Exploit:Java/CVE-2013-0431 und co. Funde von MCE

Ornf · 26.05.2013, 17:59

Hallo,
Ich hatte letzte Zeit Schwierigkeiten mit meinem PC: Der PC friert ständig kurz ein und der Cursor sah komisch aus und hat sich auch so verhalten. Ich wollte also mein Problem beheben und hab mir gedacht dass ich möglicherweise Viren auf meinem PC hätte, also schaute ich in den Verlauf von Microsoft Security Essentials und siehe da: Exploit:Java/CVE-2013-0431, Exploit_Java/CVE-2013-2423 und Exploit:JS/Blacole.gb. Na toll. Microsoft Security Essentials zeigt mir natürlich an dass sie Alle Exploits entfernt haben, aber... Wir wissen ja alle dass das nicht ganz stimmt. Deshalb bin ich nun hier um mir von Experten helfen zu lassen.
mfg

Ornf

M-K-D-B · 26.05.2013, 18:44

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.

M-K-D-B · 26.05.2013, 18:45

Servus,

Also ich sehe da hauptsächlich Adware und unerwünschte Software.

Schritt 1
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

AdwCleaner bitte zweimal hintereinander ausführen und beide Logdateien davon posten!

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von ComboFix,
die beiden Logdateien von AdwCleaner,
die Logdatei von JRT.

Ornf · 27.05.2013, 18:58

Hallo Matthias,
also erstmal danke für die Antwort auf meinen Post

Und ich hab schon das erste Problem: Als ich Combofix gestern gestartet habe lief erst einmal alles wie normal, doch nach kurzer Zeit kamen Fehlermeldungen das etwas nicht mehr funktionierte. Als diese Meldungen noch auf dem Screen waren, arbeitete Combofix nicht weiter. Ich drückte also immer auf Programm schließen und Combofix arbeitete normal weiter, bis ich zur Vorbereitung des Logs kam. Ich dachte, es würde höchstens 10 Minuten dauern, doch ich musste meinen PC sogar über Nacht anlassen und Combofix war immernoch nicht fertig. Ich hatte die Nase voll also fuhr ich meinen PC einfach herunter. Als ich ihn wieder hochfuhr war eigentlich alles normal, keine Meldungen o.ä., doch als ich meine Probleme hier posten wollte ist mein PC einfach eingefroren und ich musste den Strom abstellen. Nach dem Hochfahren war wieder alles normal und ich bin hierhin gekommen um mein Problem zu posten.
mfg

Ornf

M-K-D-B · 28.05.2013, 16:04

Servus,

Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern, benenne die ComboFix.exe in NoMBR.exe um und führe ComboFix im abgesicherten Modus nochmal aus.

Anschließend gehts weiter mit AdwCleaner und JRT (beide im normalen Modus ausführen).

Ornf · 28.05.2013, 18:06

Ok, alles lief wie gewünscht, nur Combofix sagte mir vor dem Scan dass Avira und Microsoft Security Essentials noch an wären. Combofix lief jedoch normal weiter und es gab auch sonst keine Probleme.

Combofix.txt

Code:

ATTFilter

ComboFix 13-05-28.02 - Ornf 28.05.2013  17:59:40.2.6 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8138.7316 [GMT 2:00]
ausgeführt von:: c:\users\Ornf\Desktop\NoMBR.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\directx.sys
c:\windows\iun6002.exe
c:\windows\SysWow64\muzapp.exe
D:\install.exe
.
---- Vorheriger Suchlauf -------
.
c:\program files (x86)\Windows Searchqu Toolbar
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\css\new-tab.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_amazon.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ebay.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_facebook.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_fantastigames.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ftalk.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\IDR_WEBSTORE_ICON.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png__
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\new-tab.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\analytics.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\constant.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config - Copy.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\jquery.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\localStorage.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\new-tab.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\preferences.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\manifest.json
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\OurLocalPage.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\users\Ornf\AppData\Local\Savings Sidekick
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-28 bis 2013-05-28  ))))))))))))))))))))))))))))))
.
.
2013-05-28 16:10 . 2013-05-28 16:10	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-05-28 16:10 . 2013-05-28 16:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-27 17:55 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB8D3008-033D-4CA5-B4A5-88A0694F585D}\mpengine.dll
2013-05-27 04:16 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-26 13:30 . 2013-05-26 13:30	--------	d-----w-	c:\program files (x86)\Geeks3D
2013-05-25 17:02 . 2013-05-25 17:02	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-25 17:02 . 2013-05-25 17:02	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-25 17:02 . 2013-05-25 17:02	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-25 17:02 . 2013-05-25 17:02	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-25 17:02 . 2013-05-25 17:02	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-05-25 17:01 . 2013-05-25 17:02	--------	d-----w-	c:\program files (x86)\QuickTime
2013-05-25 17:01 . 2013-05-25 17:01	--------	d-----w-	c:\programdata\Apple Computer
2013-05-24 19:59 . 2013-05-24 19:59	--------	d-----w-	c:\users\Ornf\AppData\Local\NVIDIA
2013-05-24 19:47 . 2013-05-24 19:47	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-05-24 19:43 . 2013-05-24 19:43	--------	d-----w-	C:\NVIDIA
2013-05-22 20:39 . 2013-05-22 20:39	262552	----a-w-	c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-21 18:40 . 2013-05-21 18:40	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B95B159E-54B0-42B5-B7A4-1966938B6485}\gapaengine.dll
2013-05-16 16:08 . 2013-05-19 00:00	--------	d-----w-	c:\users\Ornf\AppData\Roaming\Audacity
2013-05-16 16:08 . 2013-05-16 16:08	--------	d-----w-	c:\program files (x86)\Audacity
2013-05-16 15:36 . 2013-05-16 15:36	--------	d-----w-	c:\users\Ornf\AppData\Local\Nem's Tools
2013-05-16 14:08 . 2013-05-16 14:08	--------	d-----w-	c:\program files (x86)\SystemRequirementsLab
2013-05-16 14:08 . 2013-05-16 14:08	--------	d-----w-	c:\users\Ornf\SystemRequirementsLab
2013-05-15 21:18 . 2013-05-05 21:36	17818624	----a-w-	c:\windows\system32\mshtml.dll
2013-05-15 21:18 . 2013-05-05 21:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-15 21:18 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-05-15 13:41 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 13:41 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 13:41 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-15 13:41 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-15 13:41 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-15 13:41 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-15 13:41 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-15 13:41 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 13:41 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-15 13:40 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 13:40 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-15 13:40 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-05-12 13:43 . 2013-05-12 13:43	566048	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-05-10 12:55 . 2013-05-10 12:55	--------	d-----w-	c:\program files\Plantronics
2013-05-10 12:55 . 2011-12-01 20:18	813288	------w-	c:\windows\system32\PLTGC.exe
2013-05-10 12:55 . 2011-11-05 00:47	1327104	----a-w-	c:\windows\system32\drivers\PLTGC.sys
2013-05-10 12:55 . 2004-04-14 19:28	315392	----a-w-	c:\windows\system\fltrPLTGC.dll
2013-05-10 12:55 . 2009-08-20 09:00	359424	------w-	c:\windows\system32\CmiInstallResAll64.dll
2013-05-10 12:55 . 2006-10-06 22:45	524768	----a-r-	c:\windows\difxapi.dll
2013-05-10 07:57 . 2013-05-10 07:57	187456	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-08 15:23 . 2013-05-08 15:23	--------	d-----w-	c:\users\Ornf\AppData\Local\ESN
2013-05-08 15:23 . 2013-05-14 14:11	--------	d-----w-	c:\program files (x86)\Battlelog Web Plugins
2013-05-08 15:16 . 2013-05-08 15:16	--------	d-----w-	c:\programdata\EA Core
2013-05-08 15:16 . 2013-05-08 16:18	--------	d-----w-	c:\programdata\EA Logs
2013-05-08 15:05 . 2013-05-08 15:05	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
2013-05-07 17:35 . 2013-05-07 17:35	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2013-05-07 17:34 . 2013-05-07 17:35	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2013-05-07 16:54 . 2013-05-08 21:53	--------	d-----w-	c:\users\Ornf\AppData\Roaming\Origin
2013-05-07 16:54 . 2013-05-07 16:54	--------	d-----w-	c:\program files (x86)\Origin Games
2013-05-07 16:54 . 2013-05-07 18:53	--------	d-----w-	c:\users\Ornf\AppData\Local\Origin
2013-05-07 16:52 . 2013-05-08 15:16	--------	d-----w-	c:\programdata\Electronic Arts
2013-05-07 16:52 . 2013-05-07 17:20	--------	d-----w-	c:\programdata\Origin
2013-05-07 16:32 . 2013-05-07 16:32	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-04 15:22 . 2013-05-04 15:22	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-05-01 01:59 . 2013-05-01 01:59	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2013-04-29 15:29 . 2013-04-29 15:29	--------	d-----w-	c:\users\Ornf\AppData\Local\Unity
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-21 08:47 . 2012-12-21 08:57	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-05-21 08:47 . 2012-12-21 07:56	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-05-21 08:47 . 2012-12-21 07:56	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-05-15 21:22 . 2012-01-13 14:22	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-15 17:18 . 2012-04-16 08:33	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 17:18 . 2012-01-13 13:34	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 13:15 . 2010-06-24 10:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-12 21:42 . 2013-02-25 22:32	2597344	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-05-12 21:42 . 2013-02-25 22:32	12426216	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-05-12 21:42 . 2013-02-25 22:32	2935696	----a-w-	c:\windows\system32\nvapi64.dll
2013-05-12 21:42 . 2013-02-25 22:32	1059560	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-05-12 21:42 . 2013-02-25 22:32	27775776	----a-w-	c:\windows\system32\nvoglv64.dll
2013-05-12 21:42 . 2013-02-25 22:32	15910736	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-05-12 21:42 . 2013-02-25 22:32	13403168	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-05-12 20:34 . 2012-07-23 08:08	6491936	----a-w-	c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2012-07-23 08:08	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2012-07-23 08:08	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2012-07-23 08:08	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2012-07-23 08:08	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-05-12 20:34 . 2012-07-23 08:08	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-05-08 16:23 . 2012-12-21 07:56	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-05-08 14:13 . 2012-07-23 08:08	3165737	----a-w-	c:\windows\system32\nvcoproc.bin
2013-05-02 15:29 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-24 14:13 . 2012-02-10 10:06	905296	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 17:38 . 2013-04-13 17:38	172032	----a-w-	c:\windows\SysWow64\AniGIF.ocx
2013-04-13 05:49 . 2013-05-15 13:41	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 13:41	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 13:41	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 13:41	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 13:41	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 13:41	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 14:07	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-04 03:35 . 2013-04-23 14:57	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-03 14:10 . 2013-04-03 14:10	91264	----a-w-	c:\windows\SysWow64\EasyHook32.dll
2013-03-30 12:23 . 2012-08-21 00:26	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2013-03-28 00:22 . 2013-03-28 00:22	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-28 00:22 . 2013-03-28 00:22	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-28 00:22 . 2013-03-28 00:22	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-19 06:04 . 2013-04-10 18:14	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 18:14	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 18:14	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 18:14	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 18:14	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 18:14	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-13 17:41 . 2012-01-13 13:35	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-13 17:41 . 2012-01-13 13:35	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Spotify Web Helper"="c:\users\Ornf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-14 1104280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"LogMeIn Hamachi Ui"="d:\hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261249~1.132\{61D8B~1\browsermngr.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0SCTBootTasks
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]
R1 axcmaavf;axcmaavf;c:\windows\system32\drivers\axcmaavf.sys [x]
R1 bdzjmjtx;bdzjmjtx;c:\windows\system32\drivers\bdzjmjtx.sys [x]
R1 byxozloi;byxozloi;c:\windows\system32\drivers\byxozloi.sys [x]
R1 dzmgnlti;dzmgnlti;c:\windows\system32\drivers\dzmgnlti.sys [x]
R1 fnwydpfi;fnwydpfi;c:\windows\system32\drivers\fnwydpfi.sys [x]
R1 hscillmt;hscillmt;c:\windows\system32\drivers\hscillmt.sys [x]
R1 kdwjhfru;kdwjhfru;c:\windows\system32\drivers\kdwjhfru.sys [x]
R1 kugnlzar;kugnlzar;c:\windows\system32\drivers\kugnlzar.sys [x]
R1 mbxgluec;mbxgluec;c:\windows\system32\drivers\mbxgluec.sys [x]
R1 nmtfnhup;nmtfnhup;c:\windows\system32\drivers\nmtfnhup.sys [x]
R1 noqvjpbd;noqvjpbd;c:\windows\system32\drivers\noqvjpbd.sys [x]
R1 oolgoxai;oolgoxai;c:\windows\system32\drivers\oolgoxai.sys [x]
R1 peaankia;peaankia;c:\windows\system32\drivers\peaankia.sys [x]
R1 pmyiorwq;pmyiorwq;c:\windows\system32\drivers\pmyiorwq.sys [x]
R1 qkujjupn;qkujjupn;c:\windows\system32\drivers\qkujjupn.sys [x]
R1 rveukobo;rveukobo;c:\windows\system32\drivers\rveukobo.sys [x]
R1 tdweciab;tdweciab;c:\windows\system32\drivers\tdweciab.sys [x]
R1 wihpqynl;wihpqynl;c:\windows\system32\drivers\wihpqynl.sys [x]
R1 xjcrplec;xjcrplec;c:\windows\system32\drivers\xjcrplec.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.6.1249.132\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2013-03-22 2787280]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-04-23 9216]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R2 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [2013-02-27 1097848]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-05-12 413472]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-03-18 87168]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-03-18 188544]
R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2010-03-30 55336]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-11 49152]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2010-03-30 32296]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2010-03-30 202792]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2010-03-30 154792]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys [2012-08-13 25704]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2012-04-22 64384]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2012-04-22 87168]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [2012-06-01 234792]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [2012-06-01 76072]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\drivers\ISCTD64.sys [2012-01-31 44992]
R3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys [2012-03-27 356632]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys [2012-03-27 789272]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys [2011-03-07 24880]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-10-25 96768]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-10-25 213504]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2012-05-15 398656]
R3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys [2011-11-05 1327104]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\drivers\rusb3hub.sys [2012-05-10 104448]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\drivers\rusb3xhc.sys [2012-05-10 221184]
R3 SBUpdd;SpeedBit UpdateD;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [2013-02-27 40856]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys [2012-07-20 23736]
R3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2012-05-02 136512]
R3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2012-05-02 413504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys [2012-03-27 19224]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\hamachi\hamachi-2.exe [2013-05-15 2467664]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2012-02-21 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-02-21 396776]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-04-11 708200]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 17:18]
.
2013-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1840239527-1524616062-737289275-1001Core.job
- c:\users\Ornf\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13 17:42]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1840239527-1524616062-737289275-1001UA.job
- c:\users\Ornf\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13 17:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.claro-search.com/?affID=114508&tt=4112_4&babsrc=HP_clro&mntrId=1270b750000000000000c86000b25542
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Ornf\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Ornf\AppData\Roaming\Mozilla\Firefox\Profiles\wc0zpky4.default\
FF - prefs.js: browser.search.selectedEngine - Search Safer
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - user.js: extensions.claro.id - 1270b750000000000000c86000b25542
FF - user.js: extensions.claro.instlDay - 15622
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.122:19
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - c:\progra~2\WIA6EB~1\Datamngr\BROWSE~1.DLL
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
Toolbar-{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - c:\program files (x86)\ChatZum Toolbar\tbunszFD09.tmp\tbcore3.dll
Toolbar-{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - (no file)
Wow6432Node-HKCU-Run-Clownfish - (no file)
Wow6432Node-HKCU-Run-Desura - c:\program files (x86)\Desura\desura.exe
Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - (no file)
AddRemove-BattlEye for A2 - d:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-ChatZum Toolbar - c:\program files (x86)\ChatZum Toolbar\tbunszFD09.tmp\uninstaller.exe
AddRemove-Searchqu Toolbar - c:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
AddRemove-Yawle_0.3b - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6c,14,fe,68,98,88,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,d8,8d,42,69,4e,18,4d,a9,75,ba,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,d8,8d,42,69,4e,18,4d,a9,75,ba,\
.
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c5,
   05,9a,b9,ef,06,bc,9f,bf,17,8d,68,fa,db
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,0e,
   6b,c7,87,40,02,af,e2,91,9a,f0,9f,6a,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d2,
   c6,72,f5,37,07,a5,7d,d9,65,c0,83,cf,b1
"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,60,6b,
   80,7f,c0,7e,0b,9c,61,2c,53,5e,4e,3a,a8
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,6e,d1,
   90,b1,8e,e8,07,91,4b,ca,e8,45,6f,3c,27
"{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}"=hex:51,66,7a,6c,4c,1d,3b,1b,8c,92,ce,
   2a,49,6e,43,05,ac,b6,24,5b,e6,8a,bb,b9
"{000F18F2-09EB-4A59-82B2-5AE4184C39C3}"=hex:51,66,7a,6c,4c,1d,3b,1b,e2,07,15,
   1d,dc,58,35,0e,9b,bb,1f,a4,19,0a,7e,db
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,24,37,
   50,89,38,16,03,89,fc,b8,9b,04,73,3e,6d
"{D0F4A166-B8D4-48B8-9D63-80849FE137CB}"=hex:51,66,7a,6c,4c,1d,3b,1b,76,be,ee,
   cd,e3,e9,d4,0c,84,6a,c5,c4,9e,a7,70,d3
"{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,05,09,
   83,e0,bf,87,0f,a9,1c,e5,ed,b2,4d,11,5e
"{11111111-1111-1111-1111-110011501160}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0e,0b,
   0c,26,40,7d,55,08,18,54,40,10,16,56,78
"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,3b,1b,97,d4,a6,
   e1,13,c3,e1,0f,a8,1e,b0,2d,93,0d,ac,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-28  18:12:37
ComboFix-quarantined-files.txt  2013-05-28 16:12
.
Vor Suchlauf: 11 Verzeichnis(se), 23.916.482.560 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 23.738.646.528 Bytes frei
.
- - End Of File - - 6FFA0AC577DA9EF92850ABB24575AA24

AdwCleaner[S1].txt

Code:

ATTFilter

# AdwCleaner v2.301 - Datei am 28/05/2013 um 18:29:57 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ornf - ORNF-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ornf\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Ornf\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Ornf\AppData\Roaming\Mozilla\Firefox\Profiles\wc0zpky4.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Ornf\AppData\Roaming\Mozilla\Firefox\Profiles\wc0zpky4.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Ornf\AppData\Roaming\Mozilla\Firefox\Profiles\wc0zpky4.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Ornf\AppData\Roaming\Mozilla\Firefox\Profiles\wc0zpky4.default\searchplugins\Search_Results.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Speedbit
Ordner Gelöscht : C:\Program Files (x86)\Red Sky
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Ornf\AppData\Local\DownTango
Ordner Gelöscht : C:\Users\Ornf\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Ornf\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Ornf\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Ornf\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Ornf\AppData\Roaming\Mozilla\Firefox\Profiles\wc0zpky4.default\extensions\staged
Ordner Gelöscht : C:\Users\Ornf\AppData\Roaming\Mozilla\Firefox\Profiles\wc0zpky4.default\jetpack
Ordner Gelöscht : C:\Users\Ornf\AppData\Roaming\Mozilla\Firefox\Profiles\wc0zpky4.default\Searchqutoolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Savings Sidekick
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SpeedBit
Schlüssel Gelöscht : HKCU\Software\5a4d9d9e63be941
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\Software\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5a4d9d9e63be941
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKU\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=114508&tt=4112_4&babsrc=HP_clro&mntrId=1270b750000000000000c86000b25542 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/ --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Ornf\AppData\Roaming\Mozilla\Firefox\Profiles\wc0zpky4.default\prefs.js

C:\Users\Ornf\AppData\Roaming\Mozilla\Firefox\Profiles\wc0zpky4.default\user.js ... Gelöscht !

Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=114508&tt=4112_4&babsrc=[...]
Gelöscht : user_pref("avg.install.userSPSettings", "Claro Search");
Gelöscht : user_pref("browser.search.order.1", "Claro Search");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "1270b750000000000000c86000b25542");
Gelöscht : user_pref("extensions.claro.instlDay", "15622");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrId", "claro");
Gelöscht : user_pref("extensions.claro.vrsn", "1.6.4.1");
Gelöscht : user_pref("extensions.claro.vrsni", "1.6.4.1");
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.6.4.122:19:48");

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\Ornf\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [19648 octets] - [28/05/2013 18:29:57]

########## EOF - C:\AdwCleaner[S1].txt - [19709 octets] ##########

AdwCleaner[S2].txt

Code:

ATTFilter

# AdwCleaner v2.301 - Datei am 28/05/2013 um 18:36:44 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ornf - ORNF-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ornf\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Ornf\AppData\Roaming\Mozilla\Firefox\Profiles\wc0zpky4.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\Ornf\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [19699 octets] - [28/05/2013 18:29:57]
AdwCleaner[S2].txt - [1283 octets] - [28/05/2013 18:36:44]

########## EOF - C:\AdwCleaner[S2].txt - [1343 octets] ##########

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ornf on 28.05.2013 at 18:52:22,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220022502260}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{22222222-2222-2222-2222-220022502260}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Ornf\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\pcsafedoctor"
Successfully deleted: [Empty Folder] C:\Users\Ornf\appdata\local\{A410A988-F20B-416F-8A70-77AD31120A55}
Successfully deleted: [Empty Folder] C:\Users\Ornf\appdata\local\{E5110D13-C3B0-46AA-A3B3-309A4939EC8F}



~~~ FireFox

Successfully deleted: [File] "C:\Users\Ornf\AppData\Roaming\mozilla\firefox\profiles\wc0zpky4.default\extensions\unitedronaldo@yahoo.com.xpi" 
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}"
Successfully deleted: [Folder] C:\Users\Ornf\AppData\Roaming\mozilla\firefox\profiles\wc0zpky4.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack
Successfully deleted: [Folder] C:\Users\Ornf\AppData\Roaming\mozilla\firefox\profiles\wc0zpky4.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Successfully deleted the following from C:\Users\Ornf\AppData\Roaming\mozilla\firefox\profiles\wc0zpky4.default\prefs.js

user_pref("extensions.crossrider.bic", "13a475ab61e40c4a92cc6a3725bd1f95");
Emptied folder: C:\Users\Ornf\AppData\Roaming\mozilla\firefox\profiles\wc0zpky4.default\minidumps [1851 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.05.2013 at 18:55:33,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Yup.

M-K-D-B · 28.05.2013, 18:41

Servus,

da wurde aber eine Menge weggeballert.

Sehr gut!

Ein AV solltest du deinstallieren.
Wir spüren noch die letzten Funde auf, damit wir sie anschließend entfernen können.

Schritt 1
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast:

Code:

ATTFilter

Microsoft Security Essentials
Avira

Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Programme deinstallieren / Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:

Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."

Schritt 2
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt 3
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*Savings Sidekick*
*babylon*
*bprotector*
*Search_Results*
*Browser Manager*
*DownTango*
*Crossrider*
*ChatZum*
*DataMngr*
*Softonic*
*SpeedBit*
*SearchQU*
*claro-search*

:folderfind
*Savings Sidekick*
*babylon*
*bprotector*
*Search_Results*
*Browser Manager*
*DownTango*
*Crossrider*
*ChatZum*
*DataMngr*
*Softonic*
*SpeedBit*
*SearchQU*
*claro-search*

:regfind
Savings Sidekick
babylon
bprotector
Search_Results
Browser Manager
DownTango
Crossrider
ChatZum
DataMngr
Softonic
SpeedBit
SearchQU
claro-search

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Bitte poste mit deiner nächsten Antwort

eine Rückmeldung für welches AV Tool du dich entschieden hast,
die beiden Logdateien von OTL,
die Logdatei von SystemLook.

Ornf · 28.05.2013, 22:15

Ahoi,
also ich hab mich für Avira entschieden.

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 28.05.2013 21:56:13 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ornf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,81 Gb Available Physical Memory | 73,10% Memory free
15,89 Gb Paging File | 13,37 Gb Available in Paging File | 84,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,00 Gb Total Space | 22,02 Gb Free Space | 11,01% Space Free | Partition Type: NTFS
Drive D: | 1663,01 Gb Total Space | 1359,60 Gb Free Space | 81,76% Space Free | Partition Type: NTFS
Drive E: | 631,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ORNF-PC | User Name: Ornf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0163C3F0-D4B9-4E55-9EBD-39C6997040A1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1C030F6C-094D-4DB8-A9DB-9C10146FBAFB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1D40F553-DD8D-40AD-B552-467521E2C1EA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1E703D69-8407-40AB-849B-DE4665B188C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{24ABACBF-7785-49ED-87A0-AB1C323B7140}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2E5A5C3A-5D3C-4BA0-A525-8DF92DCA9F41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3106258C-F32E-4412-8D94-7166911CB2F3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{416423BB-4A54-4B70-98A3-75688CE1DF47}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{427E03BA-D63C-4656-8451-62A857E3EAE2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{42EE6166-2EFF-492C-A7D5-2875CF0E3FD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4DCF904C-B162-4AB9-873C-253C544E7C0C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{505208E6-8B2F-4C63-8257-4669B6707F6E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5E778703-319B-4F1F-ADBC-D9F1D453B73E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{643CF91B-E950-461B-9C24-39A5CD6078EA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{66418C4E-D328-4160-87BC-57F2B42EE803}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6E19108E-4E99-47E3-8586-FF810B08B765}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7271FEB6-A839-48FE-AF58-D117C2004B1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{780F104B-B78B-494C-9E0B-72F040FBE74B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{856E4C22-D59D-4A31-BCE8-958C6FAB8823}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9ACEEE81-2670-453C-A5E6-320A5FAED842}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A07BE8D1-B625-455B-998B-5B56E0FB1D89}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AC4E68CE-AA54-4D85-998D-00F97FB7FBF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C4D49B55-0D94-4B92-A37A-B28FF8686DFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C6F49E8C-7CC2-4E5D-8609-B442BFDFF0E6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CB076D3B-9F22-4F04-B725-0032E214FE1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D08400B5-3730-412D-8AE1-05982D7AA0F7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D0950A29-E221-4A8D-9E49-A42768D3126F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D2D4D5AE-7FE6-4F47-AA7B-2D054B6CE07B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D7FB55F8-550C-4AFC-9FB3-BDE430D042C0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{DC5D977E-7E24-4ED4-869B-584B27C07C81}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E7D99542-9EE2-46FF-B09B-708B6E01F609}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F1BE23CD-03DD-409D-93DA-5D4512AE26AE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F8842E28-D1F6-4201-B288-1D172FE9D7D0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FCD79264-5427-43D3-B2D7-30A1CC0EEF70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0003AA50-F34C-4473-94AE-B835A79944E8}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{01066559-E780-4AFB-9914-B525415CAF45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe | 
"{01A73815-6175-480C-9EF7-D0D9F85E401F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{021729D1-C1B8-4745-AE76-7E3725368F16}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | 
"{024BDAA0-BABB-4FBF-B0C7-2FF02CAD4771}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe | 
"{0390FACD-D8A3-429D-938D-28949EF9FB8F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe | 
"{049418C5-802E-43C7-91A4-AC7A26E3F8C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{063BDADB-92A4-44A9-B6A1-6D64D02659E4}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe | 
"{074EE26D-784E-42FC-B564-346AA4015512}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{090D2A63-BC4E-47ED-93E3-84DBD58F463A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{0A203407-B333-4A16-B5B1-866054BCDFFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0A39A78E-A1DA-402C-A552-9578DE1ED72C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{0AF9B522-D3ED-47C8-B4BD-DC6DF4729FAA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{0BEE6268-8074-413B-8C78-34A97DFB5B91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{0F311AEF-7795-4907-8036-A4D3CC1F8EE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{112B196A-C081-4B62-BF4F-62A3500C934E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{19147B55-B96E-4804-8AA9-013AA0274D63}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{1A0D5178-5F37-4292-95AC-42AA0586B196}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1F8A9BE6-20E3-4C22-9CDC-B69EA1A379E8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1F984151-ED4C-44D2-92B7-DA9AC7F9C683}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1FA7A6F2-A248-4917-9953-D6689D45BD6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{1FE3C641-5885-4883-9C96-807372232685}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{2089BD29-3D57-456F-AD63-52079A9878E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{22102F4C-66AD-4A2D-B501-197DFB394BB5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{252E349C-016A-495D-A049-B9F6C1CEFEC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{27D6A6C4-20D0-4F88-BD8D-B38550F896D3}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{28422CEA-E6DC-4866-ACD7-D4CAC49BE682}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe | 
"{2DB65EE2-487F-4D96-88F2-F7D8C452A708}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{302D1E72-53F5-4F08-A4A9-AE6D1D788180}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{306936F3-FC8A-447D-B375-4C91F3FEBCFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{32F13C31-B238-4BAC-86C4-B287C0E04FA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{3597618E-6573-4ADE-8999-4AC18BEAD1EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{38E2C922-C70E-4D8D-96FF-1A52B8F367C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arx fatalis\arx.exe | 
"{3BA10621-A6C5-45D4-BBFF-39775150FEB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{3D840B11-5D94-46CF-AEA8-45D2AD32A970}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{3E91EAB1-E462-4835-9879-52F8488D3635}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{3F83932F-2562-427B-8567-F3863A87CD6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{3FDC0639-9FAF-4431-AC3D-E11BB580FC90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arx fatalis\arx.exe | 
"{40CC8786-A3C8-4862-9324-59A74C65DADD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{4308C415-9CD9-40EE-BC64-1F49F8336980}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{4537E243-3AD7-40D5-9398-F22ABFBCF3D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{4734BB14-E7EE-4EFF-B03D-FBEEFE374A0E}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{499E08AF-180A-4BFA-B9F9-5D36E27D3B4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{49EE888F-35CB-42E2-A472-EA4C482DB3C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{4DBD81D4-55A9-4C1A-AE7A-F36636602438}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{4EC3F088-0873-4C68-8959-06E8116AC126}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe | 
"{5326D1A4-BF42-4B7F-BFE6-D2AB88F1AB1E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{5A1D999A-AED1-4A40-9FB9-F748470BE162}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{5A8C694D-7249-46CF-AD8F-2BFCED3BE950}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon.exe | 
"{5F06E50D-7005-413E-BB62-FD0A7144D468}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pikaup\garrysmod\hl2.exe | 
"{6015E9FB-AA22-41D1-AEF0-80FB56FEDF67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pikaup\garrysmod\hl2.exe | 
"{6144A3FB-DBEE-48DA-8217-D866C05AFB2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe | 
"{62053463-610F-4E1D-9B15-5C868A3D6CB1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{644A7D8D-2FF0-4D71-86A7-A358DF07E330}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{685577AB-98A9-4AF8-9024-CE0A35158D2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pikaup\sourcesdk\bin\sdklauncher.exe | 
"{6D5567E8-2F36-43E6-8A79-67576A20252D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{6D562DA7-0245-4AC6-8CBC-86E89BC2D837}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe | 
"{6DD0D7C4-23F1-4A95-8873-8F6CD4B733DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{6FA332A2-72BC-4D92-8330-35A6657B3131}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arx fatalis\arx.exe | 
"{71E82813-AC6F-47DB-9E3A-D15C1F4ACDB5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{721DB0F1-2316-4A31-885D-301F5A32EB50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{769BEC3B-1744-4A6C-AEAE-39470D7D4895}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{787F4CFB-F19E-4D9D-A2B6-4AD974991299}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{792CB2C2-3478-44FB-916B-2370B8669153}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arx fatalis\arx.exe | 
"{7A5BC9F1-814E-4296-9BB7-E9EA92E24898}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe | 
"{7B387474-61E1-4B89-ABD8-D48117B854F2}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{7D281BF3-E3B7-4135-A45E-4903922703B7}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{7DF384C4-5B1D-4275-8DE4-EC743B096019}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{7E0DB156-EB30-4D5D-9252-E82E33D096BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{7ECDE23F-4D31-42C1-B970-8B5F311B562A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pikaup\sourcesdk\bin\sdklauncher.exe | 
"{7F75DA40-CE12-4476-9FB1-1212682100EC}" = protocol=6 | dir=out | app=system | 
"{81CA0DB5-6E5D-4593-9541-5539580412B6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe | 
"{83B3F1F7-31A7-4E56-AEF6-09F3A30525E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{853F6ACA-3C54-4A4E-ABE5-78974AD094B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{867C4036-3D47-4BDB-AFB7-D6B034298996}" = protocol=17 | dir=in | app=c:\users\ornf\appdata\roaming\spotify\spotify.exe | 
"{86F300B3-1F49-40C3-B3B6-53FA37A0B75F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{884B890C-B521-4F9E-9483-7EFE3D0E4E93}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8A231D42-7395-4B12-A1A0-8336EF0E3857}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe | 
"{8ABC9064-5EBD-4231-86CB-C57D204C0430}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{8DE5CF22-7C06-4765-81DD-720BB017DE4F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{8EBC46CB-8A26-4485-BC66-B29C5E393881}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pikaup\garrysmod\hl2.exe | 
"{8F24B2A3-3570-45BF-BD01-9B2C18DCB4EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{92572BCE-BF01-4FD7-BCFE-CDD22A16B21E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\qube\binaries\win32\qube.exe | 
"{93064471-AD2A-4D12-9695-0A203CB8A25F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{9418FAE0-A412-4F48-BA03-A324A9FDBC1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe | 
"{949BA90B-55F3-4707-B72B-F3720966ACF3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{95E50CB9-0A18-4E76-AEF5-99B5085B265E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9642E4ED-E342-42E3-8B2A-EEC3CEA3D0EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{969F6061-D572-4A40-8728-67DEB5B905C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{97A07EB0-D755-4D8F-B03C-4788133EED67}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{97BAE96F-9A69-4FA1-986B-DAA626F96310}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{97DBD8F2-525F-4A13-B481-FF78A0B41D2E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C1102D2-E9CB-4371-9526-A8BA84FA4AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super house of dead ninjas\shodn.exe | 
"{9D52D932-73D9-4113-A857-CD5A60B46478}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9D83A41A-44E9-4245-B5D7-0CBFB7E8DEF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{A12D276A-9B48-420A-BF56-40F929478B13}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | 
"{A19B58B9-77C3-404B-ACAE-42AD62B0968C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A1D4F965-F53E-46EE-8347-91D32EB61468}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{A37CA007-6BB2-437A-9F57-BEC1729792FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A54DCA5C-9635-4B04-8100-CFFBEB116D0D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon.exe | 
"{A6A2413C-5D03-4CC0-BD2F-862CDF272C95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{A796E492-AEDC-41ED-901C-55BFF98BCE62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pikaup\sourcesdk\bin\sdklauncher.exe | 
"{A95EED48-4890-4F01-B519-8C5F676F8365}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{AC3EA8FF-4577-4C77-9061-5FD07D755489}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{AC7DC1AD-A2C9-42E6-A445-BBF1E9D3AB81}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{ACA90D6D-331A-41BC-B36A-4D759130B90C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{ACE3F913-EAB8-4ACC-A39B-311B92691EB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD5B7C7D-88A9-4C2A-9C6B-2BF2F710345E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{B0C73FE6-54D7-4E84-9C81-A7921FD7116B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\qube\binaries\win32\qube.exe | 
"{B237E034-97BC-45CC-830D-EF3FF98D79EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{B40B4D49-3EAD-4D77-858F-1F60CB485D1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pikaup\sourcesdk\bin\sdklauncher.exe | 
"{B55E17A9-C55F-4526-8F58-AC5E310F89DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B8888E49-1AD4-4A93-B108-30AE580C157D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{BAB42B3B-24F6-4362-8DD6-EB96E7FC7E2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{BBFC36A0-52E1-4C9D-8462-441F48EF2B07}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{BF2CA135-AB55-4789-9211-D0F0579D17EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{C28EB1B1-2F15-4EF8-AAED-CCAFB097B9B6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C54828A5-791B-403F-8998-7A542A1F37D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super house of dead ninjas\shodn.exe | 
"{C5817979-E0F9-45E6-B8B4-4AFA4477630E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pikaup\garrysmod\hl2.exe | 
"{CB2E90F9-71A6-4D14-900A-1FB57642B97F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{CCA72091-B506-42E1-AA50-233707B1BEC7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D203D3E8-7605-4E65-A51B-B9D4D18F994B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{D3C79F26-E010-49A4-BAFF-98164224AB4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe | 
"{D6E09F63-1BD7-4BDF-ACC8-E6277994BF07}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype\prototypef.exe | 
"{D7B8BB69-F118-44D3-9F16-362736E9A67B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D81D8326-914B-4990-B976-48B757619D48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{D9CFFDA9-03A3-4C16-8113-34AF4673A813}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{DEFB5E60-1231-4787-A71C-0DEE5A4413BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{DF297872-D377-4882-9C4F-592A61D1BF1E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{E1B9EC8F-75D0-4858-A04A-FEEF7FB15094}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E32A71CB-F1DB-48F4-8E66-6317E8A56AD3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{E617427C-B3A7-4322-A4B1-ADF5A7F57867}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{E6CAF221-6BCE-4350-AF8B-0C019386D4C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe | 
"{E9976C94-068A-4FF3-9EFF-0FFF1F98A0A8}" = protocol=17 | dir=in | app=c:\users\ornf\appdata\roaming\spotify\spotify.exe | 
"{EBEA2AA4-2C49-4536-9D93-B7A31843D4E4}" = protocol=6 | dir=in | app=c:\users\ornf\appdata\roaming\spotify\spotify.exe | 
"{F46F126E-1FAC-4D7D-A744-A1B649E133B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{F494A713-15AA-4DEA-9C0C-7422087A0837}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5B90B18-A5EA-41C2-854C-A8DA9FD74A58}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe | 
"{F68B2E29-D429-43D1-A851-36842F478475}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F6EE072E-81D8-44BB-8193-AFB27BFB51F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F72CB4EC-4ACF-4A15-9D4B-F1AB15CF3CAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{F82704D9-8F5D-4DFF-AB1C-404310C00F3A}" = protocol=6 | dir=in | app=c:\users\ornf\appdata\roaming\spotify\spotify.exe | 
"{F88208FF-973C-4DA5-9921-4A4672846968}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F8C117C3-EBB7-43AB-B3FB-83BA0A1B3C80}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{FA0A074B-D673-49E6-8D3F-676FD365098B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF0C4898-FA78-443C-B1FA-B22A41C96772}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"TCP Query User{143F3C3D-04C3-4816-8241-67CBBAD09AF0}D:\program files (x86)\warcraft iii crack\yawle.exe" = protocol=6 | dir=in | app=d:\program files (x86)\warcraft iii crack\yawle.exe | 
"TCP Query User{16639771-5C72-43C5-B4DF-6F02B7B2450A}D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"TCP Query User{197F6BE8-62F8-47AF-BBE5-8FB4DFBEE483}D:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"TCP Query User{1FEB5C49-A778-4FD6-B4A5-C8E3765952E1}D:\program files (x86)\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\counter-strike source\hl2.exe | 
"TCP Query User{29B8309F-ACBC-4288-913F-B93A0F48FC65}D:\program files (x86)\steam\steamapps\common\team fortress 2 beta\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\team fortress 2 beta\hl2.exe | 
"TCP Query User{36FD0A9B-D00E-4465-8DB3-FB2725540DBA}D:\program files (x86)\counterstrike\hl.exe" = protocol=6 | dir=in | app=d:\program files (x86)\counterstrike\hl.exe | 
"TCP Query User{63537931-112A-4ADC-9021-33BFE2E76D27}C:\program files (x86)\steam\steamapps\pikaup\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pikaup\team fortress 2\hl2.exe | 
"TCP Query User{66242C42-69AD-4739-9274-DCED456C3037}D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"TCP Query User{66D0F42F-B2CE-4452-97E2-923FA34EC7C1}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{6DE4C5D1-1F08-4C64-A952-08C66568C21E}C:\users\ornf\halo custom edition\haloce.exe" = protocol=6 | dir=in | app=c:\users\ornf\halo custom edition\haloce.exe | 
"TCP Query User{6FEFE6CA-0AF4-498F-8FDB-76E2116A8488}D:\program files (x86)\unreal tournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=d:\program files (x86)\unreal tournament\system\unrealtournament.exe | 
"TCP Query User{7925FD9A-7BAF-4D68-8C8C-9D55C05F2CC3}C:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"TCP Query User{81120938-DF12-450D-8384-BC1767B22E0D}D:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=d:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe | 
"TCP Query User{8FC4632C-DF5B-4954-8827-6405BD25120D}F:\warcraft iii crack\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii crack\war3.exe | 
"TCP Query User{A70C2011-A95F-40F3-AD78-21981F7E1D2E}D:\program files (x86)\warcraft iii crack\war3.exe" = protocol=6 | dir=in | app=d:\program files (x86)\warcraft iii crack\war3.exe | 
"TCP Query User{BC4CCB0F-0050-454F-A071-37637DA43585}D:\program files (x86)\steam\steamapps\common\loadout\loadout.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\loadout\loadout.exe | 
"TCP Query User{C88ED0B1-89D1-46A1-BF0D-79CDA80F9FEC}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{CADCA6E3-6AD5-4FB6-9353-A03B61D2463C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{CF449ACF-67EF-433F-83C9-D5B0B3BF5379}D:\program files (x86)\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\program files (x86)\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{D2A4C561-0A7D-4D1C-B542-CFC930C25EB2}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{D9A2303C-AD07-46A6-8CA4-9D2B985C4F86}D:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"TCP Query User{E9C21F4E-5D31-49A1-B9DA-70942B779C07}C:\program files (x86)\steam\steamapps\stammen98\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\stammen98\team fortress 2\hl2.exe | 
"TCP Query User{EA98269D-D7AD-4126-91A5-BE13082A08F9}D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"TCP Query User{F20558BC-A0EA-4FE8-9879-FF093F60D791}C:\program files (x86)\duty calls\binaries\win32\dutycalls.exe" = protocol=6 | dir=in | app=c:\program files (x86)\duty calls\binaries\win32\dutycalls.exe | 
"TCP Query User{F4C0348B-9738-440D-B4DA-35B9F14FFC48}D:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"TCP Query User{F68E9D64-686D-4663-9F26-C0E316AB708E}D:\program files (x86)\runensammeln\system\rune.exe" = protocol=6 | dir=in | app=d:\program files (x86)\runensammeln\system\rune.exe | 
"UDP Query User{218AC77A-BCB0-4AA9-8E47-00567BC4B961}C:\program files (x86)\steam\steamapps\stammen98\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\stammen98\team fortress 2\hl2.exe | 
"UDP Query User{2224DA88-87DC-424C-80B4-1A3C5FD9DF7C}D:\program files (x86)\counterstrike\hl.exe" = protocol=17 | dir=in | app=d:\program files (x86)\counterstrike\hl.exe | 
"UDP Query User{224AC1A5-E40E-4AED-91BE-0C3B32F4F48F}C:\users\ornf\halo custom edition\haloce.exe" = protocol=17 | dir=in | app=c:\users\ornf\halo custom edition\haloce.exe | 
"UDP Query User{4267D6C8-B860-4390-8560-ECF4706B4818}D:\program files (x86)\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\counter-strike source\hl2.exe | 
"UDP Query User{4D19B16D-3053-4C1C-BEB6-04CEABB1838C}C:\program files (x86)\steam\steamapps\pikaup\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pikaup\team fortress 2\hl2.exe | 
"UDP Query User{4F9A63A5-2DDC-41A8-9F56-978965D4E2A1}C:\program files (x86)\duty calls\binaries\win32\dutycalls.exe" = protocol=17 | dir=in | app=c:\program files (x86)\duty calls\binaries\win32\dutycalls.exe | 
"UDP Query User{59BCBAE7-1510-4CD1-BF74-83386487FD18}D:\program files (x86)\steam\steamapps\common\team fortress 2 beta\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\team fortress 2 beta\hl2.exe | 
"UDP Query User{5B8635BC-ADF1-45CB-AF0C-9B65FB3ABE4A}D:\program files (x86)\runensammeln\system\rune.exe" = protocol=17 | dir=in | app=d:\program files (x86)\runensammeln\system\rune.exe | 
"UDP Query User{5D6ECBAD-8730-4F29-891C-E5FD4752C1E5}D:\program files (x86)\warcraft iii crack\war3.exe" = protocol=17 | dir=in | app=d:\program files (x86)\warcraft iii crack\war3.exe | 
"UDP Query User{60E3D40A-7B43-4DD2-87CC-B648631B8237}D:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=d:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe | 
"UDP Query User{6740EC8E-03BE-458F-A507-8CDD9756EFA1}F:\warcraft iii crack\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii crack\war3.exe | 
"UDP Query User{6AF180C8-303C-401D-8F50-8D7AA4988308}D:\program files (x86)\unreal tournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=d:\program files (x86)\unreal tournament\system\unrealtournament.exe | 
"UDP Query User{8485B005-93C2-4C0B-B92F-1D501D522C74}D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"UDP Query User{8B61DDAC-52D1-4644-9527-A29B6CDCD679}D:\program files (x86)\steam\steamapps\common\loadout\loadout.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\loadout\loadout.exe | 
"UDP Query User{8E2881D3-01D6-451C-B3D0-EE422CA18432}D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"UDP Query User{950DEC89-599D-4C68-8521-C1C6A80D96A9}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{9589D84C-4D2A-40A2-80B8-18135AFAC07D}D:\program files (x86)\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\program files (x86)\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{9CA0EF7C-A304-45F4-AC71-B8607683885C}C:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"UDP Query User{A0941577-64C1-4617-A811-FFE481C6AEF5}D:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"UDP Query User{A3D29BF4-426D-4F4D-84E2-CE79B978E250}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{B46DED93-8727-4196-836B-C9C535AB659A}D:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"UDP Query User{DC713805-874A-4B0F-9870-A747B89CFAC4}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{E6C4CD79-110A-4129-8448-8E949E40817F}D:\program files (x86)\warcraft iii crack\yawle.exe" = protocol=17 | dir=in | app=d:\program files (x86)\warcraft iii crack\yawle.exe | 
"UDP Query User{EAAC0517-91D1-421F-B7F1-0B34490CDA04}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{EDA6EB5F-8F66-49AE-91AA-6532C96A78D8}D:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"UDP Query User{FF847AAC-3C4B-4881-9B56-C3E9ECDD6DD4}D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64 edition)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"GIMP-2_is1" = GIMP 2.8.4
"LAGARITH" = Lagarith lossless video codec (Remove Only)
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PerformanceTest 8_is1" = PerformanceTest v8.0
"sp6" = Logitech SetPoint 6.32
"Speccy" = Speccy
"UDK-ee04c4a8-f2a1-47b0-9c17-10a903eefbcc" = My Game Long Name
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.6
"{25D56EF8-ED54-41F2-B3AB-C62F76A54E1E}" = KCService.de Fernwartung
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C047BD9-6E24-4728-9C46-0AE4814997CF}" = DayZ Commander
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D938EC0-26C8-4926-B082-64BABE34EB84}" = MorphVOX Pro
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EB3C9064-9140-4279-9E51-965119402151}" = Plantronics® GameCom 780 Software for Dolby® Headphone
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FC8A7918-D65D-440C-9596-C88185E8DCA4}" = Activision(R)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Clownfish" = Clownfish for Skype
"ESN Sonar-0.70.4" = ESN Sonar
"Fake Voice_is1" = Fake Voice 2.0.0
"FakeVoice7_is1" = Fake Voice 7.0
"Free Audio Converter_is1" = Free Audio Converter version 5.0.24.422
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.422
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"GoldWave v5.54" = GoldWave v5.54
"GoldWave v5.68" = GoldWave v5.68
"InstallShield_{FC8A7918-D65D-440C-9596-C88185E8DCA4}" = Drum Controller Standard Tuning Kit
"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PCSafeDoctor_is1" = PCSafeDoctor
"PunkBusterSvc" = PunkBuster Services
"Steam App 10150" = Prototype
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 105600" = Terraria
"Steam App 113200" = The Binding of Isaac
"Steam App 11450" = Overlord
"Steam App 1700" = Arx Fatalis
"Steam App 200210" = Realm of the Mad God
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 203730" = Q.U.B.E.
"Steam App 205100" = Dishonored
"Steam App 208090" = Loadout
"Steam App 209870" = Blacklight: Retribution
"Steam App 211" = Source SDK
"Steam App 212800" = Super Crate Box
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 214790" = The Basement Collection
"Steam App 219540" = ARMA 2: Operation Arrowhead Beta
"Steam App 220240" = Far Cry® 3
"Steam App 224540" = Ace of Spades
"Steam App 224820" = Super House of Dead Ninjas
"Steam App 227580" = 10,000,000
"Steam App 233270" = Far Cry® 3 Blood Dragon
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 4000" = Garry's Mod
"Steam App 40800" = Super Meat Boy
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 520" = Team Fortress 2 Beta
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"Steam App 7670" = BioShock
"Tunngle beta_is1" = Tunngle beta
"Uplay" = Uplay
"Winamp" = Winamp
"Winamp PowerPlayer" = PowerPlayer II
"WinLiveSuite" = Windows Live Essentials
"Yawle_0.3b" = YAWLE 0.5b
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
 
< End of report >

SystemLook.txt

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 22:15 on 28/05/2013 by Ornf
Administrator - Elevation successful

========== filefind ==========

Searching for "*Savings Sidekick*"
No files found.

Searching for "*babylon*"
C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo\maps\ar_babylon_b1.bsp	--a---- 10140052 bytes	[14:15 14/09/2012]	[14:15 14/09/2012] 61F26834A54C91EF27861BC38EB63917
C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo\maps\ar_babylon_b1.nav	--a---- 478579 bytes	[14:15 14/09/2012]	[14:15 14/09/2012] 96454C1CBE319C0EFA55209C5E70AE1B
C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo\resource\overviews\ar_babylon_b1.txt	--a---- 109 bytes	[14:15 14/09/2012]	[14:15 14/09/2012] 035335FAE75D78180D76B04021822B74
C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo\resource\overviews\ar_babylon_b1_radar.dds	--a---- 524416 bytes	[14:15 14/09/2012]	[14:15 14/09/2012] 6F64DC7F34E1FAFB8BB253237A6138B5
C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\stahlregen + geiss + shifter - babylon.milk	--a---- 26473 bytes	[20:18 28/04/2009]	[20:18 28/04/2009] FD56279AD850D3AA87454766302DACF1

Searching for "*bprotector*"
No files found.

Searching for "*Search_Results*"
No files found.

Searching for "*Browser Manager*"
C:\Windows\System32\Tasks\Browser Manager	--a---- 3434 bytes	[16:14 28/05/2013]	[16:14 28/05/2013] 62C1920AA05CF16742C6302836F725D1

Searching for "*DownTango*"
C:\Users\Ornf\Desktop\* * *\DownTango_Avenged_Sevenfold_-_A_Little_Piece_Of_Heaven.exe	--a---- 693880 bytes	[17:47 02/02/2013]	[17:47 02/02/2013] 03D8E2964EA34DE32C6068FFD0DADF25

Searching for "*Crossrider*"
No files found.

Searching for "*ChatZum*"
No files found.

Searching for "*DataMngr*"
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll.vir	--a---- 1723320 bytes	[21:21 07/09/2012]	[11:21 02/09/2012] 701DE10A1390D1D67B3432491867B2B1
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe.vir	--a---- 1890744 bytes	[21:21 07/09/2012]	[11:21 02/09/2012] 1B34BB332729A9B288DA14CE5EA5149F
C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-DATAMNGR.reg.dat	--a---- 153 bytes	[16:11 28/05/2013]	[16:11 28/05/2013] 5516EDD1B7A797BA8C0B968211693E30

Searching for "*Softonic*"
C:\Users\Ornf\Desktop\* * *\SoftonicDownloader_fuer_fake-voice.exe	--a---- 373440 bytes	[20:18 09/10/2012]	[20:18 09/10/2012] 66C98963DAE792535F377AC8653D8B3F
C:\Users\Ornf\Desktop\* * *\SoftonicDownloader_fuer_morphvox.exe	--a---- 373432 bytes	[20:11 09/10/2012]	[20:11 09/10/2012] A5D46CF758714CA4F8AFAC3BF2EEFF74

Searching for "*SpeedBit*"
No files found.

Searching for "*SearchQU*"
No files found.

Searching for "*claro-search*"
No files found.

========== folderfind ==========

Searching for "*Savings Sidekick*"
C:\Qoobox\Quarantine\C\Users\Ornf\AppData\Local\Savings Sidekick	d------	[18:53 26/05/2013]

Searching for "*babylon*"
No folders found.

Searching for "*bprotector*"
No folders found.

Searching for "*Search_Results*"
No folders found.

Searching for "*Browser Manager*"
No folders found.

Searching for "*DownTango*"
No folders found.

Searching for "*Crossrider*"
No folders found.

Searching for "*ChatZum*"
No folders found.

Searching for "*DataMngr*"
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr	d------	[18:52 26/05/2013]

Searching for "*Softonic*"
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.en.softonic.com	d------	[15:55 26/11/2012]
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.softonic.de	d------	[20:12 09/10/2012]
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.en.softonic.com	d------	[15:55 26/11/2012]
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.softonic.de	d------	[20:12 09/10/2012]

Searching for "*SpeedBit*"
C:\Program Files\Common Files\SpeedBit	d------	[17:38 13/04/2013]
C:\Users\Public\Documents\Speedbit	d------	[17:38 13/04/2013]

Searching for "*SearchQU*"
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar	d------	[18:52 26/05/2013]

Searching for "*claro-search*"
No folders found.

========== regfind ==========

Searching for "Savings Sidekick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}]
"AppName"="Savings Sidekick-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}]
"AppPath"="C:\Program Files (x86)\Savings Sidekick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\savings sidekick-bg_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\savings sidekick-bg_RASMANCS]

Searching for "babylon"
[HKEY_CURRENT_USER\Software\Clownfish]
"BabylonFrom"="32940"
[HKEY_CURRENT_USER\Software\Clownfish]
"BabylonTo"="32971"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Clownfish]
"BabylonFrom"="32940"
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Clownfish]
"BabylonTo"="32971"

Searching for "bprotector"
No data found.

Searching for "Search_Results"
No data found.

Searching for "Browser Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC886710-9DF8-4920-872A-1C68C9CC20A1}]
"Path"="\Browser Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Manager]

Searching for "DownTango"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Red Sky\DownTango]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Red Sky\DownTango]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Red Sky\DownTango]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTango_Avenged_Sevenfold_-_A_Little_Piece_Of_Heaven_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTango_Avenged_Sevenfold_-_A_Little_Piece_Of_Heaven_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo ws\CurrentVersion\Uninstall\DownTango]
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Red Sky\DownTango]
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Red Sky\DownTango]
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Red Sky\DownTango]

Searching for "Crossrider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}]
@="ICrossriderBHO"

Searching for "ChatZum"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840239527-1524616062-737289275-1001\Software\TBSB09850\Toolbar]
"toolbar_name"="ChatZum Toolbar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840239527-1524616062-737289275-1001\Software\TBSB09850\Toolbar]
"UsedSearchProvidersURLs"="hxxp://search.chatzum.com/?q={SearchTerms}
"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840239527-1524616062-737289275-1001\Software\TBSB09850\Toolbar]
"AutoSearch"="hxxp://utils.chatzum.com/?url=%s"
[HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.chatzum.com/"
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.chatzum.com/"
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1000\Software\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.chatzum.com/"
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1000_Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.chatzum.com/"
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840239527-1524616062-737289275-1001\Software\TBSB09850\Toolbar]
"toolbar_name"="ChatZum Toolbar"
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840239527-1524616062-737289275-1001\Software\TBSB09850\Toolbar]
"UsedSearchProvidersURLs"="hxxp://search.chatzum.com/?q={SearchTerms}
"
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840239527-1524616062-737289275-1001\Software\TBSB09850\Toolbar]
"AutoSearch"="hxxp://utils.chatzum.com/?url=%s"
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.chatzum.com/"
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001_Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.chatzum.com/"

Searching for "DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3FAD1C1-195B-4CE1-8EF7-A141CEF029F7}]
"AppPath"="C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFA7C94C-6761-408C-95EF-92EB92402C22}]
"AppPath"="C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0003AA50-F34C-4473-94AE-B835A79944E8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8ABC9064-5EBD-4231-86CB-C57D204C0430}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0003AA50-F34C-4473-94AE-B835A79944E8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8ABC9064-5EBD-4231-86CB-C57D204C0430}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0003AA50-F34C-4473-94AE-B835A79944E8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8ABC9064-5EBD-4231-86CB-C57D204C0430}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"

Searching for "Softonic"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\defb8363_0]
@="{0.0.0.00000000}.{fc38f6ba-2c06-40fb-a359-5b3c8ae2d13d}|\Device\HarddiskVolume1\Users\Ornf\Desktop\SoftonicDownloader_fuer_morphvox.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ed0e85ba_0]
@="{0.0.0.00000000}.{fc38f6ba-2c06-40fb-a359-5b3c8ae2d13d}|\Device\HarddiskVolume1\Users\Ornf\Desktop\SoftonicDownloader_fuer_fake-voice.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_dmg-extractor_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_dmg-extractor_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fake-voice_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fake-voice_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASMANCS]
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\defb8363_0]
@="{0.0.0.00000000}.{fc38f6ba-2c06-40fb-a359-5b3c8ae2d13d}|\Device\HarddiskVolume1\Users\Ornf\Desktop\SoftonicDownloader_fuer_morphvox.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ed0e85ba_0]
@="{0.0.0.00000000}.{fc38f6ba-2c06-40fb-a359-5b3c8ae2d13d}|\Device\HarddiskVolume1\Users\Ornf\Desktop\SoftonicDownloader_fuer_fake-voice.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "SpeedBit"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpeedBit Video Accelerator]
[HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SBUPDD\0000]
"DeviceDesc"="SpeedBit UpdateD"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SBUpd]
"ImagePath"="C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe /service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SBUpd]
"DisplayName"="SpeedBit Update"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SBUpdd]
"ImagePath"="\??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SBUpdd]
"DisplayName"="SpeedBit UpdateD"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SBUPDD\0000]
"DeviceDesc"="SpeedBit UpdateD"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SBUpd]
"ImagePath"="C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe /service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SBUpd]
"DisplayName"="SpeedBit Update"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SBUpdd]
"ImagePath"="\??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SBUpdd]
"DisplayName"="SpeedBit UpdateD"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SBUPDD\0000]
"DeviceDesc"="SpeedBit UpdateD"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SBUpd]
"ImagePath"="C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe /service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SBUpd]
"DisplayName"="SpeedBit Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SBUpdd]
"ImagePath"="\??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SBUpdd]
"DisplayName"="SpeedBit UpdateD"
[HKEY_USERS\.DEFAULT\Software\SpeedBit]
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1000\Software\SpeedBit]
[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpeedBit Video Accelerator]
[HKEY_USERS\S-1-5-18\Software\SpeedBit]

Searching for "SearchQU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0003AA50-F34C-4473-94AE-B835A79944E8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8ABC9064-5EBD-4231-86CB-C57D204C0430}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0003AA50-F34C-4473-94AE-B835A79944E8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8ABC9064-5EBD-4231-86CB-C57D204C0430}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0003AA50-F34C-4473-94AE-B835A79944E8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8ABC9064-5EBD-4231-86CB-C57D204C0430}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"

Searching for "claro-search"
No data found.

-= EOF =-

OTL.txt wäre zu lang geworden also musste ich es als Anhang reinstellen

M-K-D-B · 28.05.2013, 22:34

Servus,

wir entfernen jetzt noch die letzten Reste und kontrollieren nochmal alles.

Finger weg von Softonic, damit handelst du dir nur lauter Müll ein!

Zitat:

C:\Users\Ornf\Desktop\* * *\SoftonicDownloader_fuer_fake-voice.exe
C:\Users\Ornf\Desktop\* * *\SoftonicDownloader_fuer_morphvox.exe

Ggf. musst du unkenntlich gemachte Namen (***) durch den richtigen Namen ersetzen, sonst wird der OTL-Fix nicht funktionieren!

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
SRV:64bit: - [2013.02.27 15:22:04 | 001,097,848 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe -- (SBUpd)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Ornf\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ornf\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found

:files
C:\Windows\System32\Tasks\Browser Manager
C:\Program Files\Common Files\SpeedBit
C:\Users\Ornf\Desktop\* * *\SoftonicDownloader_fuer_fake-voice.exe
C:\Users\Ornf\Desktop\* * *\SoftonicDownloader_fuer_morphvox.exe
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.en.softonic.com
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.softonic.de
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.en.softonic.com
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.softonic.de
C:\Program Files\Common Files\SpeedBit
C:\Users\Public\Documents\Speedbit

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\savings sidekick-bg_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\savings sidekick-bg_RASMANCS]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Red Sky\DownTango]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTango_Avenged_Sevenfold_-_A_Little_Piece_Of_Heaven_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTango_Avenged_Sevenfold_-_A_Little_Piece_Of_Heaven_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo ws\CurrentVersion\Uninstall\DownTango]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840239527-1524616062-737289275-1001\Software\TBSB09850]

[HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="www.google.de"

[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="www.google.de"

[HKEY_USERS\S-1-5-21-1840239527-1524616062-737289275-1000\Software\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="www.google.de"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3FAD1C1-195B-4CE1-8EF7-A141CEF029F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFA7C94C-6761-408C-95EF-92EB92402C22}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0003AA50-F34C-4473-94AE-B835A79944E8}"=-
"{8ABC9064-5EBD-4231-86CB-C57D204C0430}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_dmg-extractor_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_dmg-extractor_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fake-voice_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fake-voice_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASMANCS]

[-HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit]
[-HKEY_USERS\.DEFAULT\Software\SpeedBit]

:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Ornf · 29.05.2013, 17:37

Hey,
Also OTL.exe hat bei mir schon ziemlich früh aufgehört zu arbeiten und im Fenster stand "keine Rückmeldung". Mir war klar dass das oft normal bei solchen Programmen ist, also hab ich gewartet, ca. 1 Stunde lang. Ich dachte das wäre ein Fehler weil von sehr langer Wartezeit hier nicht die Rede war, also beendete ich das Programm und startete den PC neu, da Firefox nicht mehr laden wollte.

M-K-D-B · 29.05.2013, 20:29

Servus,

versuch diesen Fix mit OTL bitte:

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
SRV:64bit: - [2013.02.27 15:22:04 | 001,097,848 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe -- (SBUpd)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Ornf\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ornf\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found

:files
C:\Windows\System32\Tasks\Browser Manager
C:\Program Files\Common Files\SpeedBit
C:\Users\Ornf\Desktop\* * *\SoftonicDownloader_fuer_fake-voice.exe
C:\Users\Ornf\Desktop\* * *\SoftonicDownloader_fuer_morphvox.exe
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.en.softonic.com
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.softonic.de
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.en.softonic.com
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.softonic.de
C:\Program Files\Common Files\SpeedBit
C:\Users\Public\Documents\Speedbit

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\savings sidekick-bg_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\savings sidekick-bg_RASMANCS]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Red Sky\DownTango]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTango_Avenged_Sevenfold_-_A_Little_Piece_Of_Heaven_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTango_Avenged_Sevenfold_-_A_Little_Piece_Of_Heaven_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo ws\CurrentVersion\Uninstall\DownTango]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840239527-1524616062-737289275-1001\Software\TBSB09850]

[HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="www.google.de"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3FAD1C1-195B-4CE1-8EF7-A141CEF029F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFA7C94C-6761-408C-95EF-92EB92402C22}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0003AA50-F34C-4473-94AE-B835A79944E8}"=-
"{8ABC9064-5EBD-4231-86CB-C57D204C0430}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_dmg-extractor_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_dmg-extractor_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fake-voice_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fake-voice_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASMANCS]

[-HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit]
[-HKEY_USERS\.DEFAULT\Software\SpeedBit]

:Commands
[reboot]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

M-K-D-B · 03.06.2013, 15:25

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Ornf · 13.06.2013, 21:23

Halloooooo?

M-K-D-B · 15.06.2013, 13:30

Wie sieht es aus?

Ornf · 15.06.2013, 20:22

Hallo,

Danke erst mal dass du meine Entschuldigung angenommen hast

,
aber es gab scheinbar wirklich ein Problem. Bei mir ist nie ein OTL-Fix angekommen.

EDIT: Oh Gott ich bin so strohdoof, ich habe nicht gesehen das es auf der zweiten Seite weiter ging, das ist mir grade eben erst aufgefallen

Beachte das oben geschriebene einfach nicht xD

Nochmal EDIT: Ich hätte schon beim ersten Mal die Logatei mit dem Fix hier reinstellen sollen, aber es ist spät und ich bin müde

Code:

ATTFilter

========== OTL ==========
Service SBUpd stopped successfully!
Service SBUpd deleted successfully!
C:\Programme\Common Files\SpeedBit\SBUpdate\sbu.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ not found.
========== FILES ==========
File\Folder C:\Windows\System32\Tasks\Browser Manager not found.
C:\Program Files\Common Files\SpeedBit\SBUpdate folder moved successfully.
C:\Program Files\Common Files\SpeedBit folder moved successfully.
File\Folder C:\Users\Ornf\Desktop\* * *\SoftonicDownloader_fuer_fake-voice.exe not found.
File\Folder C:\Users\Ornf\Desktop\* * *\SoftonicDownloader_fuer_morphvox.exe not found.
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.en.softonic.com\shared\flash\rs\storage.swf folder moved successfully.
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.en.softonic.com\shared\flash\rs folder moved successfully.
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.en.softonic.com\shared\flash folder moved successfully.
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.en.softonic.com\shared folder moved successfully.
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.en.softonic.com folder moved successfully.
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.softonic.de\shared\flash\rs\storage.swf folder moved successfully.
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.softonic.de\shared\flash\rs folder moved successfully.
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.softonic.de\shared\flash folder moved successfully.
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.softonic.de\shared folder moved successfully.
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GMQH7PN7\static.softonic.de folder moved successfully.
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.en.softonic.com folder moved successfully.
C:\Users\Ornf\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.softonic.de folder moved successfully.
File\Folder C:\Program Files\Common Files\SpeedBit not found.
C:\Users\Public\Documents\Speedbit folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21111111-1111-1111-1111-110011501160}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\savings sidekick-bg_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\savings sidekick-bg_RASMANCS\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Red Sky\DownTango\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTango_Avenged_Sevenfold_-_A_Little_Piece_Of_Heaven_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DownTango_Avenged_Sevenfold_-_A_Little_Piece_Of_Heaven_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo ws\CurrentVersion\Uninstall\DownTango\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55555555-5555-5555-5555-550055505560}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1840239527-1524616062-737289275-1001\Software\TBSB09850\ deleted successfully.
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"www.google.de" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3FAD1C1-195B-4CE1-8EF7-A141CEF029F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FAD1C1-195B-4CE1-8EF7-A141CEF029F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFA7C94C-6761-408C-95EF-92EB92402C22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFA7C94C-6761-408C-95EF-92EB92402C22}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0003AA50-F34C-4473-94AE-B835A79944E8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0003AA50-F34C-4473-94AE-B835A79944E8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8ABC9064-5EBD-4231-86CB-C57D204C0430} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ABC9064-5EBD-4231-86CB-C57D204C0430}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_dmg-extractor_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_dmg-extractor_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fake-voice_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fake-voice_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\SpeedBit\ deleted successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 06152013_213437

28.05.2013, 16:04	#5
M-K-D-B /// TB-Ausbilder	Exploit:Java/CVE-2013-0431 und co. Funde von MCE Servus, Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern, benenne die ComboFix.exe in NoMBR.exe um und führe ComboFix im abgesicherten Modus nochmal aus. Anschließend gehts weiter mit AdwCleaner und JRT (beide im normalen Modus ausführen).

15.06.2013, 13:30	#14
M-K-D-B /// TB-Ausbilder	Exploit:Java/CVE-2013-0431 und co. Funde von MCE Wie sieht es aus?

Exploit:Java/CVE-2013-0431 und co. Funde von MCE

Log-Analyse und Auswertung: Exploit:Java/CVE-2013-0431 und co. Funde von MCE