\prefs.js
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/10896/10676/DE", "\"0\");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1460988", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1460988",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1460988/CT1460988[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Nils\\AppData\\Roaming\\Mozilla\\Fi[...]
Gelöscht : user_pref("CT1460988.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("extensions.enabledAddons", "HBLite@HBLite.com:11.0.0.0,welcome@toolmin.com:1.03,{AA994882[...]
Gelöscht : user_pref("extensions.SGT-SAT.hpr", "\"hxxp://de.ask.com/?l=dis&o=APN10375&gct=hp&apn_ptnrs=^AHP&apn[...]
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1366123596);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options itb_people itb_zoom_in itb_zoom_out itb_zoom_def[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1366123596");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "136596889513659688951366123596885");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1366123624);
Gelöscht : user_pref("icqtoolbar.version", "1.5.3");
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("id_chatzum.guid", "%7BA567E752-99E3-6BCE-3D77-80F2C40B67B4%7D");
Gelöscht : user_pref("id_chatzum.hiddenvisual", 0);
Gelöscht : user_pref("id_chatzum.searchengine", "Claro%20Search");
Gelöscht : user_pref("id_chatzum.variables.SVar1", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar10", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar2", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar3", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar4", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar5", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar6", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar7", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar8", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar9", "%13");
Gelöscht : user_pref("id_chatzum.variables.Var1", "0");
Gelöscht : user_pref("id_chatzum.variables.Var10", "0");
Gelöscht : user_pref("id_chatzum.variables.Var2", "0");
Gelöscht : user_pref("id_chatzum.variables.Var3", "0");
Gelöscht : user_pref("id_chatzum.variables.Var4", "0");
Gelöscht : user_pref("id_chatzum.variables.Var5", "0");
Gelöscht : user_pref("id_chatzum.variables.Var6", "0");
Gelöscht : user_pref("id_chatzum.variables.Var7", "0");
Gelöscht : user_pref("id_chatzum.variables.Var8", "0");
Gelöscht : user_pref("id_chatzum.variables.Var9", "0");
Gelöscht : user_pref("id_chatzum_installed_version", "1.0.19");
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\Nils\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : Home URL=hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=10&cc=
*************************
AdwCleaner[S1].txt - [33156 octets] - [23/05/2013 23:02:17]
########## EOF - C:\AdwCleaner[S1].txt - [33217 octets] ##########
|
|
23.05.2013, 22:36
| #26 |
| | Wie entferne ich facebook.vbs? Und zu guter letzt die Otl.txt. Hier habe ich es mehrmals versucht so zu befolgen wie du gesagt hattest. Unter "ExtraRegistry" auf "UseSafeList" ist jedes mal bei Starten des QuickScans die Auswahl anstatt auf "UseSafeList" auf "Aus" gesrpungen, gleichzeitig wurden rechts LOP und die andere Auswahlmöglichkeit angewählt. Weiß nicht ob es damti zusammenhängt, auf jeden Fall wurde es nur eine Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2013 23:14:50 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Nils\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 49,24% Memory free 8,19 Gb Paging File | 4,88 Gb Available in Paging File | 59,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,39 Gb Total Space | 230,98 Gb Free Space | 50,72% Space Free | Partition Type: NTFS Drive D: | 456,12 Gb Total Space | 451,24 Gb Free Space | 98,93% Space Free | Partition Type: NTFS Drive H: | 554,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\Nils\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.) PRC - C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.) PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.) PRC - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe () PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll () MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Origin\tufao.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll () MOD - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () ========== Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL) SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (BitDefender S.R.L.) SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L) SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\bin32\nSvcAppFlt.exe () SRV:64bit: - (nSvcIp) -- C:\Program Files\bin32\nSvcIp.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (XCOMM) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe (Microsoft Corporation.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (APNMCP) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.) SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) SRV - (0138341369343265mcinstcleanup) -- C:\Windows\Temp\0138341369343265mcinst.exe (McAfee, Inc.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe () SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys File not found DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software) DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (AswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\DRIVERS\aswNdis.sys (ALWIL Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender SRL) DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7} IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}\InprocServer32 File not found IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D4945464D3126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&k=1 IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{12673EB4-99B0-41F7-875E-8AF34A8DBDC6}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1 IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{126DADF9-F58A-4D86-8AE6-05892ED1C33B}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1 IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{66515FB7-C51B-4C53-B892-DBABC12E4AE8}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1 IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{8FE38B7F-8173-4120-9E7B-9C3558708FC3}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1 IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{AC854C18-2A1E-43f1-8513-0D2F26C796ED}: "URL" = hxxp://home.cloyim.com/search.php?q={searchTerms} IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{BF6ED7AF-0E46-450D-AEA7-F1D08A45EA49}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1 IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms} IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{F2B2F805-CADA-44F4-AD50-988DC1288017}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1 IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.05.23 23:12:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 00:44:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.15 20:19:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.31 21:17:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 15:20:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2010.01.16 19:27:41 | 000,000,000 | ---D | M] [2012.10.17 16:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Extensions [2013.05.23 23:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions [2011.03.17 10:30:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.17 05:22:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(231) [2013.04.16 16:49:41 | 000,363,475 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\toolbar_SGT-SAT@apn.ask.com.xpi [2012.12.27 19:54:54 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.12.12 00:50:44 | 000,002,515 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\ask-search.xml [2010.08.11 15:21:04 | 000,000,791 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\bing.xml [2013.04.10 22:05:31 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-10.xml [2013.04.16 16:46:13 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-11.xml [2011.11.24 23:00:56 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-4.xml [2012.11.20 19:04:06 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-5.xml [2012.12.16 02:50:24 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-6.xml [2013.02.08 21:10:50 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-7.xml [2013.04.08 19:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-8.xml [2013.04.09 21:44:33 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-9.xml [2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.gif [2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.src [2010.08.11 15:21:04 | 000,001,864 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{2F060849-F324-4549-99A5-34B2C483B4B6}.xml [2010.08.11 15:21:04 | 000,002,182 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{B90EEDAF-5392-4D5F-AFF8-842B3A4F4FA9}.xml [2010.08.11 15:21:04 | 000,002,071 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{C644B2D6-694E-49AA-A681-B3FC838377DF}.xml [2012.11.27 16:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.01.22 01:05:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.03.17 10:26:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2012.06.18 00:44:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 File not found (No name found) -- C:\PROGRAM FILES (X86)\HBLITE\BIN\11.0.384.0\FIREFOX\EXTENSIONS [2013.05.23 23:12:01 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2013.03.15 20:19:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{AA994882-F391-4D2E-806F-8908DA4814ED} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{ADFA33FD-16F5-4355-8504-DF4D664CFE83} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\WELCOME@TOOLMIN.COM [2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.19 08:03:04 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012.12.27 18:16:12 | 000,003,341 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.giga.de/go/wwr CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: SiteAdvisor = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_0\ CHR - Extension: avast! WebRep = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2013.05.19 13:21:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEToolbar.dll (Bitdefender) O3 - HKLM\..\Toolbar: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" File not found O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" File not found O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe () O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe (BitDefender) O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setresolution] C:\ACER\config\1680x1050.cmd File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe () O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe File not found O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Akamai NetSession Interface] C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook Update] C:\Users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook.vbs] C:\Users\Nils\AppData\Local\Temp\Facebook.vbs () O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs () O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473A496-9186-4520-9195-B83874FC31F4}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll () O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.01.20 14:01:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.22 21:29:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.22 21:18:07 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.22 20:50:21 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe [2013.05.22 07:04:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe [2013.05.20 09:43:11 | 001,398,856 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe [2013.05.20 09:33:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.19 12:55:23 | 005,066,411 | R--- | C] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe [2013.05.17 23:13:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.17 23:13:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.17 23:13:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.17 23:02:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.17 23:00:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.16 16:14:53 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Clubschwein [2013.05.16 10:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.03.18 23:29:01 | 000,958,464 | ---- | C] (Valve Corporation) -- C:\Program Files\Steam.exe [2010.03.18 23:28:39 | 000,245,760 | ---- | C] (Valve LLC) -- C:\Program Files\WriteMiniDump.exe [2010.03.18 23:28:37 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll ========== Files - Modified Within 30 Days ========== [2013.05.23 23:20:14 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin [2013.05.23 23:08:49 | 000,000,973 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk [2013.05.23 23:06:32 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.23 23:04:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2013.05.23 23:04:58 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.05.23 23:04:26 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.23 23:04:09 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 23:04:09 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 23:04:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.23 22:52:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job [2013.05.23 22:49:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.23 22:45:05 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI [2013.05.23 21:54:07 | 000,002,041 | ---- | M] () -- C:\Users\Nils\Desktop\Google Chrome.lnk [2013.05.23 20:27:32 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job [2013.05.23 19:52:31 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job [2013.05.23 11:27:31 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job [2013.05.22 20:49:47 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe [2013.05.22 20:40:49 | 000,006,836 | ---- | M] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat [2013.05.22 07:35:35 | 000,000,512 | ---- | M] () -- C:\Users\Nils\Desktop\MBR.dat [2013.05.22 06:58:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe [2013.05.21 22:20:21 | 001,567,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.21 22:20:21 | 000,674,722 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.21 22:20:21 | 000,634,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.21 22:20:21 | 000,145,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.21 22:20:21 | 000,119,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.21 20:21:21 | 000,002,655 | ---- | M] () -- C:\Users\Nils\Desktop\Microsoft Office Word 2007.lnk [2013.05.20 09:42:45 | 001,398,856 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe [2013.05.19 13:21:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.18 10:09:31 | 005,066,411 | R--- | M] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe [2013.05.16 10:39:01 | 000,397,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.12 21:14:54 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk [2013.05.12 21:14:53 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2013 - Deutsch (German).lnk [2013.05.02 16:50:34 | 000,030,288 | ---- | M] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg [2013.05.02 16:50:14 | 000,053,070 | ---- | M] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg ========== Files Created - No Company Name ========== [2013.05.22 07:35:35 | 000,000,512 | ---- | C] () -- C:\Users\Nils\Desktop\MBR.dat [2013.05.17 23:13:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.17 23:13:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.17 23:13:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.17 23:13:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.17 23:13:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.13 23:40:33 | 000,000,973 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk [2013.05.07 07:42:25 | 000,006,796 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs [2013.05.02 16:50:33 | 000,030,288 | ---- | C] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg [2013.05.02 16:50:12 | 000,053,070 | ---- | C] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg [2013.04.13 01:21:32 | 000,006,836 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat [2013.03.10 16:02:26 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.10 16:00:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.03.10 16:00:34 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.01.20 15:15:43 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.11.30 18:31:08 | 000,000,835 | ---- | C] () -- C:\Users\Nils\.recently-used.xbel [2011.11.30 16:39:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011.11.30 16:31:13 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.11.30 16:30:58 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.11.17 22:03:04 | 000,000,000 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat [2011.10.01 15:19:17 | 000,000,552 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d8caps.dat [2011.09.11 18:33:40 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini [2011.08.08 23:48:42 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat [2011.01.30 17:07:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.05.17 21:02:30 | 000,073,645 | ---- | C] () -- C:\Users\Nils\fifa10.jpg [2010.03.18 23:29:02 | 000,165,376 | ---- | C] () -- C:\Program Files\UNWISE.EXE [2010.02.05 18:56:37 | 000,018,944 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll ========== LOP Check ========== [2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Acer GameZone Console [2009.12.30 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Atari [2013.01.22 19:08:50 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Autodesk [2010.01.16 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Bitdefender [2011.12.07 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Canneverbe Limited [2010.11.25 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\CMA [2010.03.21 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Common Toolkit Suite [2010.10.18 08:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Diercke Globus Online [2013.05.13 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dropbox [2012.07.19 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DVDVideoSoft [2010.10.13 12:08:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Electronic Arts [2009.12.29 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\eSobi [2010.02.08 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FloodLightGames [2011.03.13 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FMZilla [2011.02.23 01:08:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Free Download Manager [2012.06.29 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\gtk-2.0 [2012.12.27 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\High Speed Download [2013.05.23 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\ICQ [2012.04.29 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Itu [2010.09.08 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\klett [2012.02.24 14:00:48 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\kock [2010.04.03 11:00:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Leadertech [2011.03.28 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\LolClient [2011.11.30 16:46:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\MAGIX [2012.02.09 22:08:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Muba [2010.11.26 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Need for Speed World [2010.05.17 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\OCS [2010.05.17 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Opera [2012.11.30 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Origin [2010.06.14 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Publish Providers [2012.03.15 08:00:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Qaylyz [2010.06.16 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Simply Super Software [2010.06.14 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Sony [2010.06.22 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Trillian [2011.02.05 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TS3Client [2011.05.15 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TubeBox [2012.06.27 17:38:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software [2011.12.24 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Ubisoft [2012.07.19 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Uniblue [2010.08.24 22:04:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\UseNeXT [2012.05.11 21:18:01 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Xaurduo [2010.08.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Bitdefender [2010.12.12 02:06:06 | 000,000,000 | ---D | M] -- C:\Users\TEMP.Nils-PC\AppData\Roaming\Bitdefender ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Nils\Documents\The Louvre Museum - Paris - France.mp4:TOC.WMV @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > |
|
23.05.2013, 22:54
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich facebook.vbs?Fixen mit OTL
Code:
ATTFilter :OTL
SRV - (0138341369343265mcinstcleanup) -- C:\Windows\Temp\0138341369343265mcinst.exe (McAfee, Inc.)
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D4945464D3126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{12673EB4-99B0-41F7-875E-8AF34A8DBDC6}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{126DADF9-F58A-4D86-8AE6-05892ED1C33B}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{66515FB7-C51B-4C53-B892-DBABC12E4AE8}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{8FE38B7F-8173-4120-9E7B-9C3558708FC3}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{AC854C18-2A1E-43f1-8513-0D2F26C796ED}: "URL" = http://home.cloyim.com/search.php?q={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{BF6ED7AF-0E46-450D-AEA7-F1D08A45EA49}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{F2B2F805-CADA-44F4-AD50-988DC1288017}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
[2012.12.12 00:50:44 | 000,002,515 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\ask-search.xml
[2010.08.11 15:21:04 | 000,000,791 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\bing.xml
[2013.04.10 22:05:31 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-10.xml
[2013.04.16 16:46:13 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-11.xml
[2011.11.24 23:00:56 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-4.xml
[2012.11.20 19:04:06 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-5.xml
[2012.12.16 02:50:24 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-6.xml
[2013.02.08 21:10:50 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-7.xml
[2013.04.08 19:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-8.xml
[2013.04.09 21:44:33 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-9.xml
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.gif
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.src
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\WELCOME@TOOLMIN.COM
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
O2 - BHO: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" File not found
O3 - HKLM\..\Toolbar: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" File not found
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" File not found
O4:64bit: - HKLM..\Run: [Setresolution] C:\ACER\config\1680x1050.cmd File not found
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook Update] C:\Users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook.vbs] C:\Users\Nils\AppData\Local\Temp\Facebook.vbs ()
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk = File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.20 14:01:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
[2013.05.22 07:35:35 | 000,000,512 | ---- | M] () -- C:\Users\Nils\Desktop\MBR.dat
[2013.05.13 23:40:33 | 000,000,973 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
[2013.05.07 07:42:25 | 000,006,796 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
[2012.03.15 08:00:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Qaylyz
[2012.05.11 21:18:01 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Xaurduo
[2012.04.29 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Itu
[2012.02.24 14:00:48 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\kock
@Alternate Data Stream - 64 bytes -> C:\Users\Nils\Documents\The Louvre Museum - Paris - France.mp4:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
:Files
C:\Program Files (x86)\AskPartnerNetwork
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2013, 14:37
| #28 |
| | Wie entferne ich facebook.vbs?Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named 0138341369343265mcinstcleanup was found to stop!
Service\Driver key 0138341369343265mcinstcleanup not found.
C:\Windows\Temp\0138341369343265mcinst.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{12673EB4-99B0-41F7-875E-8AF34A8DBDC6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12673EB4-99B0-41F7-875E-8AF34A8DBDC6}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{126DADF9-F58A-4D86-8AE6-05892ED1C33B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{126DADF9-F58A-4D86-8AE6-05892ED1C33B}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{66515FB7-C51B-4C53-B892-DBABC12E4AE8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66515FB7-C51B-4C53-B892-DBABC12E4AE8}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8FE38B7F-8173-4120-9E7B-9C3558708FC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FE38B7F-8173-4120-9E7B-9C3558708FC3}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AC854C18-2A1E-43f1-8513-0D2F26C796ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC854C18-2A1E-43f1-8513-0D2F26C796ED}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BF6ED7AF-0E46-450D-AEA7-F1D08A45EA49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF6ED7AF-0E46-450D-AEA7-F1D08A45EA49}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F2B2F805-CADA-44F4-AD50-988DC1288017}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2B2F805-CADA-44F4-AD50-988DC1288017}\ not found.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\ask-search.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\bing.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.src moved successfully.
File C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5347542D-5341-5400-76A7-7A786E7484D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5347542D-5341-5400-76A7-7A786E7484D7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5347542D-5341-5400-76A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5347542D-5341-5400-76A7-7A786E7484D7}\ not found.
Registry value HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5347542D-5341-5400-76A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5347542D-5341-5400-76A7-7A786E7484D7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setresolution deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook.vbs deleted successfully.
File move failed. C:\Users\Nils\AppData\Local\Temp\Facebook.vbs scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Messenger (Yahoo!) deleted successfully.
C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs moved successfully.
C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
C:\Users\Nils\Desktop\MBR.dat moved successfully.
File C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk not found.
File C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs not found.
C:\Users\Nils\AppData\Roaming\Qaylyz folder moved successfully.
C:\Users\Nils\AppData\Roaming\Xaurduo folder moved successfully.
C:\Users\Nils\AppData\Roaming\Itu folder moved successfully.
C:\Users\Nils\AppData\Roaming\kock folder moved successfully.
ADS C:\Users\Nils\Documents\The Louvre Museum - Paris - France.mp4:TOC.WMV deleted successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
C:\Program Files (x86)\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
c:\Users\Nils\Downloads\cmd.bat deleted successfully.
c:\Users\Nils\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
->Temp folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57616 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Nils
->Temp folder emptied: 37502234 bytes
->Temporary Internet Files folder emptied: 3970652 bytes
->Java cache emptied: 7137410 bytes
->FireFox cache emptied: 69719096 bytes
->Google Chrome cache emptied: 383510248 bytes
->Flash cache emptied: 17354001 bytes
User: Public
->Temp folder emptied: 0 bytes
User: TEMP
->Temp folder emptied: 0 bytes
User: TEMP.Nils-PC
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1319288 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3441220 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 500,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 05242013_092111
Files\Folders moved on Reboot...
C:\Users\Nils\AppData\Local\Temp\Facebook.vbs moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
24.05.2013, 14:41
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich facebook.vbs? Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2013, 15:12
| #30 |
| | Wie entferne ich facebook.vbs? Nur zur Info, war wie bei letztem Otl-Scan. Alles so ausgewählt wie du geschrieben hast, beim Klick auf RunScan springt die Auswahl von UseSafeList auf AUS und in die Felder LOP-Prüfung und Purity-Prüfung. Code:
ATTFilter OTL logfile created on: 24.05.2013 15:56:54 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Nils\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 39,38% Memory free 8,19 Gb Paging File | 4,41 Gb Available in Paging File | 53,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,39 Gb Total Space | 233,76 Gb Free Space | 51,33% Space Free | Partition Type: NTFS Drive D: | 456,12 Gb Total Space | 451,16 Gb Free Space | 98,91% Space Free | Partition Type: NTFS Drive H: | 554,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\Nils\Downloads\OTL.exe (OldTimer Tools) PRC - c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) PRC - C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.) PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.) PRC - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe () PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll () MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Origin\tufao.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll () MOD - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () ========== Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL) SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (BitDefender S.R.L.) SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L) SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\bin32\nSvcAppFlt.exe () SRV:64bit: - (nSvcIp) -- C:\Program Files\bin32\nSvcIp.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (XCOMM) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe (Microsoft Corporation.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe () SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys File not found DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software) DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (AswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\DRIVERS\aswNdis.sys (ALWIL Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender SRL) DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7} IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}\InprocServer32 File not found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.05.24 07:34:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 00:44:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.15 20:19:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.31 21:17:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 15:20:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2010.01.16 19:27:41 | 000,000,000 | ---D | M] [2012.10.17 16:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Extensions [2013.05.23 23:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions [2011.03.17 10:30:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.17 05:22:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(231) [2013.04.16 16:49:41 | 000,363,475 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\toolbar_SGT-SAT@apn.ask.com.xpi [2012.12.27 19:54:54 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2010.08.11 15:21:04 | 000,001,864 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{2F060849-F324-4549-99A5-34B2C483B4B6}.xml [2010.08.11 15:21:04 | 000,002,182 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{B90EEDAF-5392-4D5F-AFF8-842B3A4F4FA9}.xml [2010.08.11 15:21:04 | 000,002,071 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{C644B2D6-694E-49AA-A681-B3FC838377DF}.xml [2012.11.27 16:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.01.22 01:05:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.03.17 10:26:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2012.06.18 00:44:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 File not found (No name found) -- C:\PROGRAM FILES (X86)\HBLITE\BIN\11.0.384.0\FIREFOX\EXTENSIONS [2013.05.24 07:34:47 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2013.03.15 20:19:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{AA994882-F391-4D2E-806F-8908DA4814ED} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{ADFA33FD-16F5-4355-8504-DF4D664CFE83} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\WELCOME@TOOLMIN.COM [2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.19 08:03:04 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012.12.27 18:16:12 | 000,003,341 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.giga.de/go/wwr CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: SiteAdvisor = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\ CHR - Extension: avast! WebRep = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2013.05.24 09:25:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEToolbar.dll (Bitdefender) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe () O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe (BitDefender) O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe () O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe File not found O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [Facebook.vbs] "C:\Users\Nils\AppData\Local\Temp\Facebook.vbs" File not found O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473A496-9186-4520-9195-B83874FC31F4}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll () O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.01.20 14:01:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.24 09:21:11 | 000,000,000 | ---D | C] -- C:\_OTL [2013.05.22 21:29:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.22 21:18:07 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.22 20:50:21 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe [2013.05.22 07:04:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe [2013.05.20 09:43:11 | 001,398,856 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe [2013.05.20 09:33:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.19 12:55:23 | 005,066,411 | R--- | C] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe [2013.05.17 23:13:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.17 23:13:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.17 23:13:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.17 23:02:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.17 23:00:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.16 16:14:53 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Clubschwein [2013.05.16 10:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.03.18 23:29:01 | 000,958,464 | ---- | C] (Valve Corporation) -- C:\Program Files\Steam.exe [2010.03.18 23:28:39 | 000,245,760 | ---- | C] (Valve LLC) -- C:\Program Files\WriteMiniDump.exe [2010.03.18 23:28:37 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll ========== Files - Modified Within 30 Days ========== [2013.05.24 16:01:53 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin [2013.05.24 15:52:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job [2013.05.24 15:49:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.24 15:26:54 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.24 15:26:54 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.24 15:16:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.24 15:16:09 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job [2013.05.24 15:16:09 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job [2013.05.24 15:16:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.24 09:33:16 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.24 09:33:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2013.05.24 09:33:12 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.05.24 09:31:12 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI [2013.05.24 09:25:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.23 21:54:07 | 000,002,041 | ---- | M] () -- C:\Users\Nils\Desktop\Google Chrome.lnk [2013.05.23 19:52:31 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job [2013.05.22 20:49:47 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe [2013.05.22 20:40:49 | 000,006,836 | ---- | M] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat [2013.05.22 06:58:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe [2013.05.21 22:20:21 | 001,567,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.21 22:20:21 | 000,674,722 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.21 22:20:21 | 000,634,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.21 22:20:21 | 000,145,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.21 22:20:21 | 000,119,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.21 20:21:21 | 000,002,655 | ---- | M] () -- C:\Users\Nils\Desktop\Microsoft Office Word 2007.lnk [2013.05.20 09:42:45 | 001,398,856 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe [2013.05.18 10:09:31 | 005,066,411 | R--- | M] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe [2013.05.16 10:39:01 | 000,397,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.12 21:14:54 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk [2013.05.12 21:14:53 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2013 - Deutsch (German).lnk [2013.05.02 16:50:34 | 000,030,288 | ---- | M] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg [2013.05.02 16:50:14 | 000,053,070 | ---- | M] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg ========== Files Created - No Company Name ========== [2013.05.17 23:13:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.17 23:13:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.17 23:13:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.17 23:13:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.17 23:13:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.07 07:42:25 | 000,006,796 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs [2013.05.02 16:50:33 | 000,030,288 | ---- | C] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg [2013.05.02 16:50:12 | 000,053,070 | ---- | C] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg [2013.04.13 01:21:32 | 000,006,836 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat [2013.03.10 16:02:26 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.10 16:00:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.03.10 16:00:34 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.01.20 15:15:43 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.11.30 18:31:08 | 000,000,835 | ---- | C] () -- C:\Users\Nils\.recently-used.xbel [2011.11.30 16:39:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011.11.30 16:31:13 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.11.30 16:30:58 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.11.17 22:03:04 | 000,000,000 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat [2011.10.01 15:19:17 | 000,000,552 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d8caps.dat [2011.09.11 18:33:40 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini [2011.08.08 23:48:42 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat [2011.01.30 17:07:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.05.17 21:02:30 | 000,073,645 | ---- | C] () -- C:\Users\Nils\fifa10.jpg [2010.03.18 23:29:02 | 000,165,376 | ---- | C] () -- C:\Program Files\UNWISE.EXE [2010.02.05 18:56:37 | 000,018,944 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll ========== LOP Check ========== [2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Acer GameZone Console [2009.12.30 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Atari [2013.01.22 19:08:50 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Autodesk [2010.01.16 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Bitdefender [2011.12.07 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Canneverbe Limited [2010.11.25 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\CMA [2010.03.21 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Common Toolkit Suite [2010.10.18 08:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Diercke Globus Online [2013.05.13 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dropbox [2012.07.19 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DVDVideoSoft [2010.10.13 12:08:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Electronic Arts [2009.12.29 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\eSobi [2010.02.08 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FloodLightGames [2011.03.13 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FMZilla [2011.02.23 01:08:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Free Download Manager [2012.06.29 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\gtk-2.0 [2012.12.27 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\High Speed Download [2013.05.24 09:35:04 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\ICQ [2010.09.08 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\klett [2010.04.03 11:00:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Leadertech [2011.03.28 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\LolClient [2011.11.30 16:46:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\MAGIX [2012.02.09 22:08:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Muba [2010.11.26 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Need for Speed World [2010.05.17 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\OCS [2010.05.17 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Opera [2012.11.30 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Origin [2010.06.14 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Publish Providers [2010.06.16 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Simply Super Software [2010.06.14 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Sony [2010.06.22 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Trillian [2011.02.05 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TS3Client [2011.05.15 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TubeBox [2012.06.27 17:38:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software [2011.12.24 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Ubisoft [2012.07.19 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Uniblue [2010.08.24 22:04:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\UseNeXT ========== Purity Check ========== < End of report > |
|
| Themen zu Wie entferne ich facebook.vbs? |
| angezeigt, avast, beitrag, betriebssystem, entfernen, erstellen, facebook.vbs, forum, funktioniert, gelöst, hallo zusammen, hilfe!, neu, neue, neuen, nichts, ordner, problem, problem gelöst, programme, rechner, skriptdatei, stichwort, suche, trojaner, usb geräte, virus, vista, zusammen |
Textbox. 
Linear-Darstellung
