adobe flashplayer fragt durchgehend nach Admin rechten?

Zebrahead · 22.05.2013, 15:37

ch habe mir gestern per skype einen lustigen "kennst du das foto schon" virus eingefangen und mein virenprogramm (advanced systemcare ultimate 6) scheint ihn auch zu finden doch leider findet er ihn immer wieder aufs neue (scheint ihn also nicht löschen zu können). Heute mache ich den rechner an und bekomme dauerhaft von adobe anfragen für die administratorechte die ich natürlich erstmal nich rausgebe aber egal ob ich auf nein oder schließen drücke adobe fragt hartnäckig weiter. gestern abend hatte ich außerdem noch so einen eset online viren scan gemacht bei dem folgendes raus kam:
C:\ProgramData\48AD.exe a variant of Win32/Kryptik.BBND trojan
C:\ProgramData\51D0.exe a variant of Win32/Kryptik.BBND trojan
C:\ProgramData\612.exe a variant of Win32/Kryptik.BBND trojan
C:\ProgramData\88E7.exe a variant of Win32/Kryptik.BBND trojan
C:\ProgramData\AE9D.exe a variant of Win32/Kryptik.BBND trojan
C:\ProgramData\C349.exe a variant of Win32/Kryptik.BBND trojan
C:\ProgramData\CBFF.exe a variant of Win32/Kryptik.BBND trojan
C:\ProgramData\dadaddddaaffsacfsfdsf.exe a variant of Win32/Kryptik.BBND trojan
C:\ProgramData\EC8.exe a variant of Win32/Kryptik.BBND trojan
C:\Users\All Users\48AD.exe a variant of Win32/Kryptik.BBND trojan
C:\Users\All Users\51D0.exe a variant of Win32/Kryptik.BBND trojan
C:\Users\All Users\612.exe a variant of Win32/Kryptik.BBND trojan
C:\Users\All Users\8041.exe a variant of Win32/Kryptik.BBND trojan
C:\Users\All Users\88E7.exe a variant of Win32/Kryptik.BBND trojan
C:\Users\All Users\AE9D.exe a variant of Win32/Kryptik.BBND trojan
C:\Users\All Users\C349.exe a variant of Win32/Kryptik.BBND trojan
C:\Users\All Users\CBFF.exe a variant of Win32/Kryptik.BBND trojan
C:\Users\All Users\dadaddddaaffsacfsfdsf.exe a variant of Win32/Kryptik.BBND trojan
C:\Users\All Users\EC8.exe a variant of Win32/Kryptik.BBND trojan
C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00d4fd a variant of Win32/Kryptik.BBND trojan
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9PBP3T\f97834fh9348[1] a variant of Win32/Kryptik.BBND trojan
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9PBP3T\f97834fh9348[2] a variant of Win32/Kryptik.BBND trojan
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9PBP3T\f97834fh9348[3] a variant of Win32/Kryptik.BBND trojan
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9PBP3T\f97834fh9348[4] a variant of Win32/Kryptik.BBND trojan
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQTUG23P\f97834fh9348[1] a variant of Win32/Kryptik.BBND trojan
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQTUG23P\f97834fh9348[2] a variant of Win32/Kryptik.BBND trojan
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHPK7FEX\f97834fh9348[1] a variant of Win32/Kryptik.BBND trojan
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHPK7FEX\f97834fh9348[2] a variant of Win32/Kryptik.BBND trojan
C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHPK7FEX\f97834fh9348[3] a variant of Win32/Kryptik.BBND trojan

außerdem läuft in meinem prozess-manager eine c467.exe?!

hier nochmal der OTL bericht wobei glaub ich neben bei noch chrome offen war:

OTL logfile created on: 22.05.2013 16:22:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Felix\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,98 Gb Total Physical Memory | 5,77 Gb Available Physical Memory | 72,30% Memory free
15,96 Gb Paging File | 13,33 Gb Available in Paging File | 83,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 36,32 Gb Free Space | 24,79% Space Free | Partition Type: NTFS
Drive D: | 552,15 Gb Total Space | 55,14 Gb Free Space | 9,99% Space Free | Partition Type: NTFS
Drive F: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: FELIX-PC | User Name: Felix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.22 16:14:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Felix\Downloads\OTL.exe
PRC - [2013.05.03 14:20:53 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Felix\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.01.10 23:05:20 | 000,533,288 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2013.01.10 21:12:18 | 000,444,712 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2013.01.10 21:11:26 | 000,389,928 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.29 20:15:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.11.27 16:15:22 | 005,467,008 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Asc.exe
PRC - [2012.11.27 12:56:22 | 001,050,496 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe
PRC - [2012.11.13 13:00:00 | 000,625,536 | ---- | M] (IOBit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe
PRC - [2012.11.12 17:06:42 | 000,697,728 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
PRC - [2012.11.07 15:50:40 | 000,512,384 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe

========== Modules (No Company Name) ==========

MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2012.11.01 10:21:10 | 000,350,592 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madExcept_.bpl
MOD - [2012.11.01 10:21:08 | 000,050,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madDisAsm_.bpl
MOD - [2012.11.01 10:21:06 | 000,182,656 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madBasic_.bpl
MOD - [2012.10.15 10:53:40 | 001,229,696 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Scan.dll
MOD - [2012.09.05 18:55:36 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll
MOD - [2012.09.05 18:55:28 | 000,516,480 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\sqlite3.dll
MOD - [2012.04.14 15:42:02 | 000,224,600 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Antivirus\Scan\smartscn.dll

========== Services (SafeList) ==========

SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.03.06 21:14:47 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.01.10 23:05:20 | 000,533,288 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013.01.10 21:45:56 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2013.01.10 21:12:18 | 000,444,712 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013.01.10 21:11:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.29 20:15:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.27 12:56:22 | 001,050,496 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe -- (AdvancedSystemCareService6)
SRV - [2012.11.13 13:00:00 | 000,625,536 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe -- (ASCAntivirusSrv)
SRV - [2012.06.26 15:35:20 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011.04.26 11:21:06 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.18 14:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (hxxp://pietschsoft.com)) [Auto | Stopped] -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe -- (Virtual Router)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.04.02 18:32:33 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.04.02 18:32:33 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013.04.02 18:32:33 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013.03.04 09:35:08 | 000,838,216 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.01.10 21:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.01.10 21:33:50 | 000,042,696 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012.04.06 20:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.01 15:11:23 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.11.21 18:59:02 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (Trufos)
DRV:64bit: - [2011.11.10 19:32:02 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.26 11:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.03.24 15:36:24 | 000,431,176 | ---- | M] (BitDefender) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.08.19 20:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.01.12 10:23:08 | 000,026,112 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StMp3Recx64.sys -- (StMp3Recx64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/go/wze [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2325506
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 F9 97 DE DE D6 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {B3F8540B-5382-488C-BB87-495CD2424C6D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{B3F8540B-5382-488C-BB87-495CD2424C6D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home|hxxp://www.giga.de/go/wze"
FF - prefs.js..extensions.enabledAddons: webbooster@iminent.com:5.14.1.0
FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection@iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.8
FF - prefs.js..network.proxy.http: "72.64.146.135"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\Felix\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Felix\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com [2012.10.08 16:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.27 21:43:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.04.04 22:15:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.28 00:11:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.02 18:11:10 | 000,000,000 | ---D | M]

[2011.12.28 00:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Extensions
[2013.05.08 22:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\oox9dp8g.default\extensions
[2013.03.20 15:57:55 | 000,000,000 | ---D | M] (www.Freeware-download.com Community Toolbar) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\oox9dp8g.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}
[2013.03.20 15:57:54 | 000,000,000 | ---D | M] (Hotspot Shield Community Toolbar) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\oox9dp8g.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2013.04.02 18:17:06 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\oox9dp8g.default\extensions\ascsurfingprotection@iobit.com
[2012.01.24 22:20:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\oox9dp8g.default\extensions\engine@conduit.com
[2013.05.08 22:21:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\oox9dp8g.default\extensions\ich@maltegoetz.de
[2013.02.24 15:50:49 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\firefox\profiles\oox9dp8g.default\extensions\stealthyextension@gmail.com.xpi
[2013.05.21 20:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.31 19:35:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012.06.12 18:23:19 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2012.10.08 16:09:51 | 000,000,000 | ---D | M] ("Iminent Minibar") -- C:\PROGRAM FILES (X86)\IMINENT\WEBBOOSTER@IMINENT.COM
[2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter},
CHR - homepage: hxxp://search.conduit.com/?SearchSource=10&ctid=CT2325506
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Square Enix Secure Launcher (Enabled) = C:\Users\Felix\AppData\LocalLow\Square Enix\nprun3d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\
CHR - Extension: YouTube = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Cloud Downloader = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\piifjlhjopdohglieknlpgoeajdbipel\1.9.8_0\
CHR - Extension: Google Mail = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll㠀㘀⤀ File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (www.Freeware-download.com Toolbar) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKCU..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe (IObit)
O4 - HKCU..\Run: [dadaddddaaffsacfsfdsf] C:\ProgramData\dadaddddaaffsacfsfdsf.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Felix\APPDATA\ROAMING\SPOTIFY\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B161AD45-E75E-4B75-BC6D-519A91901F9B}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D83BFC79-D1B6-4DC4-A832-64A03751BF14}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D83BFC79-D1B6-4DC4-A832-64A03751BF14}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.17 10:31:38 | 010,810,880 | R--- | M] () - D:\autorun.dat -- [ NTFS ]
O32 - AutoRun File - [2009.07.29 10:55:00 | 000,419,088 | ---- | M] (Electronic Arts) - D:\AutoRun.exe -- [ NTFS ]
O32 - AutoRun File - [2009.09.17 11:35:05 | 000,000,157 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2005.11.01 12:54:36 | 000,000,000 | R--D | M] - F:\autorun -- [ UDF ]
O32 - AutoRun File - [2005.11.01 12:59:48 | 001,187,840 | R--- | M] () - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 12:59:47 | 000,000,043 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{7b8b9821-30d3-11e1-bc4a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7b8b9821-30d3-11e1-bc4a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2005.11.01 12:59:48 | 001,187,840 | R--- | M] ()
O33 - MountPoints2\{cc54c5d1-346e-11e1-af4d-f46d04657bf7}\Shell - "" = AutoRun
O33 - MountPoints2\{cc54c5d1-346e-11e1-af4d-f46d04657bf7}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{dfe59dcd-8508-11e2-867a-f46d04657bf7}\Shell - "" = AutoRun
O33 - MountPoints2\{dfe59dcd-8508-11e2-867a-f46d04657bf7}\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.21 21:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.05.21 20:43:23 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Skype
[2013.05.21 20:35:49 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.05.21 20:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.05.21 20:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.05.15 17:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\FlyVPN
[2013.05.06 19:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.04.29 17:05:30 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\Unity
[2013.04.27 22:11:40 | 000,000,000 | ---D | C] -- C:\Users\Felix\Desktop\iron man
[2013.04.27 22:11:31 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV
[2013.04.27 22:11:30 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\New Technology Studio
[2013.04.27 22:11:30 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\New Technology Studio
[2013.04.26 18:44:05 | 000,000,000 | ---D | C] -- C:\Users\Felix\Desktop\felix savegames
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.05.22 16:24:49 | 000,091,136 | ---- | M] () -- C:\ProgramData\dadaddddaaffsacfsfdsf.exe
[2013.05.22 16:00:42 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 16:00:42 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 15:58:28 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.22 15:58:28 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.22 15:58:28 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.22 15:58:28 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.22 15:58:28 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.22 15:53:53 | 000,167,936 | ---- | M] () -- C:\ProgramData\C467.exe
[2013.05.22 15:53:31 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 15:53:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 15:53:09 | 2132,721,663 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 15:49:41 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2013.05.21 23:42:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.21 22:19:00 | 000,071,680 | ---- | M] () -- C:\ProgramData\8041.exe
[2013.05.21 22:03:59 | 000,071,680 | ---- | M] () -- C:\ProgramData\C349.exe
[2013.05.21 21:48:59 | 000,071,680 | ---- | M] () -- C:\ProgramData\612.exe
[2013.05.21 21:33:58 | 000,071,680 | ---- | M] () -- C:\ProgramData\48AD.exe
[2013.05.21 21:18:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\88E7.exe
[2013.05.21 21:03:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\CBFF.exe
[2013.05.21 20:48:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\EC8.exe
[2013.05.21 20:35:49 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.05.21 20:33:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\51D0.exe
[2013.05.21 18:28:43 | 000,071,680 | ---- | M] () -- C:\ProgramData\AE9D.exe
[2013.05.21 17:23:13 | 000,379,183 | ---- | M] () -- C:\Users\Felix\Desktop\world end.jpg
[2013.05.18 13:30:57 | 000,075,545 | ---- | M] () -- C:\Users\Felix\Desktop\fBKrKd5h.jpg
[2013.05.16 22:57:03 | 000,071,929 | ---- | M] () -- C:\Users\Felix\Desktop\428051_572080186156202_956263062_n.jpg
[2013.05.16 16:02:05 | 000,279,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 17:19:58 | 000,188,163 | ---- | M] () -- C:\Users\Felix\Desktop\metrochat2.png
[2013.05.15 17:19:40 | 000,252,195 | ---- | M] () -- C:\Users\Felix\Desktop\metrochat.png
[2013.05.14 16:42:01 | 000,728,304 | ---- | M] () -- C:\Users\Felix\Desktop\guck mal.png
[2013.05.13 20:45:33 | 000,189,228 | ---- | M] () -- C:\Users\Felix\Desktop\25.jpg
[2013.05.08 22:48:04 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.08 22:48:04 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.08 22:45:26 | 000,280,856 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.06 19:17:26 | 000,000,202 | ---- | M] () -- C:\Users\Felix\Desktop\Driver Fusion.url
[2013.04.27 22:11:31 | 000,001,268 | ---- | M] () -- C:\Users\Felix\Desktop\OpenIV.lnk
[2013.04.23 17:24:15 | 000,036,088 | ---- | M] () -- C:\Users\Felix\Desktop\image_1366547031593242.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.05.22 15:53:52 | 000,167,936 | ---- | C] () -- C:\ProgramData\C467.exe
[2013.05.22 15:49:41 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013.05.21 22:18:59 | 000,071,680 | ---- | C] () -- C:\ProgramData\8041.exe
[2013.05.21 22:03:59 | 000,071,680 | ---- | C] () -- C:\ProgramData\C349.exe
[2013.05.21 21:48:58 | 000,071,680 | ---- | C] () -- C:\ProgramData\612.exe
[2013.05.21 21:33:58 | 000,071,680 | ---- | C] () -- C:\ProgramData\48AD.exe
[2013.05.21 21:18:57 | 000,071,680 | ---- | C] () -- C:\ProgramData\88E7.exe
[2013.05.21 21:03:56 | 000,071,680 | ---- | C] () -- C:\ProgramData\CBFF.exe
[2013.05.21 20:48:56 | 000,071,680 | ---- | C] () -- C:\ProgramData\EC8.exe
[2013.05.21 20:35:49 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.05.21 20:33:56 | 000,071,680 | ---- | C] () -- C:\ProgramData\51D0.exe
[2013.05.21 18:28:43 | 000,071,680 | ---- | C] () -- C:\ProgramData\AE9D.exe
[2013.05.21 18:28:42 | 000,091,136 | ---- | C] () -- C:\ProgramData\dadaddddaaffsacfsfdsf.exe
[2013.05.21 17:23:13 | 000,379,183 | ---- | C] () -- C:\Users\Felix\Desktop\world end.jpg
[2013.05.18 13:30:56 | 000,075,545 | ---- | C] () -- C:\Users\Felix\Desktop\fBKrKd5h.jpg
[2013.05.16 22:57:03 | 000,071,929 | ---- | C] () -- C:\Users\Felix\Desktop\428051_572080186156202_956263062_n.jpg
[2013.05.15 17:19:58 | 000,188,163 | ---- | C] () -- C:\Users\Felix\Desktop\metrochat2.png
[2013.05.15 17:19:40 | 000,252,195 | ---- | C] () -- C:\Users\Felix\Desktop\metrochat.png
[2013.05.14 16:42:01 | 000,728,304 | ---- | C] () -- C:\Users\Felix\Desktop\guck mal.png
[2013.05.13 20:45:33 | 000,189,228 | ---- | C] () -- C:\Users\Felix\Desktop\25.jpg
[2013.05.06 19:41:33 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.05.06 19:17:26 | 000,000,202 | ---- | C] () -- C:\Users\Felix\Desktop\Driver Fusion.url
[2013.04.27 22:11:31 | 000,001,268 | ---- | C] () -- C:\Users\Felix\Desktop\OpenIV.lnk
[2013.04.23 17:24:15 | 000,036,088 | ---- | C] () -- C:\Users\Felix\Desktop\image_1366547031593242.jpg
[2013.03.31 13:09:23 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.11.23 16:54:07 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.02.02 21:43:43 | 000,000,000 | ---- | C] () -- C:\Users\Felix\dr
[2012.01.30 20:55:38 | 000,000,000 | ---- | C] () -- C:\Users\Felix\path
[2011.12.30 23:01:22 | 000,280,792 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.30 23:01:16 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.28 22:49:18 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.28 00:06:16 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1142900357-2600456467-752600298-1000\$65aa22156aed522a2e7c8c77def2833f\n. -- File not found

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.04.30 21:08:22 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\.minecraft
[2012.05.05 20:31:03 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Canneverbe Limited
[2013.04.02 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DAEMON Tools Lite
[2013.01.27 21:42:56 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DVDVideoSoft
[2012.10.12 11:52:35 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.23 17:05:54 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\GetRightToGo
[2012.10.08 16:09:59 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Iminent
[2013.04.02 18:17:07 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\IObit
[2011.12.31 23:20:23 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\MotioninJoy
[2013.04.02 19:25:53 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\NetSpeedMonitor
[2013.04.27 22:11:30 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\New Technology Studio
[2012.12.09 17:02:04 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Origin
[2012.01.01 15:19:30 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\PunkBuster
[2012.10.07 17:48:10 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\six-updater
[2012.07.27 00:23:47 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\six-zsync
[2013.05.22 15:58:06 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Spotify
[2013.04.02 17:54:23 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\TeamViewer
[2013.02.21 00:01:54 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Teeworlds
[2013.05.21 22:33:21 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\TS3Client
[2012.10.27 23:12:56 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\uTorrent
[2012.01.24 22:50:59 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\WindSolutions

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1062 bytes -> C:\ProgramData\TEMP:966F7784

< End of report >

Würde mich sehr über eure beratung freuen
mfg Felix

adobe flashplayer fragt durchgehend nach Admin rechten?

Plagegeister aller Art und deren Bekämpfung: adobe flashplayer fragt durchgehend nach Admin rechten?

adobe flashplayer fragt durchgehend nach Admin rechten?

Ähnliche Themen: adobe flashplayer fragt durchgehend nach Admin rechten?