| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Desktop bleibt nach Start Weiß oder Schwarz!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.05.2013, 18:18
| #1 |
 |  Desktop bleibt nach Start Weiß oder Schwarz! Hallo alle zusammen! Bin ganz neu hier und seit gestern fast am durchdrehen. Hab mir glaub ich einen üblen Trojaner eingefangen und bitte um Hilfe. Bis jetzt bin ich eigentlich immer ziemlich verschont geblieben aber ich weiß nicht mehr wie ich das in den Griff bekommen. Habe mir auch schon einige Themen dazu hier im Board durchgelesen und ich glaub mich hat sowas ähnliches wie der Polizei Trojaner erwischt, doch mit ein paar Unterschiede zu anderen Usern. Ich will den Sachverhalt mal so genau wie möglich darstellen: Gestern um die selbe Zeit war ich im Netz unterwegs und plötzlich merkte ich das ein kleines Fenster geöffnet wurde und mein Desktop wurde zuerst Schwarz, danach Weiß. Kurze Zeit reagierte nichts mehr. Ich konnte irgendwie den Task-Manager öffnen und schaute mal nach was für ein Programm das eventuell verursachen konnte, hab aber nichts auffallendes gefunden. ok, danach den Rechner Neugestartet. Bis der Anmeldebildschirm für den Benutzer kommt, Passwort eingegeben... dann Ladet der Rechner kurz und man sieht den Desktop ganz normal mit den Symbolen, für ein paar Sekunden, danach verschwinden die Symbole, dann der Hintergrund und danach ist wieder alles Weiß. Es ist ja alles da, aber irgendwie ist das wie eine Weiße Wand die mich nicht mehr meine Daten usw nutzten lässt. Bei mir kommt auch keine Meldung von Urheberrecht etc , einfach nur Weiß, aber das Problem ist so ähnlich glaub ich oder? Ich hab den Rechner auch für ca. 1 Stunde laufen lassen, ob vielleicht mein Desktop doch mal wieder auftaucht. Doch man sieht nur den Weißen Hintergrund, den Mousecoursor der dauert irgendetwas läd so wie es aussieht. Falls es noch wichtig ist: Ich benutzte Windows Vista 64bit auf dem Infiziertem PC. Mein Glück ist das ich Gottseidank noch ein reines Notebook zur Problembekämpfung habe. Muss auch dazusagen das ich nicht der Profi am Computer bin aber mit euren Tipps die wirklich sehr verständlich angegeben sind könnte ich das auch schaffen! Da jeder ein bisschen ein anderes Problem hat wollte ich nicht blind drauflos experimentieren und noch mehr Schaden anrichten. Bitte Bitte um Hilfe... wäre sehr sehr Dankbar! Grüße |
|
21.05.2013, 18:22
| #2 |
| /// TB-Ausbilder   | Desktop bleibt nach Start Weiß oder Schwarz! Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen. |
|
21.05.2013, 18:24
| #3 |
| /// TB-Ausbilder | Desktop bleibt nach Start Weiß oder Schwarz! Servus,
__________________Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern, abgesicherten Modus und abgesicherten Modus mit Eingabeaufforderung und berichte mir, ob einer dieser Modi funktioniert. |
|
21.05.2013, 18:40
| #4 |
| | Desktop bleibt nach Start Weiß oder Schwarz! Hallo Matthias! Vielen Dank für deine Zeit und der schnellen Antwort. Es funktioniert nur der Abgesicherte Modus mit Eingabeaufforderung. Beim normalen Abgesicherten Modus bzw. mit Netzwerktreibern startet der Rechner Automatisch neu. |
|
21.05.2013, 18:41
| #5 |
| /// TB-Ausbilder | Desktop bleibt nach Start Weiß oder Schwarz! Servus, das hab ich mir fast so gedacht.  Wir führen jetzt OTL im abgesicherten Modus mit Eingabeaufforderung aus. Dazu brauchst du den Zweitrechner und einen USB-Stick. Lade dir auf einem Zweitrechner bitte OTL (von Oldtimer) herunter und speichere es auf einen USB-Stick (nicht in einen Unterordner!).
|
|
21.05.2013, 18:59
| #6 |
| | Desktop bleibt nach Start Weiß oder Schwarz! Danke, Scan läuft schon! Aber wie poste ich dir diese Log Files am besten damit es für dich übersichtlich bleibt? doch nicht einfach kopieren? Sorry , ich frag mal lieber vorher :-/ |
|
22.05.2013, 08:05
| #7 |
| | Desktop bleibt nach Start Weiß oder Schwarz! Guten Morgen! Log hab ich gemacht, ich hoffe dich trifft nicht der Schlag... mir sagt das ganze rein garnichts  OTL Log: Code:
ATTFilter OTL logfile created on: 21.05.2013 19:57:23 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = e:\ 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 11,07 Gb Available Physical Memory | 92,36% Memory free 23,91 Gb Paging File | 23,34 Gb Available in Paging File | 97,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1397,26 Gb Total Space | 360,79 Gb Free Space | 25,82% Space Free | Partition Type: NTFS Drive D: | 4,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 14,96 Gb Total Space | 14,95 Gb Free Space | 99,96% Space Free | Partition Type: FAT32 Computer Name: BERNHARD-PC | User Name: 26041984 | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.21 17:41:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- e:\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc) SRV:64bit: - [2012.06.11 19:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.05.29 16:29:52 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2008.05.24 02:58:53 | 001,040,552 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device) SRV:64bit: - [2008.05.24 02:58:45 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2013.05.15 20:30:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.01.19 13:13:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.13 13:02:36 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.12.26 20:11:04 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.03 22:21:23 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.05.29 16:29:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.05.29 16:29:52 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.05.24 02:58:45 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2008.05.24 02:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxducoms.exe -- (lxdu_device) SRV - [2007.04.13 17:49:00 | 000,101,528 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2007.02.08 16:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys -- (SANDRA) DRV:64bit: - [2013.02.24 17:38:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.01.11 21:03:26 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2012.06.11 20:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.06.11 20:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.06.11 18:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2011.01.08 14:33:42 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07) DRV:64bit: - [2010.11.26 14:52:28 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Treiber\vmm.sys -- (vmm) DRV:64bit: - [2010.11.06 15:29:05 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2010.11.06 15:29:03 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.08.25 16:41:36 | 000,323,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2008.06.17 09:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vcd10bus.sys -- (vcd10bus) DRV:64bit: - [2008.02.05 02:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VMNetSrv.sys -- (VPCNetS2) DRV:64bit: - [2006.11.01 09:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus) DRV - [2012.02.09 13:16:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2004.03.09 12:18:09 | 000,065,504 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.03.09 11:45:49 | 000,077,184 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.appsarefun.info/ IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.appsarefun.info/?l=1&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?affID=121562&tt=gc_&babsrc=HP_ss&mntrId=08A2002618060F9A IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss&mntrId=08A2002618060F9A IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.appsarefun.info/?l=1&q={searchTerms} IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 203.232.208.116:8080 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://search.appsarefun.info/?l=1&q=" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_bad2g&mntrId=08A2002618060F9A" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.01 17:06:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.20 10:16:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Program Files (x86)\AddLyrics\FF\ FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.01 17:06:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.20 10:16:57 | 000,000,000 | ---D | M] [2013.02.07 14:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\26041984\AppData\Roaming\mozilla\Extensions [2013.02.09 17:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\26041984\AppData\Roaming\mozilla\Firefox\Profiles\raip0dwt.default\extensions [2012.10.05 12:37:20 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\26041984\AppData\Roaming\mozilla\Firefox\Profiles\raip0dwt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.01.09 13:42:57 | 000,000,000 | ---D | M] (Download and Sa) -- C:\Users\26041984\AppData\Roaming\mozilla\Firefox\Profiles\raip0dwt.default\extensions\508d07926ab7a@508d07926abb4.com [2013.02.09 17:31:10 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\26041984\AppData\Roaming\mozilla\Firefox\Profiles\raip0dwt.default\extensions\helperbar@helperbar.com [2013.05.18 09:33:08 | 000,006,534 | ---- | M] () -- C:\Users\26041984\AppData\Roaming\mozilla\firefox\profiles\raip0dwt.default\searchplugins\babylon.xml [2013.01.11 21:04:03 | 000,002,432 | ---- | M] () -- C:\Users\26041984\AppData\Roaming\mozilla\firefox\profiles\raip0dwt.default\searchplugins\babylon1.xml [2013.05.18 09:33:08 | 000,006,534 | ---- | M] () -- C:\Users\26041984\AppData\Roaming\mozilla\firefox\profiles\raip0dwt.default\searchplugins\BrowserProtect.xml [2013.02.07 15:17:45 | 000,001,300 | ---- | M] () -- C:\Users\26041984\AppData\Roaming\mozilla\firefox\profiles\raip0dwt.default\searchplugins\claro.xml [2013.02.07 14:51:15 | 000,001,294 | ---- | M] () -- C:\Users\26041984\AppData\Roaming\mozilla\firefox\profiles\raip0dwt.default\searchplugins\delta.xml [2013.02.07 14:55:08 | 000,000,620 | ---- | M] () -- C:\Users\26041984\AppData\Roaming\mozilla\firefox\profiles\raip0dwt.default\searchplugins\WebSearch.xml [2013.02.07 14:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 13:13:46 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\mozilla firefox\extensions\{d060ed6d-48cb-0545-bc2c-3eaa1786e35f} [2013.01.19 13:13:50 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2013.02.07 14:55:08 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.07 14:51:09 | 000,006,531 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.02.07 14:55:08 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.07 14:55:08 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.07 14:55:08 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.17 20:47:45 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2013.01.22 17:54:01 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.07 14:55:08 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_bad2g&mntrId=08A2002618060F9A CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - Extension: QuickShare Widget = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\ CHR - Extension: Google Docs = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Download and Sa = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdcmjepiapeccnjgghnkinnghnamfoi\7.1_0\ CHR - Extension: Google Mail = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (QuickShare WidgetEngine) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (QuickShare WidgetEngine) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (Microsoft Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.0\bh\delta.dll (Delta-search.com) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3:64bit: - HKLM\..\Toolbar: (QuickShare Widget) - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (QuickShare Widget) - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {98474E4F-5229-4CAC-9E28-6D52D992268D} hxxp://kpscddemo.ar-live.de/afc-frontend/main/Setup_AFC_ONLINE_2_7_0_3_STANDARD.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-35B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.153.32.129 213.153.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{584CE6E1-70AE-4C58-A3F4-BE1F299D3089}: DhcpNameServer = 213.153.32.129 213.153.32.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-559995923-1645723752-4187859042-1000 Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-559995923-1645723752-4187859042-1000 Winlogon: Shell - (C:\Users\26041984\AppData\Roaming\skype.dat) - C:\Users\26041984\AppData\Roaming\skype.dat () O24 - Desktop WallPaper: C:\Users\26041984\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\26041984\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O27:64bit: - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\discspeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\firefox.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\infotool.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\ltu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\nero.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\neroburnrights.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\nerohome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\nerorescueagent.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\photosnap.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\photosnapviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pojytc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\recode.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\setupx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\showtime.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\soundtrax.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\waveedit.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\discspeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\firefox.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\infotool.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\ltu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\neroburnrights.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nerohome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nerorescueagent.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\photosnap.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\photosnapviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pojytc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\recode.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\showtime.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\soundtrax.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\waveedit.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.01.21 22:00:00 | 000,000,122 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2011.04.07 18:16:22 | 000,000,101 | ---- | M] () - E:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\{b422589e-592a-11df-ab20-002618060f9a}\Shell\AutoRun\command - "" = G:\PMB_P.exe O33 - MountPoints2\{e065c248-ad88-11de-99d1-002618060f9a}\Shell - "" = AutoRun O33 - MountPoints2\{e065c248-ad88-11de-99d1-002618060f9a}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-559995923-1645723752-4187859042-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.21 19:11:55 | 000,000,000 | ---D | C] -- C:\FRST [2013.05.20 22:32:32 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013.05.20 10:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spectrasonics [2013.05.20 10:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spectrasonics [2013.05.20 10:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\vstplugins [2013.05.17 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\26041984\Documents\Desktop\Drum n Bass Set [2013.05.17 17:44:13 | 000,000,000 | ---D | C] -- C:\Users\26041984\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.05.17 17:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.05.17 17:44:04 | 000,000,000 | ---D | C] -- C:\Users\26041984\AppData\Roaming\BabSolution [2013.05.17 17:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.05.17 17:43:57 | 000,000,000 | ---D | C] -- C:\Users\26041984\AppData\Roaming\Delta [2013.05.16 20:13:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.16 20:13:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.16 20:13:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.16 20:13:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.16 20:13:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.16 20:13:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.16 20:13:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.16 20:13:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.16 20:13:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.16 20:13:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.16 20:13:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.16 20:13:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.16 20:13:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.16 20:13:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.16 20:13:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.15 15:44:59 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.12 18:21:56 | 000,000,000 | ---D | C] -- C:\Users\26041984\AppData\Local\Origin [2013.05.12 18:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.05.12 17:25:30 | 000,000,000 | ---D | C] -- C:\Users\26041984\Documents\Desktop\Dom Rebel Ebay [2013.05.11 18:56:16 | 000,000,000 | ---D | C] -- C:\Users\26041984\Documents\Desktop\Bilder [2013.05.11 15:16:36 | 000,000,000 | ---D | C] -- C:\Users\26041984\Documents\Desktop\N95 Fotos [2013.05.10 22:54:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign [2013.05.10 22:36:09 | 000,000,000 | ---D | C] -- C:\Users\26041984\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinPlug Instruments [2013.05.10 22:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LinPlug Instruments [2013.05.10 20:26:20 | 000,000,000 | ---D | C] -- C:\Users\26041984\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 [2013.05.10 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2 [2013.05.10 20:26:10 | 000,000,000 | ---D | C] -- C:\Users\26041984\Documents\Image-Line [2013.05.10 20:25:54 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm [2013.05.10 20:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim [2013.05.06 14:47:26 | 000,000,000 | ---D | C] -- C:\Users\26041984\Documents\Desktop\Schriften [2013.05.05 22:00:00 | 000,000,000 | ---D | C] -- C:\Users\26041984\Documents\Desktop\Gimp Flyer [2013.05.03 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\26041984\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2013.05.03 20:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2013.04.24 08:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Lx_cats [2013.04.24 08:28:12 | 000,000,000 | ---D | C] -- C:\logs [2013.04.24 08:27:18 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lxdug.dll [2013.04.24 08:25:42 | 000,065,536 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxducfg64.dll [2013.04.24 08:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint [2013.04.24 08:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Toolbar [2013.04.24 08:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Printable Web [2013.04.24 08:25:20 | 000,493,056 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\LXDUwupd.dll [2013.04.24 08:25:20 | 000,019,112 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\LXDUwupd.exe [2013.04.24 08:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series [2013.04.24 08:24:55 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lxdugf.dll [2013.04.24 08:24:55 | 000,524,288 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxduutil.dll [2013.04.24 08:24:55 | 000,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxduinsb.dll [2013.04.24 08:24:55 | 000,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxduins.dll [2013.04.24 08:24:55 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxdujswr.dll [2013.04.24 08:24:55 | 000,126,976 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxdulnks.dll [2013.04.24 08:24:55 | 000,114,688 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxduinsr.dll [2013.04.24 08:24:55 | 000,090,112 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxducub.dll [2013.04.24 08:24:55 | 000,081,920 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxducu.dll [2013.04.24 08:24:55 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxducur.dll [2013.04.24 08:24:54 | 000,077,906 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\LXDUcfg.dll [2013.04.24 08:24:43 | 000,743,936 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxduutil.dll [2013.04.24 08:24:42 | 000,235,520 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxduins.dll [2013.04.24 08:24:42 | 000,183,296 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxduinsb.dll [2013.04.24 08:24:42 | 000,133,120 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxdujswr.dll [2013.04.24 08:24:42 | 000,097,280 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxduinsr.dll [2013.04.24 08:24:41 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lxdugf.dll [2013.04.24 08:24:41 | 000,104,448 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxducu.dll [2013.04.24 08:24:41 | 000,073,216 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxducub.dll [2013.04.24 08:24:41 | 000,023,552 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxducur.dll [2013.04.24 08:24:40 | 000,065,536 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\LXDUcfg.dll [2013.04.24 08:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 5600-6600 Series [2013.04.24 08:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 5600-6600 Series [2011.03.23 20:03:06 | 113,554,016 | ---- | C] (Kaspersky Lab) -- C:\Users\26041984\AppData\Roaming\kis11.0.2.556en.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.21 20:00:10 | 001,721,094 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.21 20:00:10 | 000,735,946 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.21 20:00:10 | 000,677,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.21 20:00:10 | 000,170,202 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.21 20:00:10 | 000,139,866 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.21 19:54:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.21 19:50:05 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.21 19:50:05 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.21 19:40:16 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{CE460A30-D7D3-478B-BB03-DDDADF18B3E8}.job [2013.05.21 19:18:08 | 000,000,732 | ---- | M] () -- C:\Users\26041984\AppData\Local\d3d9caps64.dat [2013.05.21 18:23:46 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.21 18:23:22 | 000,000,004 | ---- | M] () -- C:\Users\26041984\AppData\Roaming\skype.ini [2013.05.20 19:33:52 | 000,002,032 | ---- | M] () -- C:\Users\26041984\AppData\Local\d3d9caps.dat [2013.05.20 18:32:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.20 17:29:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.20 10:16:57 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.05.19 11:13:21 | 000,065,536 | ---- | M] () -- C:\Users\26041984\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.18 10:46:42 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.05.18 10:46:42 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.05.18 10:46:34 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.17 07:18:39 | 005,229,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 20:30:16 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 20:30:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.12 18:19:37 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.05.10 20:26:13 | 000,000,994 | ---- | M] () -- C:\Users\26041984\Documents\Desktop\FL Studio 10.lnk [2013.05.09 17:05:18 | 000,020,194 | ---- | M] () -- C:\Users\26041984\Documents\Desktop\Hotel Tour.odt [2013.05.07 21:15:21 | 000,016,170 | ---- | M] () -- C:\Users\26041984\.recently-used.xbel [2013.04.24 08:28:16 | 000,107,840 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.20 17:51:28 | 000,000,004 | ---- | C] () -- C:\Users\26041984\AppData\Roaming\skype.ini [2013.05.12 18:19:37 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.05.10 20:26:13 | 000,000,994 | ---- | C] () -- C:\Users\26041984\Documents\Desktop\FL Studio 10.lnk [2013.05.07 21:15:21 | 000,016,170 | ---- | C] () -- C:\Users\26041984\.recently-used.xbel [2013.05.06 14:57:36 | 000,020,194 | ---- | C] () -- C:\Users\26041984\Documents\Desktop\Hotel Tour.odt [2013.04.24 08:27:18 | 000,065,632 | ---- | C] () -- C:\Windows\SysNative\lxduprpr.chm [2013.04.24 08:27:17 | 000,617,984 | ---- | C] () -- C:\Windows\SysNative\lxducoin.dll [2013.04.24 08:26:35 | 000,109,056 | ---- | C] () -- C:\Windows\SysNative\lxduvs.dll [2013.04.24 08:25:42 | 001,416,192 | ---- | C] () -- C:\Windows\SysNative\lxdudrs64.dll [2013.04.24 08:25:42 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll [2013.04.24 08:25:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll [2013.04.24 08:25:42 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll [2013.04.24 08:25:42 | 000,054,784 | ---- | C] () -- C:\Windows\SysNative\lxducnv464.dll [2013.04.24 08:25:42 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\lxducaps64.dll [2013.04.24 08:25:24 | 000,000,044 | ---- | C] () -- C:\Windows\SysNative\lxdurwrd.ini [2013.04.24 08:24:56 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll [2013.04.24 08:24:56 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll [2013.04.24 08:24:55 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll [2013.04.24 08:24:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll [2013.04.24 08:24:55 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll [2013.04.24 08:24:55 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll [2013.04.24 08:24:55 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll [2013.04.24 08:24:54 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll [2013.04.24 08:24:54 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll [2013.04.24 08:24:54 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe [2013.04.24 08:24:54 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll [2013.04.24 08:24:54 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll [2013.04.24 08:24:54 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe [2013.04.24 08:24:54 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe [2013.04.24 08:24:54 | 000,001,867 | ---- | C] () -- C:\Windows\SysWow64\lxdu.loc [2013.04.24 08:24:43 | 000,680,960 | ---- | C] ( ) -- C:\Windows\SysNative\LXDUhcp.dll [2013.04.24 08:24:43 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\LXDUinst.dll [2013.04.24 08:24:43 | 000,548,864 | ---- | C] ( ) -- C:\Windows\SysNative\lxduinpa.dll [2013.04.24 08:24:43 | 000,513,024 | ---- | C] ( ) -- C:\Windows\SysNative\lxduiesc.dll [2013.04.24 08:24:43 | 000,107,840 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf [2013.04.24 08:24:42 | 001,660,928 | ---- | C] ( ) -- C:\Windows\SysNative\lxduserv.dll [2013.04.24 08:24:42 | 001,337,344 | ---- | C] ( ) -- C:\Windows\SysNative\lxduusb1.dll [2013.04.24 08:24:42 | 000,982,016 | ---- | C] ( ) -- C:\Windows\SysNative\lxdupmui.dll [2013.04.24 08:24:42 | 000,896,000 | ---- | C] ( ) -- C:\Windows\SysNative\lxdulmpm.dll [2013.04.24 08:24:42 | 000,525,480 | ---- | C] ( ) -- C:\Windows\SysNative\lxduih.exe [2013.04.24 08:24:41 | 001,291,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxducomc.dll [2013.04.24 08:24:41 | 001,090,560 | ---- | C] ( ) -- C:\Windows\SysNative\lxduhbn3.dll [2013.04.24 08:24:41 | 001,040,552 | ---- | C] ( ) -- C:\Windows\SysNative\lxducoms.exe [2013.04.24 08:24:41 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysNative\lxducomm.dll [2013.04.24 08:24:41 | 000,300,032 | ---- | C] () -- C:\Windows\SysNative\lxdugrd.dll [2013.04.24 08:24:40 | 000,614,056 | ---- | C] ( ) -- C:\Windows\SysNative\lxducfg.exe [2013.04.24 08:24:40 | 000,001,867 | ---- | C] () -- C:\Windows\SysNative\lxdu.loc [2013.01.09 23:15:17 | 000,000,000 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.08.31 16:48:02 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.05.22 16:10:01 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\OptCVw7.dll [2012.05.22 16:10:01 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\OptCVm6.dll [2012.05.22 16:10:01 | 000,114,749 | ---- | C] () -- C:\Windows\SysWow64\cxts001.dll [2012.05.22 16:10:01 | 000,057,400 | ---- | C] () -- C:\Windows\SysWow64\trs.dll [2012.05.22 16:10:00 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\OptCVa6.dll [2012.05.22 16:09:57 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\BS_Register.exe [2012.03.26 14:40:06 | 000,017,408 | ---- | C] () -- C:\Users\26041984\AppData\Local\WebpageIcons.db [2012.02.12 19:57:10 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2012.01.20 15:57:35 | 011,481,088 | ---- | C] () -- C:\Users\26041984\AppData\Roaming\Sandra.mdb [2012.01.16 21:58:12 | 000,000,552 | ---- | C] () -- C:\Users\26041984\AppData\Local\d3d8caps.dat [2012.01.11 19:30:30 | 000,098,304 | ---- | C] () -- C:\Users\26041984\AppData\Roaming\skype.dat [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.25 13:10:32 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.25 13:10:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.21 11:20:04 | 000,000,084 | ---- | C] () -- C:\Windows\wininit.ini [2011.07.13 23:37:07 | 000,002,844 | ---- | C] () -- C:\Users\26041984\AppData\Roaming\8E16.F0C [2011.06.06 10:33:26 | 000,000,000 | ---- | C] () -- C:\Users\26041984\AppData\Local\pojytc.exe [2011.06.06 08:08:45 | 000,012,196 | -HS- | C] () -- C:\Users\26041984\AppData\Local\w750dc15gj4lahb7v3a [2011.06.06 08:08:45 | 000,012,196 | -HS- | C] () -- C:\ProgramData\w750dc15gj4lahb7v3a [2011.06.06 08:08:44 | 000,000,000 | -HS- | C] () -- C:\Users\26041984\AppData\Local\hoj.exe [2011.06.05 20:32:58 | 000,000,051 | ---- | C] () -- C:\Users\26041984\AppData\Local\Tempzx58.bat [2011.06.05 20:32:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\sshnas21.dll [2011.03.25 23:09:58 | 000,000,000 | ---- | C] () -- C:\Users\26041984\AppData\Roaming\GD1.exe [2010.08.01 00:16:34 | 000,000,048 | ---- | C] () -- C:\Users\26041984\.gtk-bookmarks [2010.07.13 19:25:38 | 000,002,032 | ---- | C] () -- C:\Users\26041984\AppData\Local\d3d9caps.dat [2010.07.13 14:18:23 | 000,000,000 | ---- | C] () -- C:\Users\26041984\AppData\Roaming\chrtmp [2010.01.25 15:23:32 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.01.25 15:23:32 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E3DE922DB1.sys [2009.09.20 16:59:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.09.06 19:53:48 | 000,065,536 | ---- | C] () -- C:\Users\26041984\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.03 20:12:33 | 000,000,096 | ---- | C] () -- C:\Users\26041984\AppData\Local\fusioncache.dat [2009.08.31 20:35:03 | 000,001,024 | ---- | C] () -- C:\Users\26041984\.rnd [2009.08.31 15:34:54 | 000,000,732 | ---- | C] () -- C:\Users\26041984\AppData\Local\d3d9caps64.dat [2006.06.12 14:09:08 | 000,000,751 | -H-- | C] () -- C:\Users\26041984\AppData\Roaming\logs.dat ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 481 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Extra Log: Code:
ATTFilter OTL Extras logfile created on: 21.05.2013 19:57:23 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = e:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
11,99 Gb Total Physical Memory | 11,07 Gb Available Physical Memory | 92,36% Memory free
23,91 Gb Paging File | 23,34 Gb Available in Paging File | 97,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,26 Gb Total Space | 360,79 Gb Free Space | 25,82% Space Free | Partition Type: NTFS
Drive D: | 4,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 14,96 Gb Total Space | 14,95 Gb Free Space | 99,96% Space Free | Partition Type: FAT32
Computer Name: BERNHARD-PC | User Name: 26041984 | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-559995923-1645723752-4187859042-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Weltbild\Weltbild Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Weltbild Fotoservice] -- "C:\Program Files (x86)\Weltbild\Weltbild Fotoservice\Weltbild Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Weltbild\Weltbild Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Weltbild Fotoservice] -- "C:\Program Files (x86)\Weltbild\Weltbild Fotoservice\Weltbild Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 83 81 A0 C6 C3 5E CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A9C5BE-5526-465F-B746-FEA072FE9E8B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{01FAEA64-6053-43AD-A608-AC577A478E9E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0551118D-B902-4C20-8ECD-7EBF645875B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06B3EF0A-DC0F-47A0-8DE3-BC5FC3419766}" = lport=445 | protocol=6 | dir=in | app=system |
"{1051AF82-8A9A-429C-A36B-1F5DA2252F41}" = rport=138 | protocol=17 | dir=out | app=system |
"{1178AFDE-D800-4A9F-84C6-4C9811DD6DBC}" = lport=53 | protocol=17 | dir=in | name=promo |
"{2C8AFB52-C2E9-4288-922F-3C82306ED479}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{40D1F63C-35E5-4F4F-9C8A-7B174427C54F}" = lport=137 | protocol=17 | dir=in | app=system |
"{45C1D114-4E88-4B44-9701-191B8B6EF01C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4F766484-83FE-4433-AF30-F96E51B042EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DC94742-D6EC-4071-897B-0A9A8B9D439F}" = rport=139 | protocol=6 | dir=out | app=system |
"{63BFC7C7-764F-4F42-9772-939F135E38A5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6BEE04EE-70EA-47FE-A89D-2C8D6443DC5E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C2C8CE7-0E3A-4FA9-A865-DB0CFE7078E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6CBEFBA6-4FC2-4B29-B935-5F82487A745C}" = rport=137 | protocol=17 | dir=out | app=system |
"{709AAE6C-5339-40A7-9E19-407BCB457E7E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1c\rpcagentsrv.exe |
"{761330B4-9CB9-4C02-9376-24A4AE93D815}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A53B3EA-316E-4FBE-A04F-70EE0E1C4E86}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A6D7ED6F-0C87-458C-B48E-70167F683739}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B8D7A857-6C1A-43E2-978E-D918F80D9698}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BE59C4E7-552C-4EDC-929B-741BFACCFD46}" = lport=80 | protocol=6 | dir=in | name=promo |
"{C85CC53D-F35F-405B-879B-7A1B1B72ABED}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CC9341D5-6979-488B-97F5-0C001F701193}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E47A3AB5-4958-438C-AC4B-33DA3160B22F}" = lport=139 | protocol=6 | dir=in | app=system |
"{E589779A-F632-4C4D-9286-2744AAC8E9F7}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1c\wnt500x64\rpcsandrasrv.exe |
"{F60C2ECB-2A04-4118-969A-300BF35F1AC3}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008ECBA6-C7AE-4A9E-8249-8F4DA14CAC0C}" = protocol=17 | dir=in | app=c:\program files (x86)\dead space 3\deadspace3.exe |
"{019A8EE2-9CBC-4560-9CC2-DC43ABF95A14}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{021AA6EE-8408-4050-BFA8-0CC991EBAE99}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{042CC3DC-E0DF-45CA-99C0-ABBA5747F838}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{09BA465F-164D-424C-9BA3-060E946A1DB4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{0B2A81FB-4B4B-4C14-928A-39F71421274F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{0D4BD6C6-A775-43F6-B7F0-41A6A427201D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0DDA0919-A8E9-4E13-B046-AAB0DAFAC2CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{101B9FD1-4317-4CEB-B094-ECF7FA205178}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1422D702-352D-46A0-9F8E-ADC6378C3B59}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1AA440A2-98E1-44C8-95A6-842E98BC7DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{1C3FCBDD-9F3A-4760-9991-F3B4BEE96B57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{1CE7E68C-576D-4CC4-8C5E-3B6107372A88}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1EB8D8AC-0570-4AD3-9482-72EA3B98FBC4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{1EEB4C03-BAF7-45BC-B473-DB464F661B41}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1F2C7BD9-80EE-4BE9-8695-2796FD231E20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{20B15E53-6920-482A-9B85-20F9DE406985}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{20E98FB9-601B-4D15-AAAB-4152A9C800A9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{2A592AF7-B88C-4A2B-84AE-0A00586186FC}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{2E47FF5C-903D-49E6-9E51-7EC3FC45EAA6}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{339FE3FA-78E6-47A2-9020-85C658CA656A}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{38AD968B-B921-40D4-8185-F005862E75F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{39F60736-6B39-474A-A60E-C910700CE482}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{44DF6EDC-D15F-4FF0-ABF8-0049F297B2C2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{44E2E59C-38DB-4DD7-B2B7-62493048C2F3}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{4F23E7FF-921C-48A5-9165-95F093B85296}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5387534E-67A4-4DE2-A537-8C801F70ED01}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{572AA8C1-F502-4FF2-924D-3DBCDCED3FDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{58AFCBFB-96CF-4FF1-887C-FE7E767AC8B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{626C5046-C326-4B28-A58A-D2261D85372D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{65EFC742-0D2E-45C7-853E-5CE0C647CBFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{67A5BA5F-943E-44E3-A119-A74DDACA5095}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{67EC4B95-4CD0-4C67-94C9-2FA22DCA209C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{68839C87-C61D-4F52-8941-7A6580E18DC5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{696D5330-FA39-4CAD-BDE8-32CCB2C0EF33}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{6C013D79-093B-4574-B0DE-2E152C37C7AD}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\singularity(tm)\binaries\singularity.exe |
"{6D96F7BF-A932-4ACE-8D74-B7AE01649143}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E489681-0B13-4DC5-9028-DA9D1E97C0E8}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{72D53D15-4935-4F07-B065-FCB53274EB37}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{7871A8D0-953F-4D7F-8BCA-29CB0385E0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{7C71A42A-1C29-4466-8462-CB1752AAB749}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7E766D89-8843-4D6B-82D5-8B3015698772}" = protocol=6 | dir=in | app=c:\program files (x86)\dead space 3\deadspace3.exe |
"{86A79F65-126B-4465-9A83-851E09368737}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{88CD9395-FA1B-4388-A5BF-D722C97A0EC5}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{8BB8DC36-6529-4D67-9688-8E4A37D5C8C3}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{8F44F797-F100-4E20-8D97-A28D1F6FC379}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{96B7AD79-DD92-430F-AFFF-95261EEA540C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9C4332EA-8B1E-4E8A-A13F-909265CBB32B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D8E05F5-C3B0-4554-837C-A6D4B19DD7D7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{9F114C4E-94E8-45B8-8B98-1F1BBF953C85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9FF2976B-8E69-43AE-8266-F7E0384BCD2C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{A06E951B-2536-468A-8D5A-1AF03F43A27A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{A11FF59D-F5D7-419E-8776-9E0C930C5B16}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\singularity(tm)\binaries\singularity.exe |
"{A5CBA5F8-FE11-4322-AAF6-0E5860B46700}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{AA043BE1-746E-43FF-B758-E656FED02A6D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{AD9BB1C2-C15E-4AE2-AC60-C37084F1E73E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{AF165D08-B71E-48C8-A31F-CE72BB253130}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B1CC4E03-BDFF-4DFD-891F-A456DD2571F0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{C2BC71E6-4BD3-4CC2-8151-815F2670CA4D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{C5B4707B-F05F-4816-B6B1-0BD55B16EAC0}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C5D9726F-F796-48BE-AF11-D47DB8FC5BCF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{CB31C134-72FC-4A91-B4CD-28FF919AA1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CD042E78-B7DB-4C4C-92EF-C60E00FE7C78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{CE599814-AB56-4C17-A4C5-54ED14CA7818}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{D2935BF9-D212-4D9B-AB21-0C0F508DF116}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{D70E6D0E-0402-4A06-9DB4-1E5BCCEAD66A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D711673A-612E-4538-93BE-B90CF5DFEA25}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D74CCD72-719F-4DBA-9521-CA73EA5AF1EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DA398515-9E0A-4029-AF4E-7E0C25D17774}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{DB1B2C29-8415-47C2-A70E-89A6B98069B9}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{E054EF7F-BB06-4B1D-ABC0-0C74D11FC07C}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{E3316986-76FA-4D5D-BD09-F47379478326}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E35C34E9-8A41-46B3-8054-B4A31DB6B83D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{E74A46A5-A0D2-4833-B081-8A1C3F66C2D1}" = dir=in | app=c:\program files (x86)\namco bandai games\darksouls\darksouls.exe |
"{EBBD98BC-C53C-4F44-833D-AAEDF5D443B4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC576EED-4926-4069-93E1-98CFE9992C85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{ED1EF53F-A855-4526-8D51-F9AB8F3BA4B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{F5CDBB41-9938-4BAC-9D58-4E3C40C18933}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F7AF2413-E934-4372-9870-51661A2E8A3B}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{FACE2314-90B4-487D-BA49-330697C201C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FB322ACE-0E0F-4FF1-A600-74B827BF4291}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"TCP Query User{0387AEE8-2225-4BAF-97C0-A14FDC9CB237}C:\users\26041984\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\26041984\appdata\local\akamai\netsession_win.exe |
"TCP Query User{0D2DDE5C-5B65-4D6E-A788-2F6C97CB0303}C:\program files (x86)\thechineseroom\dear esther\dearesther.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thechineseroom\dear esther\dearesther.exe | |
"TCP Query User{23467979-402A-4E2D-A71D-EA5D0F48E4F2}C:\program files (x86)\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty black ops\blackops.exe |
"TCP Query User{7558BB42-5AA8-43ED-9881-6DFD3F5B9208}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{76711AD7-95BB-4DA8-ADD4-768ECFB9548F}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{7F0C6C3D-394C-4E77-83B7-A382D1A8B370}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{817FA09A-4B52-414F-9739-FD299E2758B6}C:\users\26041984\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\26041984\appdata\local\akamai\netsession_win.exe |
"TCP Query User{8C75697C-0114-4BDF-95E4-420281AE6EC4}C:\program files (x86)\steam\steamapps\aeanchopper\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aeanchopper\counter-strike source\hl2.exe |
"TCP Query User{A22C906E-0EF5-4A8F-A8B6-D9524F0DE80B}C:\program files (x86)\electronic arts\crytek\crysis wars\bin32\crysis.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis wars\bin32\crysis.exe |
"TCP Query User{CCEF3904-E555-4C35-A520-41DE6B47B841}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{D028FDB8-B31C-4918-BAE6-058BA01ACC04}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | |
"UDP Query User{2C8B79A0-F4D9-4224-8DE0-61F58155EC76}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{32C9134A-B4FE-4037-97DA-7BEF3C294049}C:\users\26041984\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\26041984\appdata\local\akamai\netsession_win.exe |
"UDP Query User{46A0AC15-7457-4818-A8A4-5F99C2932A97}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{5AD51E01-CF47-4B43-97D0-2B42A76E6D4F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{8924415C-7ADC-4F49-979C-5B4000695A78}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{8B44C48D-E1A9-4B08-AC1D-BF43038A1773}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"UDP Query User{90D25349-5747-4611-8F51-F0231C6F2AD7}C:\program files (x86)\steam\steamapps\aeanchopper\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aeanchopper\counter-strike source\hl2.exe |
"UDP Query User{C7E7ED98-2114-4D8C-8C84-824376F6A449}C:\program files (x86)\thechineseroom\dear esther\dearesther.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thechineseroom\dear esther\dearesther.exe |
"UDP Query User{CFACFB4A-DCDF-4144-9489-C61D30D586D9}C:\program files (x86)\electronic arts\crytek\crysis wars\bin32\crysis.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis wars\bin32\crysis.exe |
"UDP Query User{D8A6D0A8-0D8D-451D-BC66-D3BD9B582FC1}C:\program files (x86)\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty black ops\blackops.exe |
"UDP Query User{E30D40EE-4DB6-4B21-98B2-AB82F78D52E4}C:\users\26041984\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\26041984\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A85E8AD-6CF6-D3D1-2280-420452F5E1EE}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for AMD64 and Intel EM64T
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6EBA183A-EFD3-4FF4-BC00-9A9B97EA7A10}" = MAGIX Speed burnR (MSI)
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DDC742CC-2382-4E49-8B59-A6EC368F94D4}" = PC Connectivity Solution 64-bit components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"OptimizerPro1" = OptimizerPro1
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198573D8-60B3-4BBA-9B35-A8D2AFA8B5C0}" = MAGIX Music Maker 17 Premium (Sound package)
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{23D41E39-79E7-4029-81CD-F23E6F3B9364}" = MAGIX Music Maker MX Premium
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{364687E1-D0CC-4B91-B310-6C5ED28C1031}" = Nero 8
"{36B5C759-4243-48A4-A0C9-CAB0263DFF4C}" = MAGIX Screenshare
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D8D8094-9789-402E-BD28-337343F1DE6F}" = Samplitude Music Studio 17 Download-Version
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision(R)
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{47F6627C-61DD-4191-91C3-2E4077EE7B1F}" = MAGIX Music Maker 17 Premium Download Version
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-07-28
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.5 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B352D3F6-352B-4031-9C79-2C7A26062BBC}" = MAGIX Music Maker 17 Premium (Synthesizer and effects)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF103EDA-7937-4966-8EFB-5EF5C38301F2}" = simplitec simplicheck
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4C27ADB-3345-4299-82F8-9250DFF47156}" = MAGIX Music Maker 17 Premium (Demo songs)
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EEE692AE-E71E-4EA2-BF29-BF70811A6476}" = MAGIX Music Maker MX Premium Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D49A81-DFD1-4580-B7B3-B5990F64C0EC}" = QuickShare
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4884EA7-CF31-4E87-B840-CFE161BD81D3}" = MAGIX Music Maker 17 Premium (Instrument package 3)
"{F8BD7716-7362-4553-9890-378322F2C0CC}" = DENON DJ ASIO Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASIO4ALL" = ASIO4ALL
"AVS Audio Converter_is1" = AVS Audio Converter 7
"AVS Audio Editor_is1" = AVS Audio Editor 7.1
"AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Battlelog Web Plugins" = Battlelog Web Plugins
"Black Mirror 2_is1" = Black Mirror 2
"Black Mirror III_is1" = Black Mirror III
"Black Mirror_is1" = Black Mirror 1.0de
"Call of Duty Black Ops_is1" = Call of Duty Black Ops
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CANONIJPLM100" = PIXMA Extended Survey Program
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"Dear Esther_is1" = Dear Esther
"delta" = Delta toolbar
"DPP" = Canon Utilities Digital Photo Professional 3.8
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"EOS Utility" = Canon Utilities EOS Utility
"ESN Sonar-0.70.4" = ESN Sonar
"FL Studio 10" = FL Studio 10
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.19.1015
"Free Studio_is1" = Free Studio version 5.0.9
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"Game Booster_is1" = Game Booster 3
"GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{362C6A81-4C88-4B26-8C79-B2EE0076F65F}" = Wolfenstein(TM) 1.11 Patch
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity(TM)
"Linplug Albino v2.1" = Linplug Albino v2.1
"Mafia II_is1" = Mafia II
"MAGIX Music Maker 16 Premium Download-Version D" = MAGIX Music Maker 16 Premium Download-Version
"MAGIX_{6EBA183A-EFD3-4FF4-BC00-9A9B97EA7A10}" = MAGIX Speed burnR (MSI)
"MAGIX_MSI_mm17dlx" = MAGIX Music Maker 17 Premium Download Version
"MAGIX_MSI_mm18dlx" = MAGIX Music Maker MX Premium
"MAGIX_MSI_ms17dlx" = Samplitude Music Studio 17 Download-Version
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.47b
"Mster" = Crysis Modification - Mster Config v3.01
"OpenAL" = OpenAL
"Origin" = Origin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PunkBusterSvc" = PunkBuster Services
"Raptr" = Raptr
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Rockstar Games Social Club" = Rockstar Games Social Club
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"TuneUpMedia" = TuneUp 2.4.6.4
"Uninstall_is1" = Uninstall 1.0.0.1
"Uplay" = Uplay
"VLC media player" = VLC media player 1.1.9
"Weltbild Fotoservice" = Weltbild Fotoservice
"WFTK" = Canon Utilities WFT Utility
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-559995923-1645723752-4187859042-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.05.2013 11:23:34 | Computer Name = Bernhard-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul mshtml.dll, Version 9.0.8112.16484, Zeitstempel
0x5186b207, Ausnahmecode 0xc00002b4, Fehleroffset 0x00414f38, Prozess-ID 0x844, Anwendungsstartzeit
01ce56370b523527.
Error - 21.05.2013 11:23:38 | Computer Name = Bernhard-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2013 11:23:57 | Computer Name = Bernhard-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\System32\CanonIJ
Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Windows\System32\CanonIJ Uninstaller
Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 21.05.2013 11:23:57 | Computer Name = Bernhard-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\System32\CanonIJ
Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Windows\System32\CanonIJ Uninstaller
Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 21.05.2013 11:30:12 | Computer Name = Bernhard-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2013 11:50:54 | Computer Name = Bernhard-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2013 12:23:23 | Computer Name = Bernhard-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul mshtml.dll, Version 9.0.8112.16484, Zeitstempel
0x5186b207, Ausnahmecode 0xc00002b4, Fehleroffset 0x00414f38, Prozess-ID 0xb50, Anwendungsstartzeit
01ce563f715a39d8.
Error - 21.05.2013 12:28:06 | Computer Name = Bernhard-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2013 13:41:23 | Computer Name = Bernhard-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2013 13:55:08 | Computer Name = Bernhard-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 21.05.2013 13:55:09 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.05.2013 13:55:09 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.05.2013 13:55:09 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.05.2013 13:55:09 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.05.2013 13:55:09 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.05.2013 13:55:09 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 21.05.2013 13:55:09 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.05.2013 13:55:09 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.05.2013 13:55:09 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.05.2013 13:55:09 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
DANKE!!! |
|
22.05.2013, 14:47
| #8 | |
| /// TB-Ausbilder | Desktop bleibt nach Start Weiß oder Schwarz! Servus, Zitat:
 Mit dem folgenden Fix sollten wir deinen Rechner wieder entsperren. Wichtig: Dein Rechner ist danach noch nicht sauber! Es gibt noch einiges zu tun.  Hinweis: Solltest du deinen wahren Benutzernamen durch "26041984" unkenntlich gemacht haben, dann musst du diese Zahlen wieder durch den richtigen Benutzernamen ersetzen, sonst wird der Fix nicht funktionieren! Erstelle zuerst auf einem Zweitrechner das Fixskript:
|
|
22.05.2013, 15:25
| #9 |
| | Desktop bleibt nach Start Weiß oder Schwarz! super!!! es hat funktioniert und der rechner fährt wieder normal hoch. hier die otl.log file Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-559995923-1645723752-4187859042-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\26041984\AppData\Roaming\skype.dat deleted successfully.
C:\Users\26041984\AppData\Roaming\skype.dat moved successfully.
C:\Users\26041984\AppData\Roaming\skype.ini moved successfully.
C:\ProgramData\ism_0_llatsni.pad moved successfully.
C:\Users\26041984\AppData\Roaming\8E16.F0C moved successfully.
C:\Users\26041984\AppData\Local\pojytc.exe moved successfully.
C:\Users\26041984\AppData\Local\w750dc15gj4lahb7v3a moved successfully.
C:\ProgramData\w750dc15gj4lahb7v3a moved successfully.
C:\Users\26041984\AppData\Local\hoj.exe moved successfully.
C:\Users\26041984\AppData\Local\Tempzx58.bat moved successfully.
C:\Windows\SysWOW64\sshnas21.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: 26041984
->Temp folder emptied: 39056420 bytes
->Temporary Internet Files folder emptied: 2888929660 bytes
->Java cache emptied: 49506297 bytes
->FireFox cache emptied: 234682966 bytes
->Google Chrome cache emptied: 152211960 bytes
->Apple Safari cache emptied: 176284672 bytes
->Flash cache emptied: 215569 bytes
User: All Users
User: AppData
User: Bernhard
->Temp folder emptied: 106283769 bytes
->Temporary Internet Files folder emptied: 47577783 bytes
->Java cache emptied: 13439682 bytes
->Flash cache emptied: 6109 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7777743194 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 909796 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 10.956,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05222013_160743
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
22.05.2013, 15:30
| #10 |
| /// TB-Ausbilder | Desktop bleibt nach Start Weiß oder Schwarz! Servus, super gemacht!  Dann die folgenden Schritte im normalen Modus ausführen: Schritt 1 Scan mit Combofix
AdwCleaner bitte zweimal hintereinander genau so ausführen und beide Logdateien davon posten! Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Bitte poste mit deiner nächsten Antwort
|
|
22.05.2013, 16:28
| #11 |
| | Desktop bleibt nach Start Weiß oder Schwarz! einfach genial wie das hier alles abläuft  so, jetzt zu den logfiles: Combofix: Code:
ATTFilter ComboFix 13-05-22.01 - 26041984 22.05.2013 16:43:44.1.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.12277.10520 [GMT 2:00]
ausgeführt von:: c:\users\26041984\Documents\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\programdata\Download and Sa
c:\programdata\Download and Sa\508d07926ad0a.ocx
c:\programdata\Download and Sa\508d07926ad42.html
c:\programdata\Download and Sa\508d07926ad7b.js
c:\programdata\Download and Sa\data\508d07926ad7b.js
c:\programdata\Download and Sa\data\jsondb.js
c:\programdata\Download and Sa\obdcmjepiapeccnjgghnkinnghnamfoi.crx
c:\programdata\Download and Sa\settings.ini
c:\programdata\E3DE922DB1.sys
C:\Recycle.Bin
c:\users\26041984\AppData\Roaming\Adobe\plugs
c:\users\26041984\AppData\Roaming\Adobe\plugs\mmc10.exe
c:\users\26041984\AppData\Roaming\Adobe\plugs\mmc37.exe
c:\users\26041984\AppData\Roaming\Adobe\plugs\mmc77.exe
c:\users\26041984\AppData\Roaming\Adobe\shed
c:\users\26041984\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-22 bis 2013-05-22 ))))))))))))))))))))))))))))))
.
.
2013-05-22 14:56 . 2013-05-22 14:59 -------- d-----w- c:\users\26041984\AppData\Local\temp
2013-05-21 17:11 . 2013-05-21 17:11 -------- d-----w- C:\FRST
2013-05-20 20:32 . 2013-05-20 20:50 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-05-20 08:20 . 2013-05-20 08:20 -------- d-----w- c:\program files\Spectrasonics
2013-05-20 08:20 . 2013-05-20 08:24 -------- d-----w- c:\program files (x86)\Spectrasonics
2013-05-20 08:09 . 2013-05-20 08:09 -------- d-----w- c:\program files\vstplugins
2013-05-17 15:44 . 2013-05-17 15:44 -------- d-----w- c:\programdata\BrowserProtect
2013-05-17 15:44 . 2013-05-17 15:44 -------- d-----w- c:\users\26041984\AppData\Roaming\BabSolution
2013-05-17 15:43 . 2013-05-17 15:43 -------- d-----w- c:\program files (x86)\Delta
2013-05-17 15:43 . 2013-05-17 15:43 -------- d-----w- c:\users\26041984\AppData\Roaming\Delta
2013-05-16 18:12 . 2013-04-05 01:03 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-05-16 18:12 . 2013-04-05 01:19 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-05-16 17:59 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-16 17:59 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 17:59 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-15 13:45 . 2013-04-09 01:55 2774016 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 13:44 . 2013-04-15 14:17 901496 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 13:44 . 2013-04-13 03:34 47104 ----a-w- c:\windows\system32\cdd.dll
2013-05-12 16:21 . 2013-05-12 16:22 -------- d-----w- c:\users\26041984\AppData\Local\Origin
2013-05-10 20:54 . 2013-05-10 20:54 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
2013-05-10 18:26 . 2013-05-10 18:26 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2013-05-10 18:25 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2013-05-10 18:25 . 2013-05-10 18:25 -------- d-----w- c:\program files (x86)\Outsim
2013-05-08 01:12 . 2013-05-08 01:12 106088 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-05-08 01:12 . 2013-05-08 01:12 106088 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-03 18:52 . 2013-05-03 18:52 -------- d-----w- c:\program files\Unlocker
2013-04-24 06:28 . 2013-05-15 13:37 -------- d-----w- c:\programdata\Lx_cats
2013-04-24 06:28 . 2013-04-24 06:28 -------- d-----w- C:\logs
2013-04-24 06:28 . 2008-05-24 00:17 147456 ----a-w- c:\windows\system32\Spool\prtprocs\x64\lxdudrpp.dll
2013-04-24 06:27 . 2007-10-10 10:27 1462272 ----a-w- c:\windows\system32\lxdug.dll
2013-04-24 06:27 . 2008-04-24 04:34 617984 ----a-w- c:\windows\system32\lxducoin.dll
2013-04-24 06:26 . 2008-05-24 00:17 109056 ----a-w- c:\windows\system32\lxduvs.dll
2013-04-24 06:25 . 2008-05-10 01:42 81920 ----a-w- c:\windows\SysWow64\lxducaps.dll
2013-04-24 06:25 . 2008-05-10 01:42 25600 ----a-w- c:\windows\system32\lxducaps64.dll
2013-04-24 06:25 . 2008-05-10 01:42 1416192 ----a-w- c:\windows\system32\lxdudrs64.dll
2013-04-24 06:25 . 2008-05-10 01:42 1036288 ----a-w- c:\windows\SysWow64\lxdudrs.dll
2013-04-24 06:25 . 2008-05-10 01:29 54784 ----a-w- c:\windows\system32\lxducnv464.dll
2013-04-24 06:25 . 2008-05-10 01:29 69632 ----a-w- c:\windows\SysWow64\lxducnv4.dll
2013-04-24 06:25 . 2008-05-10 01:29 65536 ----a-w- c:\windows\system32\lxducfg64.dll
2013-04-24 06:25 . 2013-04-24 06:25 -------- d-----w- c:\programdata\Ezprint
2013-04-24 06:25 . 2013-04-24 06:25 -------- d-----w- c:\program files (x86)\Lexmark Toolbar
2013-04-24 06:25 . 2013-04-24 06:25 -------- d-----w- c:\program files\Lexmark Printable Web
2013-04-24 06:25 . 2008-05-24 00:58 19112 ----a-w- c:\windows\system32\LXDUwupd.exe
2013-04-24 06:25 . 2008-04-15 23:09 493056 ----a-w- c:\windows\system32\LXDUwupd.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 08:46 . 2011-10-27 09:50 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-05-18 08:46 . 2011-10-25 11:10 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-05-18 08:46 . 2011-10-25 11:10 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-16 18:09 . 2006-11-02 12:35 75016696 ----a-w- c:\windows\system32\mrt.exe
2013-05-15 18:30 . 2012-04-08 13:32 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 18:30 . 2011-05-17 06:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 16:28 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-03-11 13:33 . 2013-04-10 06:48 4691304 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 04:16 . 2013-04-10 06:48 85504 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:48 . 2013-04-10 06:48 75264 ----a-w- c:\windows\system32\smss.exe
2013-03-08 04:18 . 2013-04-10 06:48 451072 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 04:17 . 2013-04-10 06:48 2425344 ----a-w- c:\windows\system32\mstscax.dll
2013-03-08 03:52 . 2013-04-10 06:48 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-03-03 19:13 . 2013-04-10 06:48 1513320 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-02-24 15:38 . 2013-02-24 15:38 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-08 08:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-05-16 12:44 295832 ----a-w- c:\program files (x86)\Delta\delta\1.8.21.0\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.0\deltaTlbr.dll" [2013-05-16 284568]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261249~1.132\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\backitup.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\coverdes.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\discspeed.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\drivespeed.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\infotool.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\ltu.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\nero.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\neroburnrights.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\nerohome.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\neromediahome.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\nerorescueagent.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\neroscoutoptions.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\nerostartsmart.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\nerovision.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\photosnap.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\photosnapviewer.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\pojytc.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\recode.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\setupx.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\showtime.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\skype.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\soundtrax.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\waveedit.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 17:32 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:30]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22 15:22]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22 15:22]
.
2013-05-22 c:\windows\Tasks\OptimizerPro1UpdaterTask{CE460A30-D7D3-478B-BB03-DDDADF18B3E8}.job
- c:\programdata\Premium\OptimizerPro1\OptimizerPro1.exe [2012-10-28 14:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6430208]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://search.appsarefun.info/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 203.232.208.116:8080
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 213.153.32.129 213.153.32.1
DPF: {98474E4F-5229-4CAC-9E28-6D52D992268D} - hxxp://kpscddemo.ar-live.de/afc-frontend/main/Setup_AFC_ONLINE_2_7_0_3_STANDARD.cab
FF - ProfilePath - c:\users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.appsarefun.info/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_bad2g&mntrId=08A2002618060F9A
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 08a2608a000000000000002618060f9a
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15743
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.013:51
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - 08a2608a000000000000002618060f9a
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15743
FF - user.js: extensions.claro.vrsn - 1.8.8.5
FF - user.js: extensions.claro.vrsni - 1.8.8.5
FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.514:17
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - base
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro_i.excTlbr - false
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro.rvrt - false
FF - user.js: extensions.claro_i.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
Toolbar-10 - (no file)
WebBrowser-{9EBE5796-5B84-4BFB-A1FB-914E68D02032} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-559995923-1645723752-4187859042-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-559995923-1645723752-4187859042-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-559995923-1645723752-4187859042-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:e7,f2,7e,de,39,54,26,da,62,e5,ff,3f,da,5a,0f,e8,78,be,b7,4f,7b,eb,ec,
3a,3e,08,d3,b5,14,24,10,9f,64,72,f8,a2,92,60,01,29,7a,ee,ce,44,33,ae,cd,76,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-559995923-1645723752-4187859042-1000\Software\SecuROM\License information*]
"datasecu"=hex:53,fb,fc,e8,fc,5b,a5,2b,16,54,69,33,b0,b0,44,af,a1,66,6d,6c,99,
cd,6a,9d,24,5a,14,c8,61,e4,9f,a9,3c,92,ea,a7,90,ab,13,c9,d9,58,f1,c3,5a,75,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\schtasks.exe
c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-22 17:07:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-05-22 15:07
.
Vor Suchlauf: 14 Verzeichnis(se), 398.740.844.544 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 398.469.681.152 Bytes frei
.
- - End Of File - - 4DEBD74FA68BD876EF7D775A891D09E4
Log 1 Code:
ATTFilter # AdwCleaner v2.301 - Datei am 22/05/2013 um 17:12:21 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : 26041984 - BERNHARD-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\26041984\Documents\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : BrowserProtect
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\searchplugins\claro.xml
Datei Gelöscht : C:\Users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\searchplugins\WebSearch.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Bandoo
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\Plasmoo
Gelöscht mit Neustart : C:\Program Files (x86)\Delta
Gelöscht mit Neustart : C:\ProgramData\~0
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Gelöscht mit Neustart : C:\ProgramData\InstallMate
Gelöscht mit Neustart : C:\ProgramData\Premium
Gelöscht mit Neustart : C:\Users\26041984\AppData\Local\Ad Optimizer (am) v2
Gelöscht mit Neustart : C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Gelöscht mit Neustart : C:\Users\26041984\AppData\Local\Ilivid Player
Gelöscht mit Neustart : C:\Users\26041984\AppData\Local\PackageAware
Gelöscht mit Neustart : C:\Users\26041984\AppData\Local\Smartbar
Gelöscht mit Neustart : C:\Users\26041984\AppData\Local\SwvUpdater
Gelöscht mit Neustart : C:\Users\26041984\AppData\LocalLow\Bandoo
Gelöscht mit Neustart : C:\Users\26041984\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\26041984\AppData\LocalLow\searchquband
Gelöscht mit Neustart : C:\Users\26041984\AppData\LocalLow\ShoppingReport2
Gelöscht mit Neustart : C:\Users\26041984\AppData\LocalLow\Smartbar
Gelöscht mit Neustart : C:\Users\26041984\AppData\Roaming\BabSolution
Gelöscht mit Neustart : C:\Users\26041984\AppData\Roaming\Babylon
Gelöscht mit Neustart : C:\Users\26041984\AppData\Roaming\Bandoo
Gelöscht mit Neustart : C:\Users\26041984\AppData\Roaming\Delta
Gelöscht mit Neustart : C:\Users\26041984\AppData\Roaming\DesktopIconForAmazon
Gelöscht mit Neustart : C:\Users\26041984\AppData\Roaming\dvdvideosoftiehelpers
Gelöscht mit Neustart : C:\Users\26041984\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Gelöscht mit Neustart : C:\Users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\extensions\helperbar@helperbar.com
Gelöscht mit Neustart : C:\Users\26041984\AppData\Roaming\OCS
Gelöscht mit Neustart : C:\Users\26041984\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261249~1.132\{c16c1~1\browserprotect.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ShoppingReport2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F1D49A81-DFD1-4580-B7B3-B5990F64C0EC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\5be8fdbb23ce410
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Bandoo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2422857
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5be8fdbb23ce410
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F1D49A81-DFD1-4580-B7B3-B5990F64C0EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKU\S-1-5-21-559995923-1645723752-4187859042-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\prefs.js
C:\Users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.selectedEngine", "Delta Search");
Gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_b[...]
Gelöscht : user_pref("extensions.508d07926ac26.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "08a2608a000000000000002618060f9a");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15716");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117023&tt=0213_7");
Gelöscht : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.yhs.delta-search.com/?affID=119520&tt[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.220:04:03");
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.autoRvrt", "false");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "08a2608a000000000000002618060f9a");
Gelöscht : user_pref("extensions.claro.instlDay", "15743");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.rvrt", "false");
Gelöscht : user_pref("extensions.claro.tlbrId", "base");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.8.5");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.8.5");
Gelöscht : user_pref("extensions.claro_i.excTlbr", false);
Gelöscht : user_pref("extensions.claro_i.newTab", false);
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.8.514:17:45");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.InstallationThankYouPage", false);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.InstallationTime", 1358870054);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.InstallationUserSettings.searchUserConifrmation", fal[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.InstallationUserSettings.setHomepage", false);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.InstallationUserSettings.setNewTab", false);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.InstallationUserSettings.setSearch", false);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.active", true);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.addressbar", "");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.addressbarenhanced", "");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.backgroundjs", "\n\n/********************************[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.backgroundver", 1);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.can_run_bg_code", true);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.certdomaininstaller", "");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.changeprevious", false);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.cookie.InstallationTime.value", "1358870054");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.description", "Personalizing ads for you");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.domain", "");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.enablesearch", false);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.fbremoteurl", "");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.group", 0);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.homepage", "");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.iframe", false);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.internaldb.Resources_appVer.value", "7");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.internaldb.Resources_lastVersion.value", "2");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.internaldb.Resources_meta.value", "%7B%7D");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.internaldb.Resources_nextCheck.expiration", "Sun Feb [...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.internaldb.Resources_nextCheck.value", "true");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.internaldb.Resources_queue.value", "%7B%7D");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.js", "\n\n /****************************************[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.manifesturl", "");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.name", "Ad Optimizer (am) v2");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.newtab", "");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.opensearch", "");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_1.name", "base");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_1.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_13.name", "CrossriderAppUtils");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_13.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_14.name", "CrossriderUtils");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_14.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_15.code", "(function(f){var u={};var e[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_15.name", "FacebookFFIE");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_15.ver", 1);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_16.name", "FFAppAPIWrapper");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_16.ver", 4);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_17.name", "jQuery");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_17.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_21.name", "debug");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_21.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_22.name", "resources");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_22.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_28.name", "initializer");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_28.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_4.name", "jquery_1_7_1");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_4.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_47.name", "resources_background");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_47.ver", 1);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_64.name", "appApiMessage");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_64.ver", 1);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_72.name", "appApiValidation");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_72.ver", 1);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_78.name", "CrossriderInfo");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins.plugin_78.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins_lists.plugins_0", "4,14,78,16,64,47,72");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,2[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Gelöscht : user_pref("extensions.crossriderapp23030.23030.pluginsversion", 2);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.publisher", "myThings Ltd.");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.searchstatus", 0);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.setnewtab", false);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.settingsurl", "");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.thankyou", "");
Gelöscht : user_pref("extensions.crossriderapp23030.23030.updateinterval", 360);
Gelöscht : user_pref("extensions.crossriderapp23030.23030.ver", 7);
Gelöscht : user_pref("extensions.crossriderapp23030.adsOldValue", -1);
Gelöscht : user_pref("extensions.crossriderapp23030.apps", "23030");
Gelöscht : user_pref("extensions.crossriderapp23030.bic", "13c73812afa7c83d4fec75d3a7ffd624");
Gelöscht : user_pref("extensions.crossriderapp23030.cid", 23030);
Gelöscht : user_pref("extensions.crossriderapp23030.firstrun", false);
Gelöscht : user_pref("extensions.crossriderapp23030.hadappinstalled", true);
Gelöscht : user_pref("extensions.crossriderapp23030.installationdate", 1359147511);
Gelöscht : user_pref("extensions.crossriderapp23030.lastcheck", 22664904);
Gelöscht : user_pref("extensions.crossriderapp23030.lastcheckitem", 22664906);
Gelöscht : user_pref("extensions.crossriderapp23030.modetype", "production");
Gelöscht : user_pref("extensions.crossriderapp23030.reportInstall", true);
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.id", "08a2608a000000000000002618060f9a");
Gelöscht : user_pref("extensions.delta.instlDay", "15743");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.013:51:15");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.2260] : homepage = "hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_bad2g&mntrId=08A20026180[...]
Gelöscht [l.2710] : urls_to_restore_on_startup = ["hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_ba[...]
*************************
AdwCleaner[S1].txt - [35776 octets] - [22/05/2013 17:12:21]
########## EOF - C:\AdwCleaner[S1].txt - [35837 octets] ##########
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 22/05/2013 um 17:17:38 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : 26041984 - BERNHARD-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\26041984\Documents\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\searchplugins\Babylon.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Bandoo
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\Plasmoo
Gelöscht mit Neustart : C:\Program Files (x86)\Delta
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Gelöscht mit Neustart : C:\ProgramData\InstallMate
Gelöscht mit Neustart : C:\ProgramData\Premium
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [35797 octets] - [22/05/2013 17:12:21]
AdwCleaner[S2].txt - [1789 octets] - [22/05/2013 17:17:38]
########## EOF - C:\AdwCleaner[S2].txt - [1849 octets] ##########
|
|
23.05.2013, 10:14
| #12 |
| /// TB-Ausbilder | Desktop bleibt nach Start Weiß oder Schwarz! Servus, sehr gut gemacht. Auf deinem Rechner befinden sich noch ein paar Reste. Diese spüren wir nun auf, damit wir sie im Anschluss dann entfernen können: Schritt 1 (AdwCleaner) bitte im abgesicherten Modus ausführen: Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 und 3 dann bitte wieder im normalen Modus ausführen: Schritt 2 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Schritt 3 Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
Bitte poste mit deiner nächsten Antwort
|
|
23.05.2013, 16:53
| #13 |
| | Desktop bleibt nach Start Weiß oder Schwarz! hallo ... neuer tag neues glück ;-) logfile adwcleaner: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 23/05/2013 um 16:58:07 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : 26041984 - BERNHARD-PC
# Bootmodus : Abgesicherter Modus
# Ausgeführt unter : C:\Users\26041984\Documents\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Program Files (x86)\Bandoo
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\Plasmoo
Gelöscht mit Neustart : C:\Program Files (x86)\Delta
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Gelöscht mit Neustart : C:\ProgramData\InstallMate
Gelöscht mit Neustart : C:\ProgramData\Premium
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\26041984\AppData\Roaming\Mozilla\Firefox\Profiles\raip0dwt.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.93
Datei : C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [35797 octets] - [22/05/2013 17:12:21]
AdwCleaner[S2].txt - [1918 octets] - [22/05/2013 17:17:38]
AdwCleaner[S3].txt - [1500 octets] - [23/05/2013 16:58:07]
########## EOF - C:\AdwCleaner[S3].txt - [1560 octets] ##########
Code:
ATTFilter OTL logfile created on: 23.05.2013 17:05:14 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\26041984\Documents\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 10,24 Gb Available Physical Memory | 85,38% Memory free 23,91 Gb Paging File | 22,23 Gb Available in Paging File | 92,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1397,26 Gb Total Space | 371,40 Gb Free Space | 26,58% Space Free | Partition Type: NTFS Drive D: | 4,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 14,96 Gb Total Space | 14,23 Gb Free Space | 95,11% Space Free | Partition Type: FAT32 Drive F: | 698,46 Gb Total Space | 400,17 Gb Free Space | 57,29% Space Free | Partition Type: FAT32 Computer Name: BERNHARD-PC | User Name: 26041984 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.21 17:41:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\26041984\Documents\Desktop\OTL.exe PRC - [2013.05.15 19:30:26 | 000,813,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe PRC - [2013.05.10 12:23:56 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2012.12.03 22:21:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.09.19 16:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe PRC - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2008.05.30 02:43:46 | 000,458,752 | ---- | M] () -- C:\Programme\Lexmark Printable Web\resource.dll MOD - [2008.05.30 02:43:36 | 000,180,224 | ---- | M] () -- C:\Programme\Lexmark Printable Web\bho.dll ========== Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc) SRV:64bit: - [2012.06.11 19:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.05.29 16:29:52 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2008.05.24 02:58:53 | 001,040,552 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device) SRV:64bit: - [2008.05.24 02:58:45 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2013.05.15 20:30:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.19 13:13:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.13 13:02:36 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.12.26 20:11:04 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.03 22:21:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.05.29 16:29:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.05.29 16:29:52 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.05.24 02:58:45 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2008.05.24 02:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxducoms.exe -- (lxdu_device) SRV - [2007.04.13 17:49:00 | 000,101,528 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2007.02.08 16:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys -- (SANDRA) DRV:64bit: - [2013.02.24 17:38:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.01.11 21:03:26 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2012.06.11 20:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.06.11 20:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.06.11 18:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2011.01.08 14:33:42 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07) DRV:64bit: - [2010.11.26 14:52:28 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\vmm.sys -- (vmm) DRV:64bit: - [2010.11.06 15:29:05 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2010.11.06 15:29:03 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.08.25 16:41:36 | 000,323,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2008.06.17 09:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vcd10bus.sys -- (vcd10bus) DRV:64bit: - [2008.02.05 02:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VMNetSrv.sys -- (VPCNetS2) DRV:64bit: - [2006.11.01 09:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus) DRV - [2012.02.09 13:16:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2004.03.09 12:18:09 | 000,065,504 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.03.09 11:45:49 | 000,077,184 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.appsarefun.info/ IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 203.232.208.116:8080 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://search.appsarefun.info/?l=1&q=" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 17:12:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.20 10:16:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Program Files (x86)\AddLyrics\FF\ FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 17:12:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.20 10:16:57 | 000,000,000 | ---D | M] [2013.02.07 14:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\26041984\AppData\Roaming\mozilla\Extensions [2013.05.22 17:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\26041984\AppData\Roaming\mozilla\Firefox\Profiles\raip0dwt.default\extensions [2012.10.05 12:37:20 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\26041984\AppData\Roaming\mozilla\Firefox\Profiles\raip0dwt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.01.09 13:42:57 | 000,000,000 | ---D | M] (Download and Sa) -- C:\Users\26041984\AppData\Roaming\mozilla\Firefox\Profiles\raip0dwt.default\extensions\508d07926ab7a@508d07926abb4.com [2013.02.07 14:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 13:13:46 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\mozilla firefox\extensions\{d060ed6d-48cb-0545-bc2c-3eaa1786e35f} [2013.01.19 13:13:50 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2013.02.07 14:55:08 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.07 14:55:08 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.07 14:55:08 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.07 14:55:08 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.22 17:54:01 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.07 14:55:08 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - Extension: Google Docs = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Download and Sa = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdcmjepiapeccnjgghnkinnghnamfoi\7.1_0\ CHR - Extension: Google Mail = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.05.22 16:59:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9EBE5796-5B84-4BFB-A1FB-914E68D02032} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {98474E4F-5229-4CAC-9E28-6D52D992268D} hxxp://kpscddemo.ar-live.de/afc-frontend/main/Setup_AFC_ONLINE_2_7_0_3_STANDARD.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-35B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.153.32.129 213.153.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{584CE6E1-70AE-4C58-A3F4-BE1F299D3089}: DhcpNameServer = 213.153.32.129 213.153.32.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\26041984\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\26041984\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27 - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\discspeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\infotool.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\ltu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\neroburnrights.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nerohome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nerorescueagent.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\photosnap.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\photosnapviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pojytc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\recode.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\showtime.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\soundtrax.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\waveedit.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.01.21 22:00:00 | 000,000,122 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2011.04.07 18:16:22 | 000,000,101 | ---- | M] () - E:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2008.11.05 13:19:36 | 000,000,052 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2009.03.03 11:15:40 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.23 17:04:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\26041984\Documents\Desktop\OTL.exe [2013.05.23 08:32:31 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.05.22 17:07:24 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.22 17:07:23 | 000,000,000 | ---D | C] -- C:\Users\26041984\AppData\Local\temp [2013.05.22 16:59:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.22 16:41:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.22 16:41:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.22 16:41:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.22 16:40:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.22 16:40:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.22 16:40:07 | 005,069,782 | R--- | C] (Swearware) -- C:\Users\26041984\Documents\Desktop\ComboFix.exe [2013.05.20 10:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spectrasonics [2013.05.20 10:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spectrasonics [2013.05.20 10:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\vstplugins [2013.05.17 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\26041984\Documents\Desktop\Drum n Bass Set [2013.05.17 17:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.05.17 17:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.05.16 20:13:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.16 20:13:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.16 20:13:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.16 20:13:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.16 20:13:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.16 20:13:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.16 20:13:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.16 20:13:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.16 20:13:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.16 20:13:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.16 20:13:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.16 20:13:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.16 20:13:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.16 20:13:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.16 20:13:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.15 15:44:59 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.12 18:21:56 | 000,000,000 | ---D | C] -- C:\Users\26041984\AppData\Local\Origin [2013.05.12 18:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.05.10 22:54:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign [2013.05.10 22:36:09 | 000,000,000 | ---D | C] -- C:\Users\26041984\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinPlug Instruments [2013.05.10 22:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LinPlug Instruments [2013.05.10 20:26:20 | 000,000,000 | ---D | C] -- C:\Users\26041984\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 [2013.05.10 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2 [2013.05.10 20:26:10 | 000,000,000 | ---D | C] -- C:\Users\26041984\Documents\Image-Line [2013.05.10 20:25:54 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm [2013.05.10 20:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim [2013.05.06 14:47:26 | 000,000,000 | ---D | C] -- C:\Users\26041984\Documents\Schriften [2013.05.05 22:00:00 | 000,000,000 | ---D | C] -- C:\Users\26041984\Documents\Desktop\Gimp Flyer [2013.05.03 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\26041984\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2013.05.03 20:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2013.04.24 08:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Lx_cats [2013.04.24 08:28:12 | 000,000,000 | ---D | C] -- C:\logs [2013.04.24 08:27:18 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lxdug.dll [2013.04.24 08:25:42 | 000,065,536 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxducfg64.dll [2013.04.24 08:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint [2013.04.24 08:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Toolbar [2013.04.24 08:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Printable Web [2013.04.24 08:25:20 | 000,493,056 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\LXDUwupd.dll [2013.04.24 08:25:20 | 000,019,112 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\LXDUwupd.exe [2013.04.24 08:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series [2013.04.24 08:24:55 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lxdugf.dll [2013.04.24 08:24:55 | 000,524,288 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxduutil.dll [2013.04.24 08:24:55 | 000,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxduinsb.dll [2013.04.24 08:24:55 | 000,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxduins.dll [2013.04.24 08:24:55 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxdujswr.dll [2013.04.24 08:24:55 | 000,126,976 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxdulnks.dll [2013.04.24 08:24:55 | 000,114,688 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxduinsr.dll [2013.04.24 08:24:55 | 000,090,112 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxducub.dll [2013.04.24 08:24:55 | 000,081,920 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxducu.dll [2013.04.24 08:24:55 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxducur.dll [2013.04.24 08:24:54 | 000,077,906 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\LXDUcfg.dll [2013.04.24 08:24:43 | 000,743,936 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxduutil.dll [2013.04.24 08:24:42 | 000,235,520 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxduins.dll [2013.04.24 08:24:42 | 000,183,296 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxduinsb.dll [2013.04.24 08:24:42 | 000,133,120 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxdujswr.dll [2013.04.24 08:24:42 | 000,097,280 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxduinsr.dll [2013.04.24 08:24:41 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lxdugf.dll [2013.04.24 08:24:41 | 000,104,448 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxducu.dll [2013.04.24 08:24:41 | 000,073,216 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxducub.dll [2013.04.24 08:24:41 | 000,023,552 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxducur.dll [2013.04.24 08:24:40 | 000,065,536 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\LXDUcfg.dll [2013.04.24 08:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 5600-6600 Series [2013.04.24 08:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 5600-6600 Series [2011.03.23 20:03:06 | 113,554,016 | ---- | C] (Kaspersky Lab) -- C:\Users\26041984\AppData\Roaming\kis11.0.2.556en.exe ========== Files - Modified Within 30 Days ========== [2013.05.23 17:05:41 | 000,165,376 | ---- | M] () -- C:\Users\26041984\Documents\Desktop\SystemLook_x64.exe [2013.05.23 17:00:57 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.23 17:00:52 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{CE460A30-D7D3-478B-BB03-DDDADF18B3E8}.job [2013.05.23 17:00:38 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 17:00:38 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 17:00:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.23 16:58:19 | 000,002,811 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.05.23 16:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.23 16:29:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.23 09:37:36 | 001,721,094 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.23 09:37:36 | 000,737,648 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.23 09:37:36 | 000,678,674 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.23 09:37:36 | 000,170,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.23 09:37:36 | 000,140,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 20:30:13 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.05.22 20:30:13 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.05.22 20:29:39 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.22 16:59:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.22 16:47:56 | 000,632,031 | ---- | M] () -- C:\Users\26041984\Documents\Desktop\adwcleaner.exe [2013.05.22 16:37:24 | 005,069,782 | R--- | M] (Swearware) -- C:\Users\26041984\Documents\Desktop\ComboFix.exe [2013.05.21 19:18:08 | 000,000,732 | ---- | M] () -- C:\Users\26041984\AppData\Local\d3d9caps64.dat [2013.05.21 17:41:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\26041984\Documents\Desktop\OTL.exe [2013.05.20 19:33:52 | 000,002,032 | ---- | M] () -- C:\Users\26041984\AppData\Local\d3d9caps.dat [2013.05.20 10:16:57 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.05.19 11:13:21 | 000,065,536 | ---- | M] () -- C:\Users\26041984\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.17 07:18:39 | 005,229,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 20:30:16 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 20:30:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.12 18:19:37 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.05.10 20:26:13 | 000,000,994 | ---- | M] () -- C:\Users\26041984\Documents\Desktop\FL Studio 10.lnk [2013.05.07 21:15:21 | 000,016,170 | ---- | M] () -- C:\Users\26041984\.recently-used.xbel [2013.04.24 08:28:16 | 000,107,840 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf ========== Files Created - No Company Name ========== [2013.05.23 17:05:41 | 000,165,376 | ---- | C] () -- C:\Users\26041984\Documents\Desktop\SystemLook_x64.exe [2013.05.22 17:12:28 | 000,002,811 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.05.22 17:11:50 | 000,632,031 | ---- | C] () -- C:\Users\26041984\Documents\Desktop\adwcleaner.exe [2013.05.22 16:41:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.22 16:41:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.22 16:41:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.22 16:41:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.22 16:41:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.12 18:19:37 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.05.10 20:26:13 | 000,000,994 | ---- | C] () -- C:\Users\26041984\Documents\Desktop\FL Studio 10.lnk [2013.05.07 21:15:21 | 000,016,170 | ---- | C] () -- C:\Users\26041984\.recently-used.xbel [2013.04.24 08:27:18 | 000,065,632 | ---- | C] () -- C:\Windows\SysNative\lxduprpr.chm [2013.04.24 08:27:17 | 000,617,984 | ---- | C] () -- C:\Windows\SysNative\lxducoin.dll [2013.04.24 08:26:35 | 000,109,056 | ---- | C] () -- C:\Windows\SysNative\lxduvs.dll [2013.04.24 08:25:42 | 001,416,192 | ---- | C] () -- C:\Windows\SysNative\lxdudrs64.dll [2013.04.24 08:25:42 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll [2013.04.24 08:25:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll [2013.04.24 08:25:42 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll [2013.04.24 08:25:42 | 000,054,784 | ---- | C] () -- C:\Windows\SysNative\lxducnv464.dll [2013.04.24 08:25:42 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\lxducaps64.dll [2013.04.24 08:25:24 | 000,000,044 | ---- | C] () -- C:\Windows\SysNative\lxdurwrd.ini [2013.04.24 08:24:56 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll [2013.04.24 08:24:56 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll [2013.04.24 08:24:55 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll [2013.04.24 08:24:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll [2013.04.24 08:24:55 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll [2013.04.24 08:24:55 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll [2013.04.24 08:24:55 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll [2013.04.24 08:24:54 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll [2013.04.24 08:24:54 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll [2013.04.24 08:24:54 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe [2013.04.24 08:24:54 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll [2013.04.24 08:24:54 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll [2013.04.24 08:24:54 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe [2013.04.24 08:24:54 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe [2013.04.24 08:24:54 | 000,001,867 | ---- | C] () -- C:\Windows\SysWow64\lxdu.loc [2013.04.24 08:24:43 | 000,680,960 | ---- | C] ( ) -- C:\Windows\SysNative\LXDUhcp.dll [2013.04.24 08:24:43 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\LXDUinst.dll [2013.04.24 08:24:43 | 000,548,864 | ---- | C] ( ) -- C:\Windows\SysNative\lxduinpa.dll [2013.04.24 08:24:43 | 000,513,024 | ---- | C] ( ) -- C:\Windows\SysNative\lxduiesc.dll [2013.04.24 08:24:43 | 000,107,840 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf [2013.04.24 08:24:42 | 001,660,928 | ---- | C] ( ) -- C:\Windows\SysNative\lxduserv.dll [2013.04.24 08:24:42 | 001,337,344 | ---- | C] ( ) -- C:\Windows\SysNative\lxduusb1.dll [2013.04.24 08:24:42 | 000,982,016 | ---- | C] ( ) -- C:\Windows\SysNative\lxdupmui.dll [2013.04.24 08:24:42 | 000,896,000 | ---- | C] ( ) -- C:\Windows\SysNative\lxdulmpm.dll [2013.04.24 08:24:42 | 000,525,480 | ---- | C] ( ) -- C:\Windows\SysNative\lxduih.exe [2013.04.24 08:24:41 | 001,291,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxducomc.dll [2013.04.24 08:24:41 | 001,090,560 | ---- | C] ( ) -- C:\Windows\SysNative\lxduhbn3.dll [2013.04.24 08:24:41 | 001,040,552 | ---- | C] ( ) -- C:\Windows\SysNative\lxducoms.exe [2013.04.24 08:24:41 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysNative\lxducomm.dll [2013.04.24 08:24:41 | 000,300,032 | ---- | C] () -- C:\Windows\SysNative\lxdugrd.dll [2013.04.24 08:24:40 | 000,614,056 | ---- | C] ( ) -- C:\Windows\SysNative\lxducfg.exe [2013.04.24 08:24:40 | 000,001,867 | ---- | C] () -- C:\Windows\SysNative\lxdu.loc [2013.01.09 23:15:17 | 000,000,000 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.05.22 16:10:01 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\OptCVw7.dll [2012.05.22 16:10:01 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\OptCVm6.dll [2012.05.22 16:10:01 | 000,114,749 | ---- | C] () -- C:\Windows\SysWow64\cxts001.dll [2012.05.22 16:10:01 | 000,057,400 | ---- | C] () -- C:\Windows\SysWow64\trs.dll [2012.05.22 16:10:00 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\OptCVa6.dll [2012.05.22 16:09:57 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\BS_Register.exe [2012.03.26 14:40:06 | 000,017,408 | ---- | C] () -- C:\Users\26041984\AppData\Local\WebpageIcons.db [2012.02.12 19:57:10 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2012.01.20 15:57:35 | 011,481,088 | ---- | C] () -- C:\Users\26041984\AppData\Roaming\Sandra.mdb [2012.01.16 21:58:12 | 000,000,552 | ---- | C] () -- C:\Users\26041984\AppData\Local\d3d8caps.dat [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.25 13:10:32 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.25 13:10:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.21 11:20:04 | 000,000,084 | ---- | C] () -- C:\Windows\wininit.ini [2011.03.25 23:09:58 | 000,000,000 | ---- | C] () -- C:\Users\26041984\AppData\Roaming\GD1.exe [2010.08.01 00:16:34 | 000,000,048 | ---- | C] () -- C:\Users\26041984\.gtk-bookmarks [2010.07.13 19:25:38 | 000,002,032 | ---- | C] () -- C:\Users\26041984\AppData\Local\d3d9caps.dat [2010.07.13 14:18:23 | 000,000,000 | ---- | C] () -- C:\Users\26041984\AppData\Roaming\chrtmp [2010.01.25 15:23:32 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.09.20 16:59:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.09.06 19:53:48 | 000,065,536 | ---- | C] () -- C:\Users\26041984\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.03 20:12:33 | 000,000,096 | ---- | C] () -- C:\Users\26041984\AppData\Local\fusioncache.dat [2009.08.31 20:35:03 | 000,001,024 | ---- | C] () -- C:\Users\26041984\.rnd [2009.08.31 15:34:54 | 000,000,732 | ---- | C] () -- C:\Users\26041984\AppData\Local\d3d9caps64.dat [2006.06.12 14:09:08 | 000,000,751 | -H-- | C] () -- C:\Users\26041984\AppData\Roaming\logs.dat ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 481 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.05.2013 17:05:14 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\26041984\Documents\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
11,99 Gb Total Physical Memory | 10,24 Gb Available Physical Memory | 85,38% Memory free
23,91 Gb Paging File | 22,23 Gb Available in Paging File | 92,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,26 Gb Total Space | 371,40 Gb Free Space | 26,58% Space Free | Partition Type: NTFS
Drive D: | 4,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 14,96 Gb Total Space | 14,23 Gb Free Space | 95,11% Space Free | Partition Type: FAT32
Drive F: | 698,46 Gb Total Space | 400,17 Gb Free Space | 57,29% Space Free | Partition Type: FAT32
Computer Name: BERNHARD-PC | User Name: 26041984 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Weltbild\Weltbild Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Weltbild Fotoservice] -- "C:\Program Files (x86)\Weltbild\Weltbild Fotoservice\Weltbild Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Weltbild\Weltbild Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Weltbild Fotoservice] -- "C:\Program Files (x86)\Weltbild\Weltbild Fotoservice\Weltbild Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 83 81 A0 C6 C3 5E CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A9C5BE-5526-465F-B746-FEA072FE9E8B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{01FAEA64-6053-43AD-A608-AC577A478E9E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0551118D-B902-4C20-8ECD-7EBF645875B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06B3EF0A-DC0F-47A0-8DE3-BC5FC3419766}" = lport=445 | protocol=6 | dir=in | app=system |
"{1051AF82-8A9A-429C-A36B-1F5DA2252F41}" = rport=138 | protocol=17 | dir=out | app=system |
"{1178AFDE-D800-4A9F-84C6-4C9811DD6DBC}" = lport=53 | protocol=17 | dir=in | name=promo |
"{2C8AFB52-C2E9-4288-922F-3C82306ED479}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{40D1F63C-35E5-4F4F-9C8A-7B174427C54F}" = lport=137 | protocol=17 | dir=in | app=system |
"{45C1D114-4E88-4B44-9701-191B8B6EF01C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4F766484-83FE-4433-AF30-F96E51B042EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DC94742-D6EC-4071-897B-0A9A8B9D439F}" = rport=139 | protocol=6 | dir=out | app=system |
"{63BFC7C7-764F-4F42-9772-939F135E38A5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6BEE04EE-70EA-47FE-A89D-2C8D6443DC5E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C2C8CE7-0E3A-4FA9-A865-DB0CFE7078E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6CBEFBA6-4FC2-4B29-B935-5F82487A745C}" = rport=137 | protocol=17 | dir=out | app=system |
"{709AAE6C-5339-40A7-9E19-407BCB457E7E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1c\rpcagentsrv.exe |
"{761330B4-9CB9-4C02-9376-24A4AE93D815}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A53B3EA-316E-4FBE-A04F-70EE0E1C4E86}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A6D7ED6F-0C87-458C-B48E-70167F683739}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B8D7A857-6C1A-43E2-978E-D918F80D9698}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BE59C4E7-552C-4EDC-929B-741BFACCFD46}" = lport=80 | protocol=6 | dir=in | name=promo |
"{C85CC53D-F35F-405B-879B-7A1B1B72ABED}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CC9341D5-6979-488B-97F5-0C001F701193}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E47A3AB5-4958-438C-AC4B-33DA3160B22F}" = lport=139 | protocol=6 | dir=in | app=system |
"{E589779A-F632-4C4D-9286-2744AAC8E9F7}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1c\wnt500x64\rpcsandrasrv.exe |
"{F60C2ECB-2A04-4118-969A-300BF35F1AC3}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008ECBA6-C7AE-4A9E-8249-8F4DA14CAC0C}" = protocol=17 | dir=in | app=c:\program files (x86)\dead space 3\deadspace3.exe |
"{019A8EE2-9CBC-4560-9CC2-DC43ABF95A14}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{021AA6EE-8408-4050-BFA8-0CC991EBAE99}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{042CC3DC-E0DF-45CA-99C0-ABBA5747F838}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{09BA465F-164D-424C-9BA3-060E946A1DB4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{0B2A81FB-4B4B-4C14-928A-39F71421274F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{0D4BD6C6-A775-43F6-B7F0-41A6A427201D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0DDA0919-A8E9-4E13-B046-AAB0DAFAC2CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{101B9FD1-4317-4CEB-B094-ECF7FA205178}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1422D702-352D-46A0-9F8E-ADC6378C3B59}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1AA440A2-98E1-44C8-95A6-842E98BC7DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{1C3FCBDD-9F3A-4760-9991-F3B4BEE96B57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{1CE7E68C-576D-4CC4-8C5E-3B6107372A88}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1EB8D8AC-0570-4AD3-9482-72EA3B98FBC4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{1EEB4C03-BAF7-45BC-B473-DB464F661B41}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1F2C7BD9-80EE-4BE9-8695-2796FD231E20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{20B15E53-6920-482A-9B85-20F9DE406985}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{20E98FB9-601B-4D15-AAAB-4152A9C800A9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{2A592AF7-B88C-4A2B-84AE-0A00586186FC}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{2E47FF5C-903D-49E6-9E51-7EC3FC45EAA6}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{339FE3FA-78E6-47A2-9020-85C658CA656A}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{38AD968B-B921-40D4-8185-F005862E75F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{39F60736-6B39-474A-A60E-C910700CE482}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{44DF6EDC-D15F-4FF0-ABF8-0049F297B2C2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{44E2E59C-38DB-4DD7-B2B7-62493048C2F3}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{4F23E7FF-921C-48A5-9165-95F093B85296}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5387534E-67A4-4DE2-A537-8C801F70ED01}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{572AA8C1-F502-4FF2-924D-3DBCDCED3FDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{58AFCBFB-96CF-4FF1-887C-FE7E767AC8B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{626C5046-C326-4B28-A58A-D2261D85372D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{65EFC742-0D2E-45C7-853E-5CE0C647CBFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{67A5BA5F-943E-44E3-A119-A74DDACA5095}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{67EC4B95-4CD0-4C67-94C9-2FA22DCA209C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{68839C87-C61D-4F52-8941-7A6580E18DC5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{696D5330-FA39-4CAD-BDE8-32CCB2C0EF33}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{6C013D79-093B-4574-B0DE-2E152C37C7AD}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\singularity(tm)\binaries\singularity.exe |
"{6D96F7BF-A932-4ACE-8D74-B7AE01649143}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E489681-0B13-4DC5-9028-DA9D1E97C0E8}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{72D53D15-4935-4F07-B065-FCB53274EB37}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{7871A8D0-953F-4D7F-8BCA-29CB0385E0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{7C71A42A-1C29-4466-8462-CB1752AAB749}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7E766D89-8843-4D6B-82D5-8B3015698772}" = protocol=6 | dir=in | app=c:\program files (x86)\dead space 3\deadspace3.exe |
"{86A79F65-126B-4465-9A83-851E09368737}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{88CD9395-FA1B-4388-A5BF-D722C97A0EC5}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{8BB8DC36-6529-4D67-9688-8E4A37D5C8C3}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{8F44F797-F100-4E20-8D97-A28D1F6FC379}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{8FF12F8B-8688-4509-AB9E-93BFB31F3626}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{96B7AD79-DD92-430F-AFFF-95261EEA540C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9C4332EA-8B1E-4E8A-A13F-909265CBB32B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D8E05F5-C3B0-4554-837C-A6D4B19DD7D7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{9F114C4E-94E8-45B8-8B98-1F1BBF953C85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9FF2976B-8E69-43AE-8266-F7E0384BCD2C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{A06E951B-2536-468A-8D5A-1AF03F43A27A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{A11FF59D-F5D7-419E-8776-9E0C930C5B16}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\singularity(tm)\binaries\singularity.exe |
"{A5CBA5F8-FE11-4322-AAF6-0E5860B46700}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{AA043BE1-746E-43FF-B758-E656FED02A6D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{AD9BB1C2-C15E-4AE2-AC60-C37084F1E73E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{AF165D08-B71E-48C8-A31F-CE72BB253130}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B1CC4E03-BDFF-4DFD-891F-A456DD2571F0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{C2BC71E6-4BD3-4CC2-8151-815F2670CA4D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{C5B4707B-F05F-4816-B6B1-0BD55B16EAC0}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C5D9726F-F796-48BE-AF11-D47DB8FC5BCF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{CB31C134-72FC-4A91-B4CD-28FF919AA1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CD042E78-B7DB-4C4C-92EF-C60E00FE7C78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{CE599814-AB56-4C17-A4C5-54ED14CA7818}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{D2935BF9-D212-4D9B-AB21-0C0F508DF116}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{D53735B0-6CD3-47C3-BE2F-3E680ABBEA28}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{D70E6D0E-0402-4A06-9DB4-1E5BCCEAD66A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D711673A-612E-4538-93BE-B90CF5DFEA25}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D74CCD72-719F-4DBA-9521-CA73EA5AF1EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DA398515-9E0A-4029-AF4E-7E0C25D17774}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{DB1B2C29-8415-47C2-A70E-89A6B98069B9}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{E054EF7F-BB06-4B1D-ABC0-0C74D11FC07C}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{E3316986-76FA-4D5D-BD09-F47379478326}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E35C34E9-8A41-46B3-8054-B4A31DB6B83D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{E74A46A5-A0D2-4833-B081-8A1C3F66C2D1}" = dir=in | app=c:\program files (x86)\namco bandai games\darksouls\darksouls.exe |
"{EBBD98BC-C53C-4F44-833D-AAEDF5D443B4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC576EED-4926-4069-93E1-98CFE9992C85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{ED1EF53F-A855-4526-8D51-F9AB8F3BA4B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{F5CDBB41-9938-4BAC-9D58-4E3C40C18933}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F7AF2413-E934-4372-9870-51661A2E8A3B}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{FACE2314-90B4-487D-BA49-330697C201C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FB322ACE-0E0F-4FF1-A600-74B827BF4291}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"TCP Query User{0387AEE8-2225-4BAF-97C0-A14FDC9CB237}C:\users\26041984\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\26041984\appdata\local\akamai\netsession_win.exe |
"TCP Query User{0D2DDE5C-5B65-4D6E-A788-2F6C97CB0303}C:\program files (x86)\thechineseroom\dear esther\dearesther.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thechineseroom\dear esther\dearesther.exe |
"TCP Query User{13BFF485-CC2F-4182-9EB3-CD4DC9E4F275}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{23467979-402A-4E2D-A71D-EA5D0F48E4F2}C:\program files (x86)\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty black ops\blackops.exe |
"TCP Query User{7558BB42-5AA8-43ED-9881-6DFD3F5B9208}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{76711AD7-95BB-4DA8-ADD4-768ECFB9548F}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{7F0C6C3D-394C-4E77-83B7-A382D1A8B370}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{817FA09A-4B52-414F-9739-FD299E2758B6}C:\users\26041984\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\26041984\appdata\local\akamai\netsession_win.exe |
"TCP Query User{8C75697C-0114-4BDF-95E4-420281AE6EC4}C:\program files (x86)\steam\steamapps\aeanchopper\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aeanchopper\counter-strike source\hl2.exe |
"TCP Query User{9CEBB7E8-BD95-4ACB-B15D-31168A475697}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{A22C906E-0EF5-4A8F-A8B6-D9524F0DE80B}C:\program files (x86)\electronic arts\crytek\crysis wars\bin32\crysis.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis wars\bin32\crysis.exe |
"TCP Query User{CCEF3904-E555-4C35-A520-41DE6B47B841}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{D028FDB8-B31C-4918-BAE6-058BA01ACC04}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"TCP Query User{FF6EA699-AF67-4E0A-BBCE-8B32D8526FE3}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{2C8B79A0-F4D9-4224-8DE0-61F58155EC76}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{2D55BA3B-DD4F-4736-8649-0AF9273C1285}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{32C9134A-B4FE-4037-97DA-7BEF3C294049}C:\users\26041984\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\26041984\appdata\local\akamai\netsession_win.exe |
"UDP Query User{46A0AC15-7457-4818-A8A4-5F99C2932A97}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{5AD51E01-CF47-4B43-97D0-2B42A76E6D4F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{8924415C-7ADC-4F49-979C-5B4000695A78}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{8B44C48D-E1A9-4B08-AC1D-BF43038A1773}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"UDP Query User{8C65EDE7-4656-40A1-A50C-EC6E066AF099}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{90D25349-5747-4611-8F51-F0231C6F2AD7}C:\program files (x86)\steam\steamapps\aeanchopper\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aeanchopper\counter-strike source\hl2.exe |
"UDP Query User{C7E7ED98-2114-4D8C-8C84-824376F6A449}C:\program files (x86)\thechineseroom\dear esther\dearesther.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thechineseroom\dear esther\dearesther.exe |
"UDP Query User{CFACFB4A-DCDF-4144-9489-C61D30D586D9}C:\program files (x86)\electronic arts\crytek\crysis wars\bin32\crysis.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis wars\bin32\crysis.exe |
"UDP Query User{D2C5561F-A4D8-4F68-BFAB-C5E6B0D85918}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{D8A6D0A8-0D8D-451D-BC66-D3BD9B582FC1}C:\program files (x86)\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty black ops\blackops.exe |
"UDP Query User{E30D40EE-4DB6-4B21-98B2-AB82F78D52E4}C:\users\26041984\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\26041984\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A85E8AD-6CF6-D3D1-2280-420452F5E1EE}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for AMD64 and Intel EM64T
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6EBA183A-EFD3-4FF4-BC00-9A9B97EA7A10}" = MAGIX Speed burnR (MSI)
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DDC742CC-2382-4E49-8B59-A6EC368F94D4}" = PC Connectivity Solution 64-bit components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"OptimizerPro1" = OptimizerPro1
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198573D8-60B3-4BBA-9B35-A8D2AFA8B5C0}" = MAGIX Music Maker 17 Premium (Sound package)
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{23D41E39-79E7-4029-81CD-F23E6F3B9364}" = MAGIX Music Maker MX Premium
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{364687E1-D0CC-4B91-B310-6C5ED28C1031}" = Nero 8
"{36B5C759-4243-48A4-A0C9-CAB0263DFF4C}" = MAGIX Screenshare
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D8D8094-9789-402E-BD28-337343F1DE6F}" = Samplitude Music Studio 17 Download-Version
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision(R)
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{47F6627C-61DD-4191-91C3-2E4077EE7B1F}" = MAGIX Music Maker 17 Premium Download Version
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-07-28
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.5 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B352D3F6-352B-4031-9C79-2C7A26062BBC}" = MAGIX Music Maker 17 Premium (Synthesizer and effects)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF103EDA-7937-4966-8EFB-5EF5C38301F2}" = simplitec simplicheck
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4C27ADB-3345-4299-82F8-9250DFF47156}" = MAGIX Music Maker 17 Premium (Demo songs)
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EEE692AE-E71E-4EA2-BF29-BF70811A6476}" = MAGIX Music Maker MX Premium Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4884EA7-CF31-4E87-B840-CFE161BD81D3}" = MAGIX Music Maker 17 Premium (Instrument package 3)
"{F8BD7716-7362-4553-9890-378322F2C0CC}" = DENON DJ ASIO Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASIO4ALL" = ASIO4ALL
"AVS Audio Converter_is1" = AVS Audio Converter 7
"AVS Audio Editor_is1" = AVS Audio Editor 7.1
"AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Battlelog Web Plugins" = Battlelog Web Plugins
"Black Mirror 2_is1" = Black Mirror 2
"Black Mirror III_is1" = Black Mirror III
"Black Mirror_is1" = Black Mirror 1.0de
"Call of Duty Black Ops_is1" = Call of Duty Black Ops
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CANONIJPLM100" = PIXMA Extended Survey Program
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dear Esther_is1" = Dear Esther
"DPP" = Canon Utilities Digital Photo Professional 3.8
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"EOS Utility" = Canon Utilities EOS Utility
"ESN Sonar-0.70.4" = ESN Sonar
"FL Studio 10" = FL Studio 10
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.19.1015
"Free Studio_is1" = Free Studio version 5.0.9
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"Game Booster_is1" = Game Booster 3
"GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{362C6A81-4C88-4B26-8C79-B2EE0076F65F}" = Wolfenstein(TM) 1.11 Patch
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity(TM)
"Linplug Albino v2.1" = Linplug Albino v2.1
"Mafia II_is1" = Mafia II
"MAGIX Music Maker 16 Premium Download-Version D" = MAGIX Music Maker 16 Premium Download-Version
"MAGIX_{6EBA183A-EFD3-4FF4-BC00-9A9B97EA7A10}" = MAGIX Speed burnR (MSI)
"MAGIX_MSI_mm17dlx" = MAGIX Music Maker 17 Premium Download Version
"MAGIX_MSI_mm18dlx" = MAGIX Music Maker MX Premium
"MAGIX_MSI_ms17dlx" = Samplitude Music Studio 17 Download-Version
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.47b
"Mster" = Crysis Modification - Mster Config v3.01
"OpenAL" = OpenAL
"Origin" = Origin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PunkBusterSvc" = PunkBuster Services
"Raptr" = Raptr
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Rockstar Games Social Club" = Rockstar Games Social Club
"Soulseek2" = SoulSeek 157 NS 13
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"TuneUpMedia" = TuneUp 2.4.6.4
"Uninstall_is1" = Uninstall 1.0.0.1
"Uplay" = Uplay
"VLC media player" = VLC media player 1.1.9
"Weltbild Fotoservice" = Weltbild Fotoservice
"WFTK" = Canon Utilities WFT Utility
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.05.2013 10:57:36 | Computer Name = Bernhard-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 23.05.2013 11:01:50 | Computer Name = Bernhard-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.05.2013 11:02:22 | Computer Name = Bernhard-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\System32\CanonIJ
Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Windows\System32\CanonIJ Uninstaller
Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 23.05.2013 11:02:22 | Computer Name = Bernhard-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\System32\CanonIJ
Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Windows\System32\CanonIJ Uninstaller
Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 23.05.2013 11:03:03 | Computer Name = Bernhard-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Error - 23.05.2013 11:03:03 | Computer Name = Bernhard-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Error - 23.05.2013 11:03:03 | Computer Name = Bernhard-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Error - 23.05.2013 11:03:03 | Computer Name = Bernhard-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Error - 23.05.2013 11:03:04 | Computer Name = Bernhard-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 23.05.2013 11:03:04 | Computer Name = Bernhard-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
[ System Events ]
Error - 23.05.2013 10:56:30 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.05.2013 10:56:30 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.05.2013 10:56:37 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.05.2013 11:00:03 | Computer Name = Bernhard-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 23.05.2013 11:01:51 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 23.05.2013 11:01:51 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.05.2013 11:01:51 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 23.05.2013 11:01:51 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.05.2013 11:01:51 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.05.2013 11:02:03 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description =
[ TuneUp Events ]
Error - 22.05.2013 08:46:44 | Computer Name = Bernhard-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.05.2013 10:56:47 | Computer Name = Bernhard-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.05.2013 11:13:17 | Computer Name = Bernhard-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.05.2013 11:17:56 | Computer Name = Bernhard-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.05.2013 12:19:19 | Computer Name = Bernhard-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 23.05.2013 03:13:35 | Computer Name = Bernhard-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 23.05.2013 03:36:18 | Computer Name = Bernhard-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
|
|
23.05.2013, 17:34
| #14 |
| | Desktop bleibt nach Start Weiß oder Schwarz! ich hab probiert den log der systemlook in einem code fenster zu posten, aber das ist einfach zu lange. jetzt hab ich es als zip file im anhang gepostet. hoffe das ist in ordnung |
|
23.05.2013, 20:07
| #15 |
| /// TB-Ausbilder | Desktop bleibt nach Start Weiß oder Schwarz! Servus, du hast alles richtig gemacht. So geht es weiter: Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.appsarefun.info/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 203.232.208.116:8080
FF - prefs.js..browser.search.defaulturl: "hxxp://search.appsarefun.info/?l=1&q="
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Program Files (x86)\AddLyrics\FF\
[2013.01.09 13:42:57 | 000,000,000 | ---D | M] (Download and Sa) -- C:\Users\26041984\AppData\Roaming\mozilla\Firefox\Profiles\raip0dwt.default\extensions\508d07926ab7a@508d07926abb4.com
CHR - Extension: Download and Sa = C:\Users\26041984\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdcmjepiapeccnjgghnkinnghnamfoi\7.1_0\
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9EBE5796-5B84-4BFB-A1FB-914E68D02032} - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - File not found
[2013.05.23 16:58:19 | 000,002,811 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
@Alternate Data Stream - 481 bytes -> C:\ProgramData\TEMP:05EE1EEF
:files
C:\Program Files (x86)\Bandoo
C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
C:\Program Files (x86)\Common Files\Plasmoo
C:\Program Files (x86)\Delta
C:\ProgramData\Babylon
C:\ProgramData\BrowserProtect
C:\ProgramData\InstallMate
C:\ProgramData\Premium
C:\Users\All Users\BrowserProtect
C:\Windows.old\Documents and Settings\All Users\BrowserProtect
C:\Windows.old\ProgramData\Application Data\BrowserProtect
C:\Windows.old\Users\All Users\BrowserProtect
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\obdcmjepiapeccnjgghnkinnghnamfoi]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{620D7C77-723C-4FB6-B030-233CDA9E251E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserProtect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{996F7306-2B96-48D0-B6F1-CB819CE2BD85}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F2E79F51-B152-4419-8F28-05263CC1DE85}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C43D7EF-A11E-45D4-84CE-C819235D678A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211301130}]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[-HKEY_CURRENT_USER\Software\BabSolution]
:Commands
[emptytemp]
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Schritt 4
Code:
ATTFilter C:\Program Files (x86)\mozilla firefox\extensions\{d060ed6d-48cb-0545-bc2c-3eaa1786e35f} /S
Bitte poste mit deiner nächsten Antwort
|
|
| Themen zu Desktop bleibt nach Start Weiß oder Schwarz! |
| computer, desktop, gen, hintergrund, meldung, neu, nicht mehr, notebook, passwort, plötzlich, problem, profi, programm, rechner, sekunden, start, task-manager, tiere, tipps, trojaner, vista, wichtig, windows, windows vista, öffnen |
+ R Taste und schreibe notepad in das Ausführen Fenster.
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
