| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner: Gesellschaft zur Verfügung von UrheberrechtsverletzungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.07.2013, 13:53
| #1 |
 |  Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen Hallo zusammen, auch ich bin heute Opfer des oben genannten Trojaners geworden und habe mich selbst schon an die Arbeit gemacht diesen wieder zu entfernen. Ich bin mir aber sicher, dass ich da noch Hilfe gebrauchen könnte  Von mir durchgeführte Schritte: (Nach folgender Anleitung: hxxp://www.chip.de/bildergalerie/GVU-BKA-GEMA-So-entfernen-Sie-den-Trojaner-von-Ihrem-System-Galerie_54218633.html ) 1. Im abgesicherten Modus gestartet 2. Installierte .exe aus Laufwerk C gelöscht, die zum Zeitpunkt der Meldung erstellt wurde. 3. In der registry unter "HKEY_CURRENT_USER\SOFTWARE\Microsoft\ Windows\CurrentVersion\" in: Run, RunOnce, RunServices mir verdächtige Einträge entfernt. 4. In der registry unter "HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\" in: Run, RunOnce, RunOnceEx, RunServices, RunServicesOnce mir verdächtige Einträge entfernt. 5. Anschließend hab ich, aufgrund eines gefundenen Forenbeitrags (hxxp://forum.botfrei.de/showthread.php?1353-Trickbetr%FCgertrojaner/page5 ) , OTL benutzt und folgende Log files bekommen: OTL: Code:
ATTFilter OTL logfile created on: 05.07.2013 10:32:31 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gerald\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,23 Gb Available Physical Memory | 80,94% Memory free 7,99 Gb Paging File | 7,38 Gb Available in Paging File | 92,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,27 Gb Total Space | 172,09 Gb Free Space | 60,11% Space Free | Partition Type: NTFS Drive F: | 1,87 Gb Total Space | 1,87 Gb Free Space | 99,96% Space Free | Partition Type: FAT Computer Name: GERALD-PC | User Name: Gerald | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Gerald\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (M4-Service) -- C:\Users\Gerald\AppData\Roaming\Mikogo 4\M4-Service.exe () SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (pgsql-8.3) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (HauppaugeTVServer) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c8452f08000000000000001e64285659&tlver=1.4.19.19&affID=17159 IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={A88782F2-4C26-11E2-95C0-00262D655BDB} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\.DEFAULT\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-18\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360110a916l03h8z195t5861y585 IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c8452f08000000000000001e64285659&tlver=1.4.19.19&affID=17159 IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE362DE360 IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={A88782F2-4C26-11E2-95C0-00262D655BDB} IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "SweetIM Search" FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={A88782F2-4C26-11E2-95C0-00262D655BDB}" FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&barid={A88782F2-4C26-11E2-95C0-00262D655BDB}&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=c8452f08000000000000001e64285659&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gerald\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gerald\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.08 20:53:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.20 19:54:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.16 11:06:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.20 19:54:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.16 11:06:54 | 000,000,000 | ---D | M] [2010.01.02 21:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerald\AppData\Roaming\mozilla\Extensions [2012.12.31 02:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerald\AppData\Roaming\mozilla\Firefox\Profiles\9ookqa5j.default\extensions [2012.11.06 18:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Users\Gerald\AppData\Roaming\mozilla\firefox\profiles\9ookqa5j.default\extensions\putlockerdownloader@putlockerdownloader.com.xpi [2012.12.31 02:49:15 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Gerald\AppData\Roaming\mozilla\firefox\profiles\9ookqa5j.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.12.22 12:59:59 | 000,003,998 | ---- | M] () -- C:\Users\Gerald\AppData\Roaming\mozilla\firefox\profiles\9ookqa5j.default\searchplugins\sweetim.xml [2012.07.22 08:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.15 18:00:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.22 08:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.11.08 20:53:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.08.20 19:54:55 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.28 22:27:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.16 13:13:56 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.02.28 22:27:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.28 22:27:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.28 22:27:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.28 22:27:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.28 22:27:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gerald\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Gerald\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gerald\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll (TODO: <Company name>) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-922718223-3276015125-4167937139-1000..\Run: [Mikogo] C:\Users\Gerald\AppData\Roaming\Mikogo 4\mikogo-host.exe () O4 - HKU\S-1-5-21-922718223-3276015125-4167937139-1000..\Run: [Xaasixqyc] C:\Users\Gerald\AppData\Roaming\Yfrav\byuqu.exe File not found O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1987E5E6-3E90-417D-B386-66551B52179E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE3FEB77-5F62-46F7-A218-E9295E362423}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{42b62e15-9508-11e1-95d9-00262d655bdb}\Shell - "" = AutoRun O33 - MountPoints2\{42b62e15-9508-11e1-95d9-00262d655bdb}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{42b62e15-9508-11e1-95d9-00262d655bdb}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{42b62e15-9508-11e1-95d9-00262d655bdb}\Shell\install\command - "" = E:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.05 10:32:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gerald\Desktop\OTL.exe [2013.07.05 10:04:11 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{D62616A5-6EA3-49B2-9DFC-E56C5C99BCE9} [2013.07.05 08:51:44 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Roaming\Omsou [2013.07.05 08:51:44 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Roaming\Nyul [2013.07.05 08:12:25 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{7631A863-8E26-4976-909F-4DDA05E46247} [2013.07.03 12:25:26 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{82FBFF27-17BF-4482-A71B-737E6F6E088D} [2013.07.02 18:21:41 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{D8BFB6D3-4928-4E6D-8BE3-35F2037439AA} [2013.07.01 18:26:37 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{A98ABC25-4180-41E5-B4D9-0FD4C94B6DC8} [2013.06.26 17:21:48 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{4A87503D-4693-4099-891F-EFE020842D33} [2013.06.25 18:18:13 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{2026B3DF-0C48-48E9-B1A9-EAC24C6CBA46} [2013.06.25 02:33:23 | 000,000,000 | ---D | C] -- C:\Users\Gerald\Documents\Mikogo4 [2013.06.25 01:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.06.24 08:14:02 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{3B5D3704-1CCB-4F58-ADFC-ED7A31AAA8A5} [2013.06.23 17:21:41 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{442A2045-1D2E-42AC-BCB5-C4DDF22D62E7} [2013.06.23 15:07:12 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{0975DB36-AD4F-46B1-A5A5-F56C898ABC34} [2013.06.21 09:59:54 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{A95C9567-8ED9-4A40-9EC3-546CC9C0EDD8} [2013.06.20 11:37:31 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{05C0063C-9B35-4631-8252-9A69F39C63C7} [2013.06.17 13:47:08 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{4670ECE8-698E-4556-9317-03AF3CE14259} [2013.06.16 12:45:03 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{800FECA9-C8C0-43DE-AC6E-4B02ED29BC04} [2013.06.15 17:28:53 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.15 17:28:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.15 13:02:49 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{CAD724A5-B052-49C9-A70F-F27A6889F444} [2013.06.14 08:32:29 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{3DEB90E7-6F2B-4A09-B3D7-6C921ED75E97} [2013.06.13 10:48:15 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.06.13 10:48:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.06.13 10:48:15 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.06.13 10:48:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.06.13 10:48:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.06.13 10:48:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.06.13 10:48:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.13 10:48:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.06.13 10:48:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.06.13 10:48:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.13 10:48:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.13 10:48:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.13 10:48:12 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.13 10:42:47 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{E99304FD-7D81-408A-B2EF-BCBD12F58487} [2013.06.12 17:44:31 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 17:44:31 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.12 17:44:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 17:44:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 17:44:23 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.06.12 17:44:20 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 17:44:20 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 17:44:20 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 17:44:20 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 17:44:20 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.12 17:44:20 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.12 17:44:14 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.12 17:44:14 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.06.12 17:27:14 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{C463F621-BF17-4B6E-908B-62504AF65984} [2013.06.11 11:08:41 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{C42DB6B1-1D2C-4658-BD10-3BAAA730430E} [2013.06.10 16:52:47 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{F6CAEF3C-BB98-4386-BCDE-6A0F105C3A2E} [2013.06.09 12:49:51 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{E195EC8F-80C9-4D37-9175-72034257861F} [2013.06.07 02:38:57 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{1AF1F9EC-842F-4523-A86F-8F7A52909B91} [2013.06.06 07:05:43 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Local\{BB8EFF8A-5952-4B63-B9F9-9B5D402EDDDC} [2009.10.29 07:58:47 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.07.05 10:14:25 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.05 10:14:25 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.05 10:14:25 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.05 10:14:25 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.05 10:14:25 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.05 10:11:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.05 10:11:40 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys [2013.07.05 10:10:11 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.05 10:10:11 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.05 10:08:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gerald\Desktop\OTL.exe [2013.07.05 10:03:08 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.05 08:51:47 | 001,084,727 | ---- | M] () -- C:\Users\Gerald\AppData\Local\2433f433 [2013.07.05 08:51:47 | 001,084,710 | ---- | M] () -- C:\Users\Gerald\AppData\Roaming\2433f433 [2013.07.05 08:51:47 | 001,084,656 | ---- | M] () -- C:\ProgramData\2433f433 [2013.06.25 02:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.25 02:52:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.25 02:33:22 | 000,000,954 | ---- | M] () -- C:\Users\Gerald\Desktop\Mikogo 4.lnk [2013.06.25 02:12:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-922718223-3276015125-4167937139-1000UA.job [2013.06.24 22:12:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-922718223-3276015125-4167937139-1000Core.job [2013.06.17 15:31:46 | 000,000,500 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Gerald.job [2013.06.12 17:56:16 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.12 17:56:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll ========== Files Created - No Company Name ========== [2013.07.05 08:51:47 | 001,084,727 | ---- | C] () -- C:\Users\Gerald\AppData\Local\2433f433 [2013.07.05 08:51:47 | 001,084,710 | ---- | C] () -- C:\Users\Gerald\AppData\Roaming\2433f433 [2013.07.05 08:51:47 | 001,084,656 | ---- | C] () -- C:\ProgramData\2433f433 [2013.04.17 16:48:02 | 000,536,576 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll [2013.04.17 16:48:02 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini [2012.12.18 20:33:13 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2012.12.18 19:44:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Generic [2012.12.18 19:44:01 | 000,000,268 | RH-- | C] () -- C:\Users\Gerald\AppData\Roaming\Funk Animals [2012.12.18 19:44:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.12.18 19:44:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Gems [2012.12.18 19:44:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Galaxy Swirl [2012.12.18 19:44:00 | 000,000,268 | RH-- | C] () -- C:\Users\Gerald\AppData\Roaming\Fruit [2012.12.18 19:44:00 | 000,000,268 | RH-- | C] () -- C:\Users\Gerald\AppData\Roaming\Frameworks [2012.12.18 19:44:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.12.18 19:44:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.11.12 01:31:39 | 000,002,731 | ---- | C] () -- C:\Users\Gerald\URPreferences.xml [2011.11.02 13:09:57 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.11.02 13:09:57 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.12.28 20:47:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.03 10:14:36 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\Design Science [2012.05.03 12:59:40 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\e-academy Inc [2013.02.03 20:13:21 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\Eviqlo [2011.05.29 13:49:47 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\HEM Data [2012.12.14 17:45:44 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\HoldemManager [2013.02.02 23:34:59 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\Livygu [2011.08.02 22:42:33 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\Mikogo [2013.07.05 20:01:40 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\Mikogo 4 [2012.12.18 19:48:13 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\Nikon [2013.07.05 08:51:44 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\Nyul [2013.07.05 08:51:44 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\Omsou [2012.08.15 00:50:09 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\Origin [2012.07.19 11:24:30 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\PacificPoker [2012.08.16 19:30:27 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\Party [2010.01.03 00:40:32 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\PlayFirst [2012.01.08 00:26:58 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\postgresql [2012.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\Roaming [2011.01.09 01:13:08 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\TeamViewer [2011.12.28 11:12:41 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\TS3Client [2011.09.19 19:50:46 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\UB [2010.01.03 00:53:59 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\ViquaSoft [2011.10.29 20:00:46 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1 [2012.09.24 15:05:01 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\Windows Live Writer [2013.02.12 21:51:12 | 000,000,000 | ---D | M] -- C:\Users\Gerald\AppData\Roaming\Yfrav ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54 < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.07.2013 10:32:31 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gerald\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,23 Gb Available Physical Memory | 80,94% Memory free
7,99 Gb Paging File | 7,38 Gb Available in Paging File | 92,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,27 Gb Total Space | 172,09 Gb Free Space | 60,11% Space Free | Partition Type: NTFS
Drive F: | 1,87 Gb Total Space | 1,87 Gb Free Space | 99,96% Space Free | Partition Type: FAT
Computer Name: GERALD-PC | User Name: Gerald | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D35891A-DB8B-44FF-91B9-23F2BC73F730}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13C640B0-57D8-4D00-95E1-57E0B11DE3E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{177CEB9A-621B-42A9-9131-D9347A7F03A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43B8D114-2C64-477A-9C9F-44CFB7AF36CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4EAD0896-2655-4ABC-AB74-F331825D4C7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F116500-EC3D-49ED-9DC1-E91670A36E77}" = rport=445 | protocol=6 | dir=out | app=system |
"{52F946C2-87BF-4C0E-8DAD-4213463624B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5D0CE152-DBBA-42BB-839A-0D0C3938F74E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B7F500F-F303-4D55-9495-14DC386B1558}" = lport=139 | protocol=6 | dir=in | app=system |
"{6BFCD9A4-23BA-4F3C-B2E9-F10B54CC46E3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6E8BFAFA-5157-4368-810D-A43C951E093A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{754E5D9E-F700-4378-8148-E629FEE19378}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76FBA22C-389E-4148-965B-C363E66C9BF5}" = rport=139 | protocol=6 | dir=out | app=system |
"{7D3B2BC3-10EC-4146-9F9B-9521EFC202A1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F047C39-2A0E-46AF-94E1-0EDCE469000A}" = rport=137 | protocol=17 | dir=out | app=system |
"{7F950FE9-FFEE-4A3E-B300-2A68EF409A3C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8B665F8A-7302-4951-BA36-7970E11561B2}" = lport=137 | protocol=17 | dir=in | app=system |
"{98ADDD92-BF03-4875-802C-09186B9B201E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A922CBD3-55D6-4187-A215-7491F372311A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A9F5F81B-686C-4963-B8F3-7D7D62C3049B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BBF99F3C-1D55-4DEE-B432-D12B5C5DBBD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C4978097-D8F6-4B97-B2EC-CD5481B2A44D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB3AD1C0-13BE-4AED-A4B8-627DB55D2337}" = lport=138 | protocol=17 | dir=in | app=system |
"{DA94A5F8-29E8-4011-803C-370670E65216}" = lport=445 | protocol=6 | dir=in | app=system |
"{E6493500-2991-4E85-A2C5-2C7336E4ECE4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1AB2404-FB48-4DAB-9AED-71DCF0D9C069}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F4EFAF76-81D1-418D-9215-50943D9548F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD846E88-B660-41F9-8152-E6645F922E3B}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0584C4F0-F225-4D4C-9E47-0253EFDA52EA}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{13F60C40-1900-464E-ACBA-5DB98993EC8E}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{151B30E3-0ADD-451F-AAB9-7F713485F34C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{173B42FA-D1DA-4FA0-B9EA-B3D7E38A0271}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1EF4308C-8A11-4741-9365-810006540BDD}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{21794B7D-038C-46C3-ABB2-BA02D7D5331A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{21C102ED-1F38-435D-88D4-508F6877F94B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{243BA4BA-8DA1-4224-9F64-6FB5BF658F87}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{25D57A2A-6200-4FB4-922A-700BD5A8DD9B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2A4B15F4-832D-49A9-B2D1-54D83E94BF0E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2C6274F5-2F7D-4051-AE97-E86D9ED15EE8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2D5FCAA1-6073-40B4-A79E-9C3333E44E2E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{33EB6695-AB43-4BF2-A5F7-68D2752DF09F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4041556F-0AB9-4E3B-9B79-9244A3B6A797}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{4301994B-532D-430F-A98B-B00990AFC54A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4811714C-2FFE-4EB3-A2EC-CF0F1E75F2E7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\starcraft ii.exe |
"{4C13EB6B-F755-49FF-8738-D130097D6962}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FCE381C-5B9B-4927-8773-BE7AE0F92109}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{569D6087-5488-4D9F-8D34-DE4A8812AB92}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{60596B1C-99C0-4B10-881E-2861FCE0C8E7}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{625905CE-92B8-41C2-88A4-B8C6952B1725}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7423F695-3679-44D6-8C06-2D8F2D053884}" = protocol=17 | dir=in | app=c:\users\gerald\appdata\local\temp\update_529f.exe |
"{81ACB056-7C52-49CA-B001-EA1909BDF6CF}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\starcraft ii.exe |
"{90FA1BB4-E437-4492-87BC-5C99E69DF94A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{922D96E1-E284-4AFC-A833-60848E7BD4E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94D005A1-CA3B-49FE-8EA2-D293573B13F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95F406A5-A3A2-4E27-82E0-F8F0353F51B7}" = protocol=6 | dir=in | app=c:\users\gerald\appdata\local\temp\update_529f.exe |
"{97E626B8-5F35-4E65-9A7B-207A7D8A958C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DFED4FB-6DA8-4B16-9893-E6BD4830F246}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4CD862C-6B3C-4752-A094-91B153E8075C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AC7362CF-25E1-40F0-8F14-CF5388DB7902}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{B129CA60-96EC-470C-BF80-28BDD43C6ECA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5FF586A-AB2A-44D4-B5DC-4C1B96B63885}" = protocol=6 | dir=out | app=system |
"{B75F7A48-F65E-4A6A-AC50-3988BA381617}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD36A159-7B23-4B29-8587-2B9A7CE06DA7}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{BE5BA4A7-4831-4F5E-AD00-E6BBD64C08E7}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{BFCAA6E8-CB38-410E-A542-EC75E773C940}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C00C08FB-4282-441C-A2F7-A14A71A98BB6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C21C12E2-0E69-4D8D-A38D-0A73EBC21B38}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{CD9A27C3-588C-48C0-B97B-1687B0B0D998}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D44B1660-1054-4F94-B4A6-92F0CC1C08FC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D5B6F869-424A-4ECA-9B21-A6295E4084C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD632A32-C9A9-4B77-987E-15EEBB39F81E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EC7CAF0A-B23F-4275-B28D-D8AB0473DBC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0D2A22A-3E90-4D8F-A844-3D3EA699AE3F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F686A03E-0243-43B3-97F8-980C4AF43027}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F7D2772F-0B81-426F-8578-141D6C46D434}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{FDD62E5E-8408-490E-929F-8694264C328F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{215A716E-E52D-4362-ABC8-0D1EF4872179}C:\anno 1602\anno1602\1602.exe" = protocol=6 | dir=in | app=c:\anno 1602\anno1602\1602.exe |
"TCP Query User{21D0E5E0-0283-42BE-9A93-1F99DBF40F2A}C:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe |
"TCP Query User{3C736B69-1CD1-4EE3-8E0E-B86360860866}C:\users\gerald\appdata\roaming\yfrav\byuqu.exe" = protocol=6 | dir=in | app=c:\users\gerald\appdata\roaming\yfrav\byuqu.exe |
"TCP Query User{4D8537E1-21FE-45C1-8F20-F710C06B2C37}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{5C03B43F-B373-4089-AE0B-271C6255A941}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"TCP Query User{656DD622-1BD2-40A6-BFE4-1FC01C13EA36}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{7E786177-E352-42EC-9666-EEE001B2B3EB}C:\program files (x86)\starcraft ii-2\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\support\blizzarddownloader.exe |
"TCP Query User{82609144-2A58-4E80-B341-9504592DA97F}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{84B93F9C-AE5C-4C03-97E9-561CCE744699}C:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe |
"TCP Query User{91B5299A-F349-4325-B993-46752FA5F8BE}C:\program files (x86)\starcraft ii-2\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16561\sc2.exe |
"TCP Query User{9367AE1C-5894-409C-90C3-52BA71C88626}C:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe |
"TCP Query User{BD830A23-1F33-4942-AE95-E830DD0A1FA6}C:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe |
"TCP Query User{DAB0629B-C2EE-4E7B-A1E9-39C3300446D6}C:\users\gerald\appdata\roaming\yfrav\byuqu.exe" = protocol=6 | dir=in | app=c:\users\gerald\appdata\roaming\yfrav\byuqu.exe |
"TCP Query User{F1E09FAF-6202-4BD0-88C8-7A3673AFE07E}C:\program files (x86)\starcraft ii-2\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16755\sc2.exe |
"UDP Query User{0CB8F917-86D5-476F-9A3A-1FF9411CAC43}C:\users\gerald\appdata\roaming\yfrav\byuqu.exe" = protocol=17 | dir=in | app=c:\users\gerald\appdata\roaming\yfrav\byuqu.exe |
"UDP Query User{1D00E905-1BBD-47E1-AC1D-A459A0CA4DEE}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"UDP Query User{219367DA-DB76-49B9-9AAA-30FDB1DCFFD1}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{3CB27E29-10A4-479D-8F76-CA1766B23404}C:\anno 1602\anno1602\1602.exe" = protocol=17 | dir=in | app=c:\anno 1602\anno1602\1602.exe |
"UDP Query User{520AE51D-9446-4C5D-918A-12CCBEED4390}C:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe |
"UDP Query User{65DEC4DF-1EED-4A55-9C70-E3478B162292}C:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe |
"UDP Query User{7056FDEE-4673-4A2E-A030-976B7834633A}C:\program files (x86)\starcraft ii-2\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\support\blizzarddownloader.exe |
"UDP Query User{76822C03-ECE0-46C5-AF03-039D9AA82691}C:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe |
"UDP Query User{81EC3033-8D77-4D8D-9456-4D2185FF078C}C:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe |
"UDP Query User{9B925439-5824-4DB6-8758-77404435B1CE}C:\users\gerald\appdata\roaming\yfrav\byuqu.exe" = protocol=17 | dir=in | app=c:\users\gerald\appdata\roaming\yfrav\byuqu.exe |
"UDP Query User{BC1210EE-9772-4E7A-9B1B-3BB892E9656D}C:\program files (x86)\starcraft ii-2\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16561\sc2.exe |
"UDP Query User{CFA526B0-06B8-4D59-80CA-9CC2257A18E1}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{F27DB53B-DBA5-466D-8ACA-2109755B1CED}C:\program files (x86)\starcraft ii-2\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16755\sc2.exe |
"UDP Query User{FDEE2EC4-8846-433A-A6D1-68DF69688D1B}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CFC1D09-D788-8BE1-445D-3B2992600876}" = Winamax Poker
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"888poker" = 888poker
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"bwin Poker_is1" = bwin Poker
"DivX Setup" = DivX-Setup
"DSMT6" = MathType 6
"ETS TOEFL Guide" = ETS TOEFL Guide 2.02.0012
"GridVista" = Acer GridVista
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"HoldemManager" = Holdem Manager
"hon" = Heroes of Newerth
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus!" = Messenger Plus! 5
"Messenger Plus! Live" = Messenger Plus! Live
"Mikogo" = Mikogo
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OpenVPN" = OpenVPN 2.2.1
"Origin" = Origin
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerStars.fr" = PokerStars.fr
"StarCraft II" = StarCraft II
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VirtualCloneDrive" = VirtualCloneDrive
"wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1" = Winamax Poker
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-922718223-3276015125-4167937139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"JoinMe" = join.me
"Mikogo 4" = Mikogo 4
"UB" = UB
"Universal Replayer" = Universal Replayer
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.06.2013 20:31:32 | Computer Name = Gerald-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16611,
Zeitstempel: 0x5191e7aa Name des fehlerhaften Moduls: smarterdownloader.dll, Version:
1.0.0.1, Zeitstempel: 0x509688f6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c26b
ID
des fehlerhaften Prozesses: 0x1e54 Startzeit der fehlerhaften Anwendung: 0x01ce713b32c1251b
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll
Berichtskennung:
953b1057-dd2e-11e2-ade4-00262d655bdb
Error - 02.07.2013 15:52:38 | Computer Name = Gerald-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 03.07.2013 06:25:12 | Computer Name = Gerald-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.6.15,
Zeitstempel: 0x4e31ebcf Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342 ID des fehlerhaften
Prozesses: 0x10d0 Startzeit der fehlerhaften Anwendung: 0x01ce77d77887b77e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: d7747b32-e3ca-11e2-b131-00262d655bdb
Error - 05.07.2013 02:45:06 | Computer Name = Gerald-PC | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16611 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2d64 Startzeit: 01ce794ac1deda3c Endzeit: 114 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID:
Error - 05.07.2013 03:22:54 | Computer Name = Gerald-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.07.2013 03:22:54 | Computer Name = Gerald-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.07.2013 03:22:55 | Computer Name = Gerald-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.07.2013 03:22:55 | Computer Name = Gerald-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.07.2013 03:25:37 | Computer Name = Gerald-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 05.07.2013 04:02:52 | Computer Name = Gerald-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9
Error - 05.07.2013 04:10:57 | Computer Name = Gerald-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9
[ System Events ]
Error - 05.07.2013 04:12:20 | Computer Name = Gerald-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2013 04:12:20 | Computer Name = Gerald-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2013 04:12:22 | Computer Name = Gerald-PC | Source = DCOM | ID = 10005
Description =
Error - 05.07.2013 04:12:22 | Computer Name = Gerald-PC | Source = DCOM | ID = 10005
Description =
Error - 05.07.2013 04:12:22 | Computer Name = Gerald-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2013 04:12:22 | Computer Name = Gerald-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2013 04:12:22 | Computer Name = Gerald-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2013 04:12:22 | Computer Name = Gerald-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2013 04:12:22 | Computer Name = Gerald-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2013 04:12:22 | Computer Name = Gerald-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
6. Avira Antivir durchlaufen lassen. Bericht: Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 5. Juli 2013 10:45
Es wird nach 5024739 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Gerald
Computername : GERALD-PC
Versionsinformationen:
BUILD.DAT : 12.1.9.2400 46075 Bytes 17.06.2013 22:53:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 18.11.2012 11:58:04
AVSCAN.DLL : 12.3.0.15 66256 Bytes 03.09.2012 08:24:53
LUKE.DLL : 12.3.0.15 68304 Bytes 03.09.2012 08:25:05
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 03.09.2012 08:25:18
AVREG.DLL : 12.3.0.17 232200 Bytes 03.09.2012 08:25:17
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 11:19:57
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 12:08:34
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 16:12:31
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 13:13:41
VBASE004.VDF : 7.11.85.215 2048 Bytes 21.06.2013 13:13:41
VBASE005.VDF : 7.11.85.216 2048 Bytes 21.06.2013 13:13:42
VBASE006.VDF : 7.11.85.217 2048 Bytes 21.06.2013 13:13:42
VBASE007.VDF : 7.11.85.218 2048 Bytes 21.06.2013 13:13:42
VBASE008.VDF : 7.11.85.219 2048 Bytes 21.06.2013 13:13:42
VBASE009.VDF : 7.11.85.220 2048 Bytes 21.06.2013 13:13:42
VBASE010.VDF : 7.11.85.221 2048 Bytes 21.06.2013 13:13:43
VBASE011.VDF : 7.11.85.222 2048 Bytes 21.06.2013 13:13:43
VBASE012.VDF : 7.11.85.223 2048 Bytes 21.06.2013 13:13:43
VBASE013.VDF : 7.11.85.224 2048 Bytes 21.06.2013 13:13:44
VBASE014.VDF : 7.11.86.93 870400 Bytes 24.06.2013 17:59:47
VBASE015.VDF : 7.11.86.223 331776 Bytes 25.06.2013 15:23:13
VBASE016.VDF : 7.11.87.67 204800 Bytes 27.06.2013 15:23:13
VBASE017.VDF : 7.11.87.157 247296 Bytes 28.06.2013 15:23:14
VBASE018.VDF : 7.11.87.221 196608 Bytes 30.06.2013 15:23:14
VBASE019.VDF : 7.11.88.51 356352 Bytes 02.07.2013 16:30:42
VBASE020.VDF : 7.11.88.119 182272 Bytes 03.07.2013 06:16:13
VBASE021.VDF : 7.11.88.213 266752 Bytes 05.07.2013 08:43:00
VBASE022.VDF : 7.11.88.214 2048 Bytes 05.07.2013 08:43:00
VBASE023.VDF : 7.11.88.215 2048 Bytes 05.07.2013 08:43:01
VBASE024.VDF : 7.11.88.216 2048 Bytes 05.07.2013 08:43:01
VBASE025.VDF : 7.11.88.217 2048 Bytes 05.07.2013 08:43:01
VBASE026.VDF : 7.11.88.218 2048 Bytes 05.07.2013 08:43:01
VBASE027.VDF : 7.11.88.219 2048 Bytes 05.07.2013 08:43:02
VBASE028.VDF : 7.11.88.220 2048 Bytes 05.07.2013 08:43:02
VBASE029.VDF : 7.11.88.221 2048 Bytes 05.07.2013 08:43:02
VBASE030.VDF : 7.11.88.222 2048 Bytes 05.07.2013 08:43:02
VBASE031.VDF : 7.11.88.224 10752 Bytes 05.07.2013 08:43:03
Engineversion : 8.2.12.70
AEVDF.DLL : 8.1.3.4 102774 Bytes 14.06.2013 06:35:30
AESCRIPT.DLL : 8.1.4.130 487806 Bytes 05.07.2013 08:43:06
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 17:13:57
AESBX.DLL : 8.2.5.12 606578 Bytes 17.06.2012 15:12:33
AERDL.DLL : 8.2.0.128 688504 Bytes 14.06.2013 06:35:30
AEPACK.DLL : 8.3.2.24 749945 Bytes 20.06.2013 09:41:26
AEOFFICE.DLL : 8.1.2.60 205181 Bytes 20.06.2013 09:41:25
AEHEUR.DLL : 8.1.4.450 6013306 Bytes 05.07.2013 08:43:06
AEHELP.DLL : 8.1.27.4 266617 Bytes 05.07.2013 08:43:04
AEGEN.DLL : 8.1.7.8 442742 Bytes 05.07.2013 08:43:03
AEEXP.DLL : 8.4.0.34 201079 Bytes 06.06.2013 05:09:40
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 07:20:34
AECORE.DLL : 8.1.31.6 201081 Bytes 05.07.2013 08:43:03
AEBB.DLL : 8.1.1.4 53619 Bytes 06.11.2012 13:02:45
AVWINLL.DLL : 12.3.0.15 27344 Bytes 03.09.2012 08:24:40
AVPREF.DLL : 12.3.0.32 50720 Bytes 18.11.2012 11:58:04
AVREP.DLL : 12.3.0.15 179208 Bytes 03.09.2012 08:25:17
AVARKT.DLL : 12.3.0.33 209696 Bytes 18.11.2012 11:58:03
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 03.09.2012 08:24:50
SQLITE3.DLL : 3.7.0.1 398288 Bytes 03.09.2012 08:25:11
AVSMTP.DLL : 12.3.0.32 63480 Bytes 03.09.2012 08:24:54
NETNT.DLL : 12.3.0.15 17104 Bytes 03.09.2012 08:25:07
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 03.09.2012 08:24:41
RCTEXT.DLL : 12.3.0.32 98848 Bytes 18.11.2012 11:58:00
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Freitag, 5. Juli 2013 10:45
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'mikogo-host.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'msnmsgr.exe' - '176' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SweetPacksUpdateManager.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'SweetIM.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'NkMC2.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCDDaemon.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMVService.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcadeDeluxeAgent.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinTVTray.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'pg_ctl.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'M4-Capture.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'M4-Service.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'HAUPPA~1.EXE' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'GregHSRW.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '4299' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <ACER>
C:\Users\Gerald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2BNDWNLL\file_polices[1].htm
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.122
C:\Users\Gerald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MVT2XNCU\font[1].eot
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3402.C
C:\Users\Gerald\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\359a448d-5fb035eb
[0] Archivtyp: ZIP
--> hw.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.axm
--> codehex.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.axn
--> Impossible.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.axo
--> RunnerGood.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.axp
--> d.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.axq
--> Asd.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.axr
--> test.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Rhino.C
--> test2.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.axs
--> tt.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.axt
--> ttt.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.ayc
--> test3.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.axu
--> test4.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.axv
--> test5.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422
C:\Users\Gerald\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\167f8b50-1b915f77
[0] Archivtyp: ZIP
--> GEliuoz.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Treams.IK
--> Main.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0431.R
--> Pdorys.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422.EB
--> SOoc.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Treams.KS
--> Slamdei.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422.A.142
--> ZEbiia.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Treams.KT
Beginne mit der Desinfektion:
C:\Users\Gerald\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\167f8b50-1b915f77
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Treams.KT
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54020160.qua' verschoben!
C:\Users\Gerald\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\359a448d-5fb035eb
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c972ec6.qua' verschoben!
C:\Users\Gerald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MVT2XNCU\font[1].eot
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3402.C
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e8373e0.qua' verschoben!
C:\Users\Gerald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2BNDWNLL\file_polices[1].htm
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.122
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '78b23bd8.qua' verschoben!
Ende des Suchlaufs: Freitag, 5. Juli 2013 12:44
Benötigte Zeit: 1:58:33 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
41852 Verzeichnisse wurden überprüft
826505 Dateien wurden geprüft
21 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
4 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
826484 Dateien ohne Befall
8565 Archive wurden durchsucht
0 Warnungen
4 Hinweise
806460 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Bericht: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.05.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Gerald :: GERALD-PC [Administrator] 05.07.2013 12:48:28 MBAM-log-2013-07-05 (14-21-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 457377 Laufzeit: 1 Stunde(n), 32 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Users\Gerald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIBD1RH5\lovoo_katja1.mp4.exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\Gerald\AppData\Local\Temp\~tnf4575862620854510159.tmp (Spyware.Zbot.ED) -> Keine Aktion durchgeführt. C:\Users\Gerald\AppData\Local\Temp\~tnf938819600832899917.tmp (Spyware.Zbot.ED) -> Keine Aktion durchgeführt. C:\ProgramData\2433f433 (Trojan.Agent.TPL) -> Keine Aktion durchgeführt. C:\Users\Gerald\AppData\Roaming\2433f433 (Trojan.Agent.TPL) -> Keine Aktion durchgeführt. C:\Users\Gerald\AppData\Local\2433f433 (Trojan.Agent.TPL) -> Keine Aktion durchgeführt. (Ende) OTL: Siehe Anhang OTL 2 Extras: Siehe Anhand Extras Ich hoffe das reicht an Daten, sodass ihr mir helfen könnt.  Vielen Dank im Voraus! |
|
05.07.2013, 14:01
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen Hallo und
__________________ [b]Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.07.2013, 14:07
| #3 |
| | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen Nein weitere Logs und Funde habe ich nicht. Wollte jetzt erstmal auf Antworten warten
__________________P.S.: Konnte die letzten Files leider nicht mehr in Code form posten, da es sonst zu viel gewesen wäre. |
|
05.07.2013, 14:33
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2013, 15:19
| #5 |
| | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen Hier der Combofix Log Code:
ATTFilter ComboFix 13-07-04.01 - Gerald 05.07.2013 15:45:36.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.2844 [GMT 2:00]
ausgeführt von:: c:\users\Gerald\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Gerald\AppData\Roaming\Nyul
c:\users\Gerald\AppData\Roaming\Nyul\ybho.uri
c:\users\Gerald\AppData\Roaming\Roaming
c:\users\Gerald\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml
c:\windows\Temp\log.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-05 bis 2013-07-05 ))))))))))))))))))))))))))))))
.
.
2013-07-05 13:58 . 2013-07-05 13:58 -------- d-----w- c:\users\postgres\AppData\Local\temp
2013-07-05 13:58 . 2013-07-05 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-05 10:47 . 2013-07-05 10:47 -------- d-----w- c:\users\Gerald\AppData\Roaming\Malwarebytes
2013-07-05 10:46 . 2013-07-05 10:46 -------- d-----w- c:\programdata\Malwarebytes
2013-07-05 10:46 . 2013-07-05 10:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-05 10:46 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-05 06:51 . 2013-07-05 06:51 -------- d-----w- c:\users\Gerald\AppData\Roaming\Omsou
2013-06-24 23:23 . 2013-06-24 23:23 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 15:56 . 2012-07-01 15:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 15:56 . 2012-03-07 15:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 06:06 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 14:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 14:09 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 14:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 14:09 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 14:09 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 12:51 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 14:09 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 14:09 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 14:08 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-06 16:19 244328 ----a-w- c:\program files (x86)\PutLockerDownloader\smarterdownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408]
"Mikogo"="c:\users\Gerald\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2013-04-10 6323016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-05 181480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-03 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-03-20 162856]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe /QUIET [2010-12-6 117344]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
WinTV Recording Status..lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2010-12-6 83456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 M4-Service;M4-Service;c:\users\Gerald\AppData\Roaming\Mikogo 4\M4-Service.exe;c:\users\Gerald\AppData\Roaming\Mikogo 4\M4-Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys;c:\windows\SYSNATIVE\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys;c:\windows\SYSNATIVE\DRIVERS\hcw95rc.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE;c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 15:56]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-29 23:31]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-29 23:31]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-922718223-3276015125-4167937139-1000Core.job
- c:\users\Gerald\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 19:53]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-922718223-3276015125-4167937139-1000UA.job
- c:\users\Gerald\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 19:53]
.
2013-06-17 c:\windows\Tasks\Norton Security Scan for Gerald.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-12-05 08:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c8452f08000000000000001e64285659&tlver=1.4.19.19&affID=17159
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\9ookqa5j.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={A88782F2-4C26-11E2-95C0-00262D655BDB}
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&barid={A88782F2-4C26-11E2-95C0-00262D655BDB}&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Xaasixqyc - c:\users\Gerald\AppData\Roaming\Yfrav\byuqu.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Universal Replayer - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,
0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{F1AF26F8-1828-4279-ABCE-074EF3235BD7}"=hex:51,66,7a,6c,4c,1d,38,12,96,25,bc,
f5,1a,56,17,07,d4,d8,44,0e,f6,7d,1f,c3
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6c,c7,62,a1,df,2f,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,b4,c8,76,c9,58,d0,44,a0,8a,d5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,b4,c8,76,c9,58,d0,44,a0,8a,d5,\
.
[HKEY_USERS\S-1-5-21-922718223-3276015125-4167937139-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-922718223-3276015125-4167937139-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-05 16:16:40
ComboFix-quarantined-files.txt 2013-07-05 14:16
.
Vor Suchlauf: 22 Verzeichnis(se), 183.904.022.528 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 185.931.063.296 Bytes frei
.
- - End Of File - - 73531E2DDF246399588EEF7ADC47E2C5
5C616939100B85E558DA92B899A0FC36
|
|
05.07.2013, 15:45
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen Combofix-Skript
__________________ --> Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen |
|
05.07.2013, 16:15
| #7 |
| | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen Gab keinerlei Probleme bei der Durchführung: Code:
ATTFilter ComboFix 13-07-04.01 - Gerald 05.07.2013 17:02:51.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.2604 [GMT 2:00]
ausgeführt von:: c:\users\Gerald\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Gerald\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gerald\AppData\Roaming\Omsou
c:\users\Gerald\AppData\Roaming\Omsou\apkia.eqv
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-05 bis 2013-07-05 ))))))))))))))))))))))))))))))
.
.
2013-07-05 15:10 . 2013-07-05 15:10 -------- d-----w- c:\users\postgres\AppData\Local\temp
2013-07-05 15:10 . 2013-07-05 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-05 10:47 . 2013-07-05 10:47 -------- d-----w- c:\users\Gerald\AppData\Roaming\Malwarebytes
2013-07-05 10:46 . 2013-07-05 10:46 -------- d-----w- c:\programdata\Malwarebytes
2013-07-05 10:46 . 2013-07-05 10:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-05 10:46 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-24 23:23 . 2013-06-24 23:23 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 15:56 . 2012-07-01 15:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 15:56 . 2012-03-07 15:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 06:06 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 14:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 14:09 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 14:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 14:09 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 14:09 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 12:51 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 14:09 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 14:09 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 14:08 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-06 16:19 244328 ----a-w- c:\program files (x86)\PutLockerDownloader\smarterdownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408]
"Mikogo"="c:\users\Gerald\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2013-04-10 6323016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-05 181480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-03 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-03-20 162856]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe /QUIET [2010-12-6 117344]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
WinTV Recording Status..lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2010-12-6 83456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 M4-Service;M4-Service;c:\users\Gerald\AppData\Roaming\Mikogo 4\M4-Service.exe;c:\users\Gerald\AppData\Roaming\Mikogo 4\M4-Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys;c:\windows\SYSNATIVE\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys;c:\windows\SYSNATIVE\DRIVERS\hcw95rc.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE;c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 15:56]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-29 23:31]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-29 23:31]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-922718223-3276015125-4167937139-1000Core.job
- c:\users\Gerald\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 19:53]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-922718223-3276015125-4167937139-1000UA.job
- c:\users\Gerald\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 19:53]
.
2013-06-17 c:\windows\Tasks\Norton Security Scan for Gerald.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-12-05 08:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c8452f08000000000000001e64285659&tlver=1.4.19.19&affID=17159
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\9ookqa5j.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={A88782F2-4C26-11E2-95C0-00262D655BDB}
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&barid={A88782F2-4C26-11E2-95C0-00262D655BDB}&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,
0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{F1AF26F8-1828-4279-ABCE-074EF3235BD7}"=hex:51,66,7a,6c,4c,1d,38,12,96,25,bc,
f5,1a,56,17,07,d4,d8,44,0e,f6,7d,1f,c3
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6c,c7,62,a1,df,2f,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,b4,c8,76,c9,58,d0,44,a0,8a,d5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,b4,c8,76,c9,58,d0,44,a0,8a,d5,\
.
[HKEY_USERS\S-1-5-21-922718223-3276015125-4167937139-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-922718223-3276015125-4167937139-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-05 17:13:11
ComboFix-quarantined-files.txt 2013-07-05 15:13
ComboFix2.txt 2013-07-05 14:16
.
Vor Suchlauf: 26 Verzeichnis(se), 185.997.586.432 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 185.687.388.160 Bytes frei
.
- - End Of File - - B2A77328DD6C6C2580629901216C306E
5C616939100B85E558DA92B899A0FC36
|
|
06.07.2013, 12:37
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.07.2013, 16:03
| #9 |
| | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen Soo, hier der GMER Log: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-06 15:16:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: zurenipp.exe; Driver: C:\Users\Gerald\AppData\Local\Temp\uwriapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751b1465 2 bytes [1B, 75]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751b14bb 2 bytes [1B, 75]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751b1465 2 bytes [1B, 75]
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751b14bb 2 bytes [1B, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751b1465 2 bytes [1B, 75]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751b14bb 2 bytes [1B, 75]
.text ... * 2
.text C:\Users\Gerald\AppData\Roaming\Mikogo 4\mikogo-host.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751b1465 2 bytes [1B, 75]
.text C:\Users\Gerald\AppData\Roaming\Mikogo 4\mikogo-host.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751b14bb 2 bytes [1B, 75]
.text ... * 2
.text C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751b1465 2 bytes [1B, 75]
.text C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751b14bb 2 bytes [1B, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751b1465 2 bytes [1B, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751b14bb 2 bytes [1B, 75]
.text ... * 2
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751b1465 2 bytes [1B, 75]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751b14bb 2 bytes [1B, 75]
.text ... * 2
.text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751b1465 2 bytes [1B, 75]
.text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751b14bb 2 bytes [1B, 75]
.text ... * 2
.text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751b1465 2 bytes [1B, 75]
.text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751b14bb 2 bytes [1B, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
Und Hier der Mawarebyte Log, dort hat er mir gesagt, dass ich noch nichtmal CLeanup bräuchte, weil nichts mehr drauf sei: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
Database version: v2013.07.06.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Gerald :: GERALD-PC [administrator]
06.07.2013 15:20:40
mbar-log-2013-07-06 (15-20-40).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 269431
Time elapsed: 13 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
07.07.2013, 22:20
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.07.2013, 17:17
| #11 |
| | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen JRT Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.7 (07.08.2013:2)
OS: Windows 7 Home Premium x64
Ran by Gerald on 08.07.2013 at 17:47:03,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sweetim
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sweetpacks communicator
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1ClickDownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\putlockerdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sim-packages
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\putlockerdownloader_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\putlockerdownloader_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\app paths\sweetim.exe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Gerald\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Gerald\appdata\locallow\boost_interprocess"
Failed to delete: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{0130F047-FD89-406D-8290-EBD141DCCD27}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{017627F8-26BB-4B34-A13E-41B556DB0FFA}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{01AC8CA7-06B6-468F-BB00-2C6EBEDAB23A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{03D3D2D5-5E00-4D3F-A272-49AEDBCDC21D}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{053D900B-7E23-439F-9F90-3BFCC6830A27}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{058333DA-295E-4DEB-9C87-E15D0C3FAFE8}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{05A74805-174C-4D14-8590-3512C41251EE}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{05C0063C-9B35-4631-8252-9A69F39C63C7}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{06D2BA09-8E9E-434E-A2D1-A0801C7A8DC1}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{06EE11D4-02F1-44A5-9090-A1D097135127}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{0975DB36-AD4F-46B1-A5A5-F56C898ABC34}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{09996331-EAAB-472B-80F2-F5F4440F8F18}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{0A11E858-0DA4-4037-B2FB-6D2D972F3546}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{0C1738C1-1FAA-4120-9C45-F9672777A7FB}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{0C3FDF5D-8C85-4031-898C-497E9FCE79C2}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{0D949B3F-C28D-4AEE-96DF-D8E6B5840E32}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{0E2BF5D5-9BAE-4691-A230-369076499581}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{0EE6A349-E50F-4919-8B43-DE637F0EF3DB}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{10A0569F-9561-4391-BD86-061821EB8628}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{1372AACD-E5B9-4F6D-A4CD-E7DF3A7DF42A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{1437AFE8-A60F-44F4-BFAA-991BFA33F940}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{14867F49-547E-4C89-A87C-2EB6E96C7D12}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{1604EBF4-F972-4CBA-B3CF-7CDADCF0B0AC}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{161BA314-1807-4F26-AD78-B383876E021E}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{16C5E87B-4961-46DB-B58E-3846F0A7E006}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{176226E0-F975-4F71-B356-5BBC3007E0D2}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{17BFE475-DBF0-4F95-8E08-C1F8DAE6E593}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{17FB22EC-E96F-4D81-B575-35CD07EA318C}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{180BAED5-607F-4D49-883D-BDF434C96422}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{18E0E2F0-E584-49F3-9DEC-9DFA036902F1}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{19661949-590C-474D-821B-448FACBE0B6D}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{1A01B5A7-73E8-4E65-9DED-968C0CFA5571}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{1AF1F9EC-842F-4523-A86F-8F7A52909B91}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{1D99A541-957A-49A6-BFB6-C65A697BADC7}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{1E7BC0A9-DD08-4722-8DDF-04E2133858BB}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{1EFF2412-06A1-4133-AC09-84F9B48441DC}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{2026B3DF-0C48-48E9-B1A9-EAC24C6CBA46}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{20F665F1-3CAF-474C-A737-2776CDEBF4FB}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{21F5732E-D6FE-44C9-A885-9552DFA8CCA6}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{220EB853-0827-4C7D-9838-77729F4E5464}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{2239F132-367B-49EE-9215-6598CEFDE91D}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{23D04A7A-0BC8-4654-B920-615964A7FF47}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{2549EE1E-9255-4375-A1AE-82445B9BA59A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{25D7D2E9-66C5-468C-AED1-DEDD1B1CFFF5}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{269372DA-6070-4B7F-8C91-3663D7F67812}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{2726F458-E241-44FC-9BF3-FAEFA9CF9B36}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{27A130F1-F8D1-4A50-8FAE-07F217987BE1}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{27A51AD8-B76C-49F8-AF10-0AA36A0C91B3}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{2870A4DC-89C2-4DEB-8AB1-1B39702061B0}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{28F343E9-080D-4338-B1D5-3463A8CACBA8}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{29BE36D3-2C37-4BDE-9773-EAD6A136FE00}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{2A7BAA58-6706-45B9-B85B-78A6A2CD7A29}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{2B255F68-5C69-4BF6-838F-082B792C6A09}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{2BB9B6EF-4FD4-4B06-B7F5-BF52C47A04CF}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{2BE8721D-6167-4AED-9D8C-EA5E54E57E4D}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{2BEDB2BD-82EA-48D9-BD3D-282B1D33554A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{2CE98F3A-E5B8-4E62-ADED-D8E7E3EB5B9D}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{2E2BC1F8-C244-4287-AB83-3C3316A83EC2}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{30A8ECCA-7554-426F-B1AD-BCB415D3CDF2}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{326015C5-4622-4ECA-BEE5-1BE09FD4D5C5}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{3491982A-DDB5-4C70-8620-28887802B203}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{361E9E80-29F4-4779-8FFB-501F24743BFF}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{36AA4265-9936-40F8-991B-299295F4A77E}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{36BDC40F-D4A5-47AA-BCAE-407EF2D9CD30}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{379C596E-4DAE-41E2-916A-0FD72BAECBC4}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{39DF509A-9C7A-4C78-8519-BA976FCADDA8}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{39F65E9E-ED19-4A9B-AC98-E8ECF188761E}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{3B380C99-0502-4793-B4B3-DF4CA88AE4D3}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{3B5D3704-1CCB-4F58-ADFC-ED7A31AAA8A5}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{3D6E0251-14C9-47F3-8A83-B806763CF384}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{3DEB90E7-6F2B-4A09-B3D7-6C921ED75E97}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{3F798CEA-1FF3-4243-AB6D-D6CC10094E11}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{3FF43292-30FD-4C60-9F54-1E4B77D96C1D}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{40040E34-2B4C-4505-A650-1925744D42DE}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{409003A4-1F55-4AA3-A4AC-9315075C1459}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{410ED11E-7335-4EE7-8885-479B083AD30D}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{442A2045-1D2E-42AC-BCB5-C4DDF22D62E7}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{4670ECE8-698E-4556-9317-03AF3CE14259}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{46AE1B40-C9A8-4FC6-A329-453B92A26FFF}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{480331B7-A8BC-4E0D-883B-AEE3CA3453F1}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{48347429-354D-443D-AFA1-E2068A26DB64}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{4A87503D-4693-4099-891F-EFE020842D33}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{4C0C1EE1-4423-47AA-AF8B-B5543BF41288}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{4CC9BB3B-C571-44DC-8DA9-6B22DD0A2CA6}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{4CEDF231-02CE-4F09-8302-39A166B74F69}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{4D160441-E5AD-45F5-89FB-F32F3A3685B9}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{4DBBBFE3-C173-406B-BD44-75963318EE3A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{4E00F812-97E1-49AC-B3C0-B4DFD51B668A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{4E462A80-37F8-4EA6-B9B6-43B01A5C252D}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{4E93FE76-1E0C-4C08-8CD8-9977791A381A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{4EEEBE6D-B970-4729-BC99-F3E3BEA527F4}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{4F2C5C9C-E4BA-4480-A2AE-87B217031F0E}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{4FE94C4A-F138-489A-A73B-D4FAF317FDC9}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{50798103-01B5-4008-836B-7EEA67DB7CBE}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{50DC84D2-125C-4351-A436-55A763B4AF74}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{53C5F93C-732E-43FC-97C3-9963D1BF95EC}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{53D5DC4E-5C7B-469A-86A0-31A8F9C18AFE}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{55000CDC-6E0A-431F-8F9E-E0D33E931633}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{552EF243-93D0-48AB-A365-B1E296164979}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{589D77E3-C5ED-4658-9AFA-BBCCCAA7F412}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{58BFAB97-46E5-45F5-8073-C5E744B7C118}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{59066F49-30F3-4F9E-9946-BAD89CCE426A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{591849F5-4754-4C53-9B9B-9F5C5BAF51FB}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{5A8A03FC-9540-4077-BA4A-9FEF82A94591}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{5C861B2A-4839-4EC4-B394-C2B6573DF142}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{5DBE3CB2-AF34-4891-B8EA-7C53A82781BC}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{61D1216C-4CC7-4201-8BE3-23EBB870E27B}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{62D5AC15-D910-4B44-86CA-20C8DC29B1DE}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{638C5326-E573-4624-A55A-6666F13D7EB3}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{63943F4B-E935-4881-A47D-B3AED19BF79E}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{64AA4A1B-3E97-412B-9CE3-B2CF9AD12F8A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{6548F474-C58B-44C3-AE16-7B16815339F6}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{66618160-7536-461A-A390-6F27A81B41C9}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{6682F285-189E-421B-8748-7B2340080D75}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{66AAC1CC-49A9-4E2D-9231-FB7071152329}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{6726A7FC-FCBD-4F7F-99A2-BD4242C9ABFF}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{672CF65E-D226-41B2-8FDF-82660ADFDED6}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{6873B5E2-3895-4E4B-9F3F-264D99BD9276}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{698BC1D8-B118-4401-8AC4-00F2CC9B39FF}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{69C545A3-33C6-4DF3-83D3-FF063FC6C5D2}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{6A9C7EA5-1735-4346-B9D3-52D2B9A6B816}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{6AE9C254-8042-490E-858E-DCE96001AB35}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{6B857A2B-FA12-4A86-969D-808D5CA5F46A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{6D0C99CC-5A3D-40FE-8D49-A21568D6511F}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{6D45A15C-9088-46B5-9623-D606AEC93A5D}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{6F026D16-591C-47F7-A0C3-0D612E3F4251}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{6F729535-2A23-474D-9DC1-2D053EF27AF8}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{70A0E528-8652-4CBD-9FE7-A79FBEAB7C00}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{718A5A0A-12F8-452A-9339-99E1072F8A12}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{733E5B0B-3B0F-4D3D-ACEC-1842188DE95C}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{7461689C-FABE-4D22-8F2F-0D606A3C99A0}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{758F41D0-65D1-4151-9DF4-CB5C0D1D9EC2}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{75E4BE72-F64A-468A-B7A4-23EBCA4B33B0}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{762800EF-7B70-4550-9D6B-E5A2A2A47DF1}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{7631A863-8E26-4976-909F-4DDA05E46247}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{771BAA6A-69FB-4961-99CC-9F0DDBC4BB8E}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{7C46C0E0-0016-468A-9BC5-C9B835E7AB76}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{7D873B72-0A30-46AC-B5D7-7D3AF53222C8}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{7E39C4AA-5EA4-4277-A17C-D90F022DC5F7}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{7E73ABB2-7C60-45ED-AB7D-E6247776529F}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{7EB62743-E6FD-4E07-8CB8-3E734CA00F7E}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{800FECA9-C8C0-43DE-AC6E-4B02ED29BC04}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{808097D9-F7F7-4BFF-BF08-45BBEEA15474}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{82852064-1C2F-4BBB-89AE-F68E2243F7E7}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{82B58813-2186-4E07-B7D4-CB8E6E01B6EE}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{82FBFF27-17BF-4482-A71B-737E6F6E088D}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{83FABF54-4672-4499-B0D6-F33978935ADB}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{849969A6-924B-4862-8ADC-E17D55741F0A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{84C8CE5D-EE2E-4943-BE95-EB6CC1E278DC}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{8706F9FC-EE2F-4064-B27B-E4AC6E914951}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{879808C7-AF23-4731-81CB-CAF548EB8180}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{87C2D61B-20F1-4C99-8B4F-B9DACEE43330}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{883E1615-C404-47DD-B63B-A777586EDE95}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{8912CA53-655D-4423-BA18-6F958C06D0FF}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{8AB6B734-0375-495F-A1FF-17A44C87C2C1}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{8C047DA2-BFA9-4F4C-B7B7-EBE63EA221CD}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{8CC2B792-1D65-45E0-81AC-2258F63EB23B}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{8DDC7C07-6C86-49B8-839D-8686A03EAB56}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{8E80C064-6020-4863-B87C-937D45BB09EF}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{8F54919F-CC44-4DAD-973B-969C316DBA95}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{8FA051DE-605C-4D6C-A5A8-A663F5044FF2}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{9084EF3D-E8D1-4A5B-BB89-7BD73232F351}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{90BDDF26-65D9-464C-8266-D46B9DFEE52F}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{911AA450-7817-4C3A-B9A3-5DF356A40929}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{920B8131-5F9E-40B6-94CB-03B449C466C6}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{921F3C4A-27D8-44F6-82B6-14CF3F236063}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{9244970B-0C9F-419E-8113-0BE10D1E2CFD}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{92A2B7CC-5D17-40AC-8C87-2C394941A2F5}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{92C5A789-E584-4957-A1F3-029256B55C12}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{93CDD6C3-6023-4D9B-B03E-A36177B032BB}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{9583CCFA-8BE1-4909-9E0E-04DF8937D5E3}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{962FA2FD-D10E-4740-A0C5-F89F3B073055}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{97443D4B-0E8D-4F28-B061-CD1ADC73605C}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{996468CB-748D-4E77-A913-8C143535CB0C}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{9A592128-7185-4AC2-BADE-188699EB683D}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{9B22BEE1-A088-4CFE-B2E5-15D1C6D492EF}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{9C0F8BD8-069D-45F6-9CC7-6CDEFB5198FF}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{9D43E7BD-91E8-479C-89B3-21D74B6BFDBE}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{9D83D1D1-034C-46EB-A8B2-282745CEF43F}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{9DEB7778-6327-4B20-885B-236AB2ED460D}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A00079B4-5382-47E9-9C5F-31269DC96B9F}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A012A98D-CCDF-4FF5-B8B8-6A9C8E655B3B}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A136A9F5-E29F-48BD-9B5C-62AF3446601C}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A193A343-BF06-4A25-9046-F4E5349EA098}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A2021630-F75E-4707-8C90-FF8A124E00C1}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A2BEBD1B-AFE1-4002-A1C0-005F813441C8}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A350D816-849B-4E25-A0EF-A7DD3D7CB25F}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A48C5AF0-B45C-4C3E-9608-28C9C66C007A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A63AFA20-C9B8-4719-8E4B-AB0DBF3CC258}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A66AA43B-E440-4EB7-9F28-CEEC33CAAA3F}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A76096CB-7DF2-45C5-83C2-F89D4515A65A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A929C5DC-364D-45AD-88D0-F0D92B69E26B}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A95C9567-8ED9-4A40-9EC3-546CC9C0EDD8}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A98ABC25-4180-41E5-B4D9-0FD4C94B6DC8}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{A9A4E21A-1798-4AEB-BAB2-5668AA69545C}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{ABA8FF52-4B14-471B-8D68-7E234FA9A702}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{ABFD1293-12C7-4E9A-A8B0-B21B9537B6A8}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{ADB417A9-FD56-4BD6-8BBA-0A159D054BE2}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{AEE3F45C-17CB-4876-856D-BD9B9628A8BB}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{B0621E01-7975-4B94-8BA8-8272CC54E347}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{B07BE973-97EA-41F3-9ECA-C41B2F143C70}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{B259C2F7-5342-4DDB-9769-5294D3FE3F1A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{B43A133E-856B-458A-AA99-8230F578BC40}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{B506ACC3-6A63-4564-A674-BBAF04335F4B}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{B7D759B2-FF4C-4A4E-A2E2-300DAE37E99A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{BAC83243-D3BF-421B-A513-01D6BA2323D7}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{BB8EFF8A-5952-4B63-B9F9-9B5D402EDDDC}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{BC3114D7-9C70-46F7-914B-A3A662220A8A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{BCBE7562-89F2-442C-8EC1-5E55E1F283C0}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C072BA1E-A340-4CF6-9ED0-1412682C6BD4}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C0B405B9-FA4C-4B70-A43B-9CF536EF5DB4}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C2864D19-5F80-443F-8BF6-C73579921349}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C3E15CFD-AA73-4329-9308-D87DCEF2A40A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C42DB6B1-1D2C-4658-BD10-3BAAA730430E}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C463F621-BF17-4B6E-908B-62504AF65984}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C4F82B31-333B-4BB5-A617-5A1613DFEB7A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C5745CF6-8CB5-41BC-AC19-1865C641A795}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C594873B-C260-4EA5-BD5D-8AFDA2730A2F}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C6139C8C-A709-4AB1-AA10-05326D0ABE96}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C6BF9A74-A181-430F-90A6-1D30BE4878A7}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C7E7751B-EA7F-49F2-8F20-0B19FEAB2A5A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C8CEDA34-5B20-4092-809F-C197A43F7B21}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C918D76F-7FBC-4C4C-A650-0E791C854E3B}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C98196DE-3B3C-47BD-A607-0AA3FDC32139}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{C9F199F7-0237-4D54-A36A-1BCFA6FBD3D5}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{CA9BD33C-A3CF-4A79-BAED-B5613C6A8F5A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{CAB0F9E9-4E72-4B62-BF11-48C2910D9285}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{CAD724A5-B052-49C9-A70F-F27A6889F444}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{CAF8E5A0-6E48-4AFB-9875-8ECF443C8924}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{CB1232D9-C0C9-46B1-86AC-FE6ED66EBDF8}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{CB3CB22A-87CB-4B39-869F-72B12B28C083}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{CB7B53DE-EA33-4EAC-8646-0C44B3218BCC}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{CC8E8D50-F365-4A45-B0DA-81276C914CD8}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{CD055A0A-E599-4E21-A1BA-3D2FE0E3FA15}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{CD506680-96B8-43B9-B4A6-3673C17A4EF1}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{CDA38501-4AFE-4187-989E-A143130B862B}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{CEA9E19F-13CF-4A92-A01D-A826824FC89C}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{D0385352-4579-469A-84BC-F6D2B2CDE5E4}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{D2F40B05-815B-48F2-BFBB-07C5B868811A}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{D3D3B58C-2021-4E3C-93FE-324338D45A88}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{D45B3A35-09ED-462F-8D24-414B521F915C}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{D46F85E1-00C7-4D27-97BA-2CD09FE4C115}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{D534A592-3F92-4D46-B21D-5D22B2CFC1B4}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{D5A1D3AB-C79D-4C64-81F3-46CC3D3CC026}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{D6190E43-3057-48E3-BAA9-38B0A6AD1EEB}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{D62616A5-6EA3-49B2-9DFC-E56C5C99BCE9}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{D6699953-C73F-4EE2-8DB9-9B2835DCF0B0}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{D8BFB6D3-4928-4E6D-8BE3-35F2037439AA}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{D92EB644-276E-476A-BA9F-59B28237CD37}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{DA37897E-D303-4EBB-9B9A-0C08B1837440}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{DB13E40E-C475-49E8-BCA2-E98BD8CE2C2C}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{DE3BAE6C-CF23-4DEB-A5CD-2B01C7BF9720}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{DE42C3BE-817B-4B52-839F-31EE7338A7F4}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{DED9383D-1101-4A9F-98F4-8B9F25A8408B}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{DF8B2A13-ADD3-449F-A89D-8E50014220BD}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E031B7E5-B31C-4A0C-9B21-6BB955AB91CC}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E07D933E-6BA7-4EDB-80A2-B2113F42EA91}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E195EC8F-80C9-4D37-9175-72034257861F}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E1F0BAEF-5557-4E41-9C3E-5133C6A00558}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E2241795-674E-46B4-900E-D77BB778E12B}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E2775B73-6B6B-4B29-AD9C-1FDC1974533B}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E2B4408A-D4A6-4531-8E22-4BE5131164DC}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E2B82FC4-A5EB-4EB1-AC19-467185BC7CDE}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E2D0B1DF-C474-4A5D-BD4D-198E6F472DD0}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E5090F1C-E696-495A-B6C2-1467B5260F49}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E53E944E-FF14-4D15-AD62-B61EF1F938C9}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E6E16830-8EB2-4623-B146-92B9238D3056}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E7DC6B54-C7F8-463F-B47F-4C5EB830064E}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E815D77B-4F9E-4410-833F-D366139D778E}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{E99304FD-7D81-408A-B2EF-BCBD12F58487}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{EA03A083-073A-4BCB-B252-8694854A9702}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{EC150A4B-ED1F-4C95-B991-B21366A79D79}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{EC3778DD-9C6A-49F7-9E2E-0B208403462D}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{ED5F7AF4-04B8-43B5-92F4-C5BD0BA0EB6B}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{EE5F8F58-8214-424B-9D1F-5666C1279B60}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{F01F4EBB-571F-4006-989B-3401D6042204}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{F13B4AAE-16D6-4B9E-AFBD-4783DF32851C}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{F1493B67-9B34-4ABB-8ADE-5BD03B144E41}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{F242B045-98A4-4CB2-ACE3-6FDC16897BA6}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{F434126B-EEB5-418A-AA32-7FC0AE122A89}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{F4C61323-453B-4D26-97AE-ED6629767E81}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{F6CAEF3C-BB98-4386-BCDE-6A0F105C3A2E}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{F7F3DCA3-DB96-418C-99C8-715C1A4E8561}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{F86645DD-D1F6-4575-B401-5F15D10098C5}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{F948B331-43E7-46F6-B85F-2ECB459D34C3}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{F9CBCF84-853C-41AF-B104-D47C4322C054}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{FB400270-DA4A-4D79-8F8A-E9CCEAC03D3F}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{FC5E1FFF-979A-44A0-B932-650371F8A414}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{FDB87A21-8CE8-4324-B81F-2399403FEA97}
Successfully deleted: [Empty Folder] C:\Users\Gerald\appdata\local\{FECCD63F-40C3-43C2-BADE-BF594EB69322}
~~~ FireFox
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Gerald\AppData\Roaming\mozilla\firefox\profiles\9ookqa5j.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\Gerald\AppData\Roaming\mozilla\firefox\profiles\9ookqa5j.default\searchplugins\sweetim.xml
Successfully deleted the following from C:\Users\Gerald\AppData\Roaming\mozilla\firefox\profiles\9ookqa5j.default\prefs.js
user_pref("browser.search.defaultenginename", "SweetIM Search");
user_pref("browser.search.selectedEngine", "SweetIM Search");
user_pref("browser.startup.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={A88782F2-4C26-11E2-95C0-00262D655BDB}");
user_pref("extensions.BabylonToolbar.bbDpng", 16);
user_pref("extensions.BabylonToolbar.cntry", "DE");
user_pref("extensions.BabylonToolbar.dfltLng", "de");
user_pref("extensions.BabylonToolbar.firstRun", false);
user_pref("extensions.BabylonToolbar.hdrMd5", "091DBB15A8309553D03AD0886141F62D");
user_pref("extensions.BabylonToolbar.lastActv", "16");
user_pref("extensions.BabylonToolbar.lastDP", 16);
user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&barid={A88782F2-4C26-11E2-95C0-00262D655BDB}&q=");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "www.google.de");
user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=c8452f08000000000000001e64285659&tlver=1.4.19.19&instlRef=sst&affID=17159&q="
user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={A88782F2-4C26-11E2-95C0-00262D655BDB}");
Emptied folder: C:\Users\Gerald\AppData\Roaming\mozilla\firefox\profiles\9ookqa5j.default\minidumps [1 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.07.2013 at 17:51:40,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.304 - Datei am 08/07/2013 um 17:56:54 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Gerald - GERALD-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gerald\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\PutLockerDownloader
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Users\Gerald\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Gerald\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c8452f08000000000000001e64285659&tlver=1.4.19.19&affID=17159 --> hxxp://www.google.com
-\\ Mozilla Firefox v13.0.1 (de)
Datei : C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\9ookqa5j.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [7193 octets] - [08/07/2013 17:56:54]
########## EOF - C:\AdwCleaner[S1].txt - [7253 octets] ##########
Code:
ATTFilter OTL logfile created on: 08.07.2013 18:00:46 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gerald\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,52% Memory free 7,99 Gb Paging File | 6,59 Gb Available in Paging File | 82,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,27 Gb Total Space | 169,94 Gb Free Space | 59,36% Space Free | Partition Type: NTFS Computer Name: GERALD-PC | User Name: Gerald | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Gerald\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Gerald\AppData\Roaming\Mikogo 4\mikogo-host.exe () PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Gerald\AppData\Roaming\Mikogo 4\M4-Capture.exe () PRC - C:\Users\Gerald\AppData\Roaming\Mikogo 4\M4-Service.exe () PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works) PRC - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Windows\PLFSetI.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\PROGRA~2\WinTV\TVServer\HauppaugeTVServerps.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Windows\PLFSetI.exe () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (M4-Service) -- C:\Users\Gerald\AppData\Roaming\Mikogo 4\M4-Service.exe () SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (pgsql-8.3) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (HauppaugeTVServer) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE362DE360 IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-922718223-3276015125-4167937139-1003\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gerald\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gerald\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.08 20:53:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.20 19:54:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.16 11:06:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.20 19:54:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.16 11:06:54 | 000,000,000 | ---D | M] [2010.01.02 21:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerald\AppData\Roaming\mozilla\Extensions [2013.07.08 17:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerald\AppData\Roaming\mozilla\Firefox\Profiles\9ookqa5j.default\extensions [2012.11.06 18:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Users\Gerald\AppData\Roaming\mozilla\firefox\profiles\9ookqa5j.default\extensions\putlockerdownloader@putlockerdownloader.com.xpi [2012.07.22 08:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.15 18:00:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.22 08:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.11.08 20:53:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.08.20 19:54:55 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.28 22:27:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.28 22:27:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.28 22:27:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.28 22:27:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.28 22:27:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.28 22:27:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gerald\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Gerald\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gerald\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.07.05 17:10:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKU\S-1-5-21-922718223-3276015125-4167937139-1000..\Run: [Mikogo] C:\Users\Gerald\AppData\Roaming\Mikogo 4\mikogo-host.exe () O4 - HKU\S-1-5-21-922718223-3276015125-4167937139-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-922718223-3276015125-4167937139-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-922718223-3276015125-4167937139-1003..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-922718223-3276015125-4167937139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-922718223-3276015125-4167937139-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1987E5E6-3E90-417D-B386-66551B52179E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE3FEB77-5F62-46F7-A218-E9295E362423}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.08 17:47:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.07.08 17:46:52 | 000,000,000 | ---D | C] -- C:\JRT [2013.07.08 17:46:10 | 000,547,139 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Gerald\Desktop\JRT.exe [2013.07.06 15:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.07.06 15:17:56 | 000,000,000 | ---D | C] -- C:\Users\Gerald\Desktop\mbar [2013.07.06 14:56:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.07.05 15:43:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.07.05 15:43:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.07.05 15:43:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.07.05 15:43:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.07.05 15:42:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.07.05 15:41:37 | 005,085,494 | R--- | C] (Swearware) -- C:\Users\Gerald\Desktop\ComboFix.exe [2013.07.05 12:47:06 | 000,000,000 | ---D | C] -- C:\Users\Gerald\AppData\Roaming\Malwarebytes [2013.07.05 12:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.05 10:32:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gerald\Desktop\OTL.exe [2013.06.25 02:33:23 | 000,000,000 | ---D | C] -- C:\Users\Gerald\Documents\Mikogo4 [2013.06.25 01:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.06.15 17:28:53 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.15 17:28:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.13 10:48:15 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.06.13 10:48:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.06.13 10:48:15 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.06.13 10:48:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.06.13 10:48:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.06.13 10:48:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.06.13 10:48:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.13 10:48:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.06.13 10:48:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.06.13 10:48:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.13 10:48:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.13 10:48:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.13 10:48:12 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 17:44:31 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 17:44:31 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.12 17:44:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 17:44:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 17:44:23 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.06.12 17:44:20 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 17:44:20 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 17:44:20 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 17:44:20 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 17:44:20 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.12 17:44:20 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.12 17:44:14 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.12 17:44:14 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2009.10.29 07:58:47 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.07.08 18:05:48 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.08 18:05:48 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.08 17:58:53 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.08 17:58:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.08 17:58:08 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys [2013.07.08 17:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.08 17:55:47 | 000,650,027 | ---- | M] () -- C:\Users\Gerald\Desktop\adwcleaner.exe [2013.07.08 17:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.08 17:46:12 | 000,547,139 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Gerald\Desktop\JRT.exe [2013.07.08 07:17:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-922718223-3276015125-4167937139-1000UA.job [2013.07.06 17:03:41 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.06 17:03:41 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.06 17:03:41 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.06 17:03:41 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.06 17:03:41 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.06 17:01:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-922718223-3276015125-4167937139-1000Core.job [2013.07.06 14:58:38 | 000,377,856 | ---- | M] () -- C:\Users\Gerald\Desktop\zurenipp.exe [2013.07.05 17:10:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.07.05 16:57:47 | 005,085,494 | R--- | M] (Swearware) -- C:\Users\Gerald\Desktop\ComboFix.exe [2013.07.05 10:08:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gerald\Desktop\OTL.exe [2013.06.25 02:33:22 | 000,000,954 | ---- | M] () -- C:\Users\Gerald\Desktop\Mikogo 4.lnk [2013.06.17 15:31:46 | 000,000,500 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Gerald.job [2013.06.12 17:56:16 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.12 17:56:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.07.08 17:55:46 | 000,650,027 | ---- | C] () -- C:\Users\Gerald\Desktop\adwcleaner.exe [2013.07.06 14:58:35 | 000,377,856 | ---- | C] () -- C:\Users\Gerald\Desktop\zurenipp.exe [2013.07.05 15:43:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.07.05 15:43:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.07.05 15:43:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.07.05 15:43:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.07.05 15:43:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.17 16:48:02 | 000,536,576 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll [2013.04.17 16:48:02 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini [2012.12.18 20:33:13 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2012.12.18 19:44:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Generic [2012.12.18 19:44:01 | 000,000,268 | RH-- | C] () -- C:\Users\Gerald\AppData\Roaming\Funk Animals [2012.12.18 19:44:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.12.18 19:44:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Gems [2012.12.18 19:44:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Galaxy Swirl [2012.12.18 19:44:00 | 000,000,268 | RH-- | C] () -- C:\Users\Gerald\AppData\Roaming\Fruit [2012.12.18 19:44:00 | 000,000,268 | RH-- | C] () -- C:\Users\Gerald\AppData\Roaming\Frameworks [2012.12.18 19:44:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.12.18 19:44:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.11.12 01:31:39 | 000,002,731 | ---- | C] () -- C:\Users\Gerald\URPreferences.xml [2011.11.02 13:09:57 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.11.02 13:09:57 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.12.28 20:47:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54 < End of report > |
|
08.07.2013, 17:18
| #12 |
| | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen Extras Log: Code:
ATTFilter OTL Extras logfile created on: 08.07.2013 18:00:46 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gerald\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,52% Memory free
7,99 Gb Paging File | 6,59 Gb Available in Paging File | 82,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,27 Gb Total Space | 169,94 Gb Free Space | 59,36% Space Free | Partition Type: NTFS
Computer Name: GERALD-PC | User Name: Gerald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D35891A-DB8B-44FF-91B9-23F2BC73F730}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13C640B0-57D8-4D00-95E1-57E0B11DE3E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{177CEB9A-621B-42A9-9131-D9347A7F03A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43B8D114-2C64-477A-9C9F-44CFB7AF36CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4EAD0896-2655-4ABC-AB74-F331825D4C7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F116500-EC3D-49ED-9DC1-E91670A36E77}" = rport=445 | protocol=6 | dir=out | app=system |
"{52F946C2-87BF-4C0E-8DAD-4213463624B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5D0CE152-DBBA-42BB-839A-0D0C3938F74E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B7F500F-F303-4D55-9495-14DC386B1558}" = lport=139 | protocol=6 | dir=in | app=system |
"{6BFCD9A4-23BA-4F3C-B2E9-F10B54CC46E3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6E8BFAFA-5157-4368-810D-A43C951E093A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{754E5D9E-F700-4378-8148-E629FEE19378}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76FBA22C-389E-4148-965B-C363E66C9BF5}" = rport=139 | protocol=6 | dir=out | app=system |
"{7D3B2BC3-10EC-4146-9F9B-9521EFC202A1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F047C39-2A0E-46AF-94E1-0EDCE469000A}" = rport=137 | protocol=17 | dir=out | app=system |
"{7F950FE9-FFEE-4A3E-B300-2A68EF409A3C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8B665F8A-7302-4951-BA36-7970E11561B2}" = lport=137 | protocol=17 | dir=in | app=system |
"{98ADDD92-BF03-4875-802C-09186B9B201E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A922CBD3-55D6-4187-A215-7491F372311A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A9F5F81B-686C-4963-B8F3-7D7D62C3049B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BBF99F3C-1D55-4DEE-B432-D12B5C5DBBD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C4978097-D8F6-4B97-B2EC-CD5481B2A44D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB3AD1C0-13BE-4AED-A4B8-627DB55D2337}" = lport=138 | protocol=17 | dir=in | app=system |
"{DA94A5F8-29E8-4011-803C-370670E65216}" = lport=445 | protocol=6 | dir=in | app=system |
"{E6493500-2991-4E85-A2C5-2C7336E4ECE4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1AB2404-FB48-4DAB-9AED-71DCF0D9C069}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F4EFAF76-81D1-418D-9215-50943D9548F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD846E88-B660-41F9-8152-E6645F922E3B}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0584C4F0-F225-4D4C-9E47-0253EFDA52EA}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{13F60C40-1900-464E-ACBA-5DB98993EC8E}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{151B30E3-0ADD-451F-AAB9-7F713485F34C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{173B42FA-D1DA-4FA0-B9EA-B3D7E38A0271}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1EF4308C-8A11-4741-9365-810006540BDD}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{21794B7D-038C-46C3-ABB2-BA02D7D5331A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{21C102ED-1F38-435D-88D4-508F6877F94B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{243BA4BA-8DA1-4224-9F64-6FB5BF658F87}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{25D57A2A-6200-4FB4-922A-700BD5A8DD9B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2A4B15F4-832D-49A9-B2D1-54D83E94BF0E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2C6274F5-2F7D-4051-AE97-E86D9ED15EE8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2D5FCAA1-6073-40B4-A79E-9C3333E44E2E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{33EB6695-AB43-4BF2-A5F7-68D2752DF09F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4041556F-0AB9-4E3B-9B79-9244A3B6A797}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{4301994B-532D-430F-A98B-B00990AFC54A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4811714C-2FFE-4EB3-A2EC-CF0F1E75F2E7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\starcraft ii.exe |
"{4C13EB6B-F755-49FF-8738-D130097D6962}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FCE381C-5B9B-4927-8773-BE7AE0F92109}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{569D6087-5488-4D9F-8D34-DE4A8812AB92}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{60596B1C-99C0-4B10-881E-2861FCE0C8E7}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{625905CE-92B8-41C2-88A4-B8C6952B1725}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7423F695-3679-44D6-8C06-2D8F2D053884}" = protocol=17 | dir=in | app=c:\users\gerald\appdata\local\temp\update_529f.exe |
"{81ACB056-7C52-49CA-B001-EA1909BDF6CF}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\starcraft ii.exe |
"{90FA1BB4-E437-4492-87BC-5C99E69DF94A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{922D96E1-E284-4AFC-A833-60848E7BD4E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94D005A1-CA3B-49FE-8EA2-D293573B13F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95F406A5-A3A2-4E27-82E0-F8F0353F51B7}" = protocol=6 | dir=in | app=c:\users\gerald\appdata\local\temp\update_529f.exe |
"{97E626B8-5F35-4E65-9A7B-207A7D8A958C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DFED4FB-6DA8-4B16-9893-E6BD4830F246}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4CD862C-6B3C-4752-A094-91B153E8075C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AC7362CF-25E1-40F0-8F14-CF5388DB7902}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{B129CA60-96EC-470C-BF80-28BDD43C6ECA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5FF586A-AB2A-44D4-B5DC-4C1B96B63885}" = protocol=6 | dir=out | app=system |
"{B75F7A48-F65E-4A6A-AC50-3988BA381617}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD36A159-7B23-4B29-8587-2B9A7CE06DA7}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{BE5BA4A7-4831-4F5E-AD00-E6BBD64C08E7}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{BFCAA6E8-CB38-410E-A542-EC75E773C940}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C00C08FB-4282-441C-A2F7-A14A71A98BB6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C21C12E2-0E69-4D8D-A38D-0A73EBC21B38}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{CD9A27C3-588C-48C0-B97B-1687B0B0D998}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D44B1660-1054-4F94-B4A6-92F0CC1C08FC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D5B6F869-424A-4ECA-9B21-A6295E4084C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD632A32-C9A9-4B77-987E-15EEBB39F81E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EC7CAF0A-B23F-4275-B28D-D8AB0473DBC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0D2A22A-3E90-4D8F-A844-3D3EA699AE3F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F686A03E-0243-43B3-97F8-980C4AF43027}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F7D2772F-0B81-426F-8578-141D6C46D434}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{FDD62E5E-8408-490E-929F-8694264C328F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{215A716E-E52D-4362-ABC8-0D1EF4872179}C:\anno 1602\anno1602\1602.exe" = protocol=6 | dir=in | app=c:\anno 1602\anno1602\1602.exe |
"TCP Query User{21D0E5E0-0283-42BE-9A93-1F99DBF40F2A}C:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe |
"TCP Query User{3C736B69-1CD1-4EE3-8E0E-B86360860866}C:\users\gerald\appdata\roaming\yfrav\byuqu.exe" = protocol=6 | dir=in | app=c:\users\gerald\appdata\roaming\yfrav\byuqu.exe |
"TCP Query User{4D8537E1-21FE-45C1-8F20-F710C06B2C37}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{5C03B43F-B373-4089-AE0B-271C6255A941}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"TCP Query User{656DD622-1BD2-40A6-BFE4-1FC01C13EA36}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{7E786177-E352-42EC-9666-EEE001B2B3EB}C:\program files (x86)\starcraft ii-2\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\support\blizzarddownloader.exe |
"TCP Query User{82609144-2A58-4E80-B341-9504592DA97F}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{84B93F9C-AE5C-4C03-97E9-561CCE744699}C:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe |
"TCP Query User{91B5299A-F349-4325-B993-46752FA5F8BE}C:\program files (x86)\starcraft ii-2\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16561\sc2.exe |
"TCP Query User{9367AE1C-5894-409C-90C3-52BA71C88626}C:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe |
"TCP Query User{BD830A23-1F33-4942-AE95-E830DD0A1FA6}C:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe |
"TCP Query User{DAB0629B-C2EE-4E7B-A1E9-39C3300446D6}C:\users\gerald\appdata\roaming\yfrav\byuqu.exe" = protocol=6 | dir=in | app=c:\users\gerald\appdata\roaming\yfrav\byuqu.exe |
"TCP Query User{F1E09FAF-6202-4BD0-88C8-7A3673AFE07E}C:\program files (x86)\starcraft ii-2\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16755\sc2.exe |
"UDP Query User{0CB8F917-86D5-476F-9A3A-1FF9411CAC43}C:\users\gerald\appdata\roaming\yfrav\byuqu.exe" = protocol=17 | dir=in | app=c:\users\gerald\appdata\roaming\yfrav\byuqu.exe |
"UDP Query User{1D00E905-1BBD-47E1-AC1D-A459A0CA4DEE}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"UDP Query User{219367DA-DB76-49B9-9AAA-30FDB1DCFFD1}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{3CB27E29-10A4-479D-8F76-CA1766B23404}C:\anno 1602\anno1602\1602.exe" = protocol=17 | dir=in | app=c:\anno 1602\anno1602\1602.exe |
"UDP Query User{520AE51D-9446-4C5D-918A-12CCBEED4390}C:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe |
"UDP Query User{65DEC4DF-1EED-4A55-9C70-E3478B162292}C:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16605\sc2.exe |
"UDP Query User{7056FDEE-4673-4A2E-A030-976B7834633A}C:\program files (x86)\starcraft ii-2\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\support\blizzarddownloader.exe |
"UDP Query User{76822C03-ECE0-46C5-AF03-039D9AA82691}C:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe |
"UDP Query User{81EC3033-8D77-4D8D-9456-4D2185FF078C}C:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base15405\sc2.exe |
"UDP Query User{9B925439-5824-4DB6-8758-77404435B1CE}C:\users\gerald\appdata\roaming\yfrav\byuqu.exe" = protocol=17 | dir=in | app=c:\users\gerald\appdata\roaming\yfrav\byuqu.exe |
"UDP Query User{BC1210EE-9772-4E7A-9B1B-3BB892E9656D}C:\program files (x86)\starcraft ii-2\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16561\sc2.exe |
"UDP Query User{CFA526B0-06B8-4D59-80CA-9CC2257A18E1}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{F27DB53B-DBA5-466D-8ACA-2109755B1CED}C:\program files (x86)\starcraft ii-2\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii-2\versions\base16755\sc2.exe |
"UDP Query User{FDEE2EC4-8846-433A-A6D1-68DF69688D1B}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CFC1D09-D788-8BE1-445D-3B2992600876}" = Winamax Poker
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"888poker" = 888poker
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"bwin Poker_is1" = bwin Poker
"DivX Setup" = DivX-Setup
"DSMT6" = MathType 6
"ETS TOEFL Guide" = ETS TOEFL Guide 2.02.0012
"GridVista" = Acer GridVista
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"HoldemManager" = Holdem Manager
"hon" = Heroes of Newerth
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus!" = Messenger Plus! 5
"Messenger Plus! Live" = Messenger Plus! Live
"Mikogo" = Mikogo
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OpenVPN" = OpenVPN 2.2.1
"Origin" = Origin
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerStars.fr" = PokerStars.fr
"StarCraft II" = StarCraft II
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VirtualCloneDrive" = VirtualCloneDrive
"wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1" = Winamax Poker
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-922718223-3276015125-4167937139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"JoinMe" = join.me
"Mikogo 4" = Mikogo 4
"UB" = UB
< End of report >
|
|
09.07.2013, 22:38
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.07.2013, 10:13
| #14 |
| | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen Malwarebyte: (Quick Scan) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.11.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Gerald :: GERALD-PC [Administrator] 11.07.2013 08:38:11 mbam-log-2013-07-11 (08-38-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 245389 Laufzeit: 9 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=50bbf3e385f2574284ab437055a87edd
# engine=14346
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-11 09:02:43
# local_time=2013-07-11 11:02:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 9440 144204668 50895 0
# compatibility_mode=5893 16776574 100 94 9212892 125163213 0 0
# scanned=228763
# found=2
# cleaned=0
# scan_time=7630
sh=6CECE70855B43568AB800D7EC7C32B04EBE6FB35 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gerald\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5d117c38-1efa84cb"
sh=DF749155E86BD5966D36738F29B71B1BDA5AFE37 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gerald\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\73d033f9-23fc72e6"
|
|
11.07.2013, 17:23
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen Das sind nur Rest im JavaCache Einfach mit TFC alle Temp-Ordner bitte leeren: TFC - Temp File Cleaner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen |
| canon, exp/cve-2011-3402.c, exp/cve-2013-0422, exp/cve-2013-0422.a.142, exp/cve-2013-0422.eb, exp/cve-2013-0431.r, flash player, galaxy, install.exe, java/dldr.rhino.c, java/dldr.treams.ik, java/dldr.treams.ks, java/dldr.treams.kt, java/jogek.axm, java/jogek.axn, java/jogek.axo, java/jogek.axp, java/jogek.axq, java/jogek.axr, java/jogek.axs, java/jogek.axt, java/jogek.axu, java/jogek.axv, java/jogek.ayc, js/blacole.gb.122, laufwerk c, launch, msiexec.exe, plug-in, pup.adware.agent, richtlinie, spyware.zbot.ed, sweetpacks, trojan.agent.tpl |
Linear-Darstellung
