|
Plagegeister aller Art und deren Bekämpfung: Wie entferne ich den Win32.Downloader.gen TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.07.2013, 13:01 | #16 |
/// the machine /// TB-Ausbilder | Wie entferne ich den Win32.Downloader.gen Trojaner Wo erkennt Spybot die? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\SysWOW64\rundll32.exe S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x] 2013-07-28 08:04 - 2013-07-28 08:47 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert Task: {9485626A-3604-4CC6-BE7D-02C829CF2A15} - System32\Tasks\EPUpdater => C:\Users\CK\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.07.2013, 13:19 | #17 |
| Wie entferne ich den Win32.Downloader.gen Trojaner Hallo,
__________________ich habe die Fixlist auf dem Desktop gespeichert. Jedoch konnte ich sie dort nicht finden. Aber vielleicht ist das ja normal? Das Fixlog von FRST sieht wie folgt aus: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-07-2013 04 Ran by CK at 2013-07-30 14:07:34 Run:1 Running from C:\Users\CK\Desktop Boot Mode: Normal ============================================== Could not move "C:\Windows\SysWOW64\rundll32.exe" => Scheduled to move on reboot. IntcAzAudAddService => Service deleted successfully. C:\Windows\System32\Tasks\BrowserDefendert => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9485626A-3604-4CC6-BE7D-02C829CF2A15} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9485626A-3604-4CC6-BE7D-02C829CF2A15} => Key not found. C:\Windows\System32\Tasks\EPUpdater => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key not found. =========== Result of Scheduled Files to move =========== C:\Windows\SysWOW64\rundll32.exe => File moved successfully. ==== End of Fixlog ==== Zu deiner Frage ("Wo erkennt Spybot die?"): Dummerweise kann ich in Spybot den Ort des Fundes nicht kopieren. Darum schreibe ich ihn mal ab (geht bestimmt auch einfacher, aber ich weiß nicht wie...): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\AboutURLs\bProtectTabs Nachdem ich eben den Computer nochmal runter und wieder hoch gefahren habe, ist mir jedoch aufgefallen das die Fehlermeldung nicht mehr kommt. Die Toolbar wird trotzdem noch von Spybot erkannt. Geändert von Troink (30.07.2013 um 13:32 Uhr) |
30.07.2013, 14:09 | #18 |
/// the machine /// TB-Ausbilder | Wie entferne ich den Win32.Downloader.gen Trojaner Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen)
__________________Code:
ATTFilter Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\AboutURLs\bProtectTabs]
__________________ |
30.07.2013, 14:28 | #19 |
| Wie entferne ich den Win32.Downloader.gen Trojaner Hallo, ich habe die Regfix.reg auf dem Desktop gespeichert und mit einem Doppelklick gestartet. Nach einer Warnung kam dann die BEstätigung, dass alles geklappt hat. Daraufhin habe ich Spybot erneut durchlaufen lassen und leider wurde die Delta Toolbar erneut gefunden. Wieder am gleichen Ort wie oben beschrieben. Ich schicke mal ein FRST Log (das kann ich ja mittlerweile ganz gut...): FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013 04 Ran by CK (administrator) on 30-07-2013 15:25:49 Running from C:\Users\CK\Desktop Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.) HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [223264 2010-04-22] (Acer Incorporated) HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-06-11] (Acer Incorporated) HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation) HKCU\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\CK\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run [x] <===== ATTENTION HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.) HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-25] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-04-23] (CyberLink Corp.) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation) HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360111m006l04f3z135t57j1j194 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360111m006l04f3z135t57j1j194 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360111m006l04f3z135t57j1j194 StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\CK\AppData\Roaming\Mozilla\Firefox\Profiles\rn308trj.default FF Homepage: www.spiegel.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF Extension: No Name - C:\Users\CK\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Garmin Communicator - C:\Users\CK\AppData\Roaming\Mozilla\Firefox\Profiles\rn308trj.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF Extension: No Name - C:\Users\CK\AppData\Roaming\Mozilla\Firefox\Profiles\rn308trj.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi FF Extension: No Name - C:\Users\CK\AppData\Roaming\Mozilla\Firefox\Profiles\rn308trj.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG) R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [821792 2010-06-11] (Acer Incorporated) S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.) R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.) R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated) R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-13] (hxxp://libusb-win32.sourceforge.net) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-30 15:21 - 2013-07-30 15:21 - 00000131 _____ C:\Users\CK\Desktop\regfix.reg 2013-07-30 15:18 - 2013-07-30 15:18 - 00000658 _____ C:\Users\CK\Desktop\Age of Empires III - Verknüpfung.lnk 2013-07-30 14:57 - 2013-07-30 14:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games 2013-07-30 14:36 - 2013-07-30 14:36 - 00003024 _____ C:\Windows\System32\Tasks\{05D1DC08-D3B7-46C7-98B4-033E5E270892} 2013-07-30 12:38 - 2013-07-30 12:38 - 00000000 ____D C:\ProgramData\Age of Empires 3 2013-07-30 08:39 - 2013-07-30 08:39 - 00000000 ____D C:\Program Files (x86)\ESET 2013-07-29 22:24 - 2013-07-29 22:24 - 00000000 ____D C:\Program Files (x86)\2K Games 2013-07-29 21:57 - 2013-07-29 21:57 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-07-29 21:55 - 2013-07-30 15:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-29 21:55 - 2013-07-29 21:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-29 21:31 - 2013-07-29 21:31 - 00001125 _____ C:\Users\CK\Desktop\JRT.txt 2013-07-29 21:23 - 2013-07-29 21:23 - 00000946 _____ C:\AdwCleaner[S2].txt 2013-07-29 20:35 - 2013-07-30 12:38 - 00000000 ____D C:\Users\CK\Documents\My Games 2013-07-29 20:35 - 2013-07-30 11:34 - 00000000 ____D C:\Users\CK\AppData\Local\My Games 2013-07-29 20:30 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2013-07-29 20:30 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2013-07-29 20:30 - 2007-06-20 20:45 - 00021352 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_2.dll 2013-07-29 20:30 - 2007-06-20 20:45 - 00018280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_2.dll 2013-07-29 20:30 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2013-07-29 20:30 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2013-07-29 20:30 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2013-07-29 20:30 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2013-07-29 20:30 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2013-07-29 20:30 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2013-07-29 20:30 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2013-07-29 20:30 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2013-07-29 20:30 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2013-07-29 20:30 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2013-07-29 20:30 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2013-07-29 20:30 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2013-07-29 20:30 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2013-07-29 20:30 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2013-07-29 20:30 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2013-07-29 20:30 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2013-07-29 20:30 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2013-07-29 20:30 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2013-07-29 20:30 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2013-07-29 20:30 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2013-07-29 20:30 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2013-07-29 20:30 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2013-07-29 20:30 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2013-07-29 20:30 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2013-07-29 20:30 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2013-07-29 20:30 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2013-07-29 20:30 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2013-07-29 20:30 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2013-07-29 20:30 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2013-07-29 20:30 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2013-07-29 20:30 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2013-07-29 20:30 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2013-07-29 20:30 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2013-07-29 20:30 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2013-07-29 20:30 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2013-07-29 20:30 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2013-07-29 20:30 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2013-07-29 20:30 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2013-07-29 20:30 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2013-07-29 20:30 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2013-07-29 20:30 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2013-07-29 20:30 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2013-07-29 20:30 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2013-07-29 20:30 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2013-07-29 20:30 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2013-07-29 20:30 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2013-07-29 20:30 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2013-07-29 20:30 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2013-07-29 20:30 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2013-07-29 20:30 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2013-07-29 20:30 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2013-07-29 20:30 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2013-07-29 20:30 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2013-07-29 20:30 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2013-07-29 20:30 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2013-07-29 20:30 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2013-07-29 08:57 - 2013-07-29 08:57 - 00891098 _____ C:\Users\CK\Desktop\SecurityCheck.exe 2013-07-29 08:54 - 2013-07-29 08:54 - 02347384 _____ (ESET) C:\Users\CK\Desktop\esetsmartinstaller_enu.exe 2013-07-28 18:01 - 2013-07-28 18:01 - 00000000 ____D C:\Windows\ERUNT 2013-07-28 18:00 - 2013-07-28 18:00 - 00016189 _____ C:\Users\CK\Desktop\AdwCleaner[S1].txt 2013-07-28 17:56 - 2013-07-28 17:57 - 00016189 _____ C:\AdwCleaner[S1].txt 2013-07-28 17:55 - 2013-07-28 17:55 - 00017305 _____ C:\AdwCleaner[R1].txt 2013-07-28 17:54 - 2013-07-28 17:54 - 00666633 _____ C:\Users\CK\Desktop\adwcleaner.exe 2013-07-28 17:54 - 2013-07-28 17:54 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\CK\Desktop\JRT.exe 2013-07-28 08:52 - 2013-07-28 08:52 - 00017265 _____ C:\ComboFix.txt 2013-07-28 08:39 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-07-28 08:39 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-07-28 08:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-07-28 08:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-07-28 08:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-07-28 08:39 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-07-28 08:39 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-07-28 08:39 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-07-28 08:38 - 2013-07-28 08:52 - 00000000 ____D C:\Qoobox 2013-07-28 08:38 - 2013-07-28 08:51 - 00000000 ____D C:\Windows\erdnt 2013-07-28 08:37 - 2013-07-28 08:37 - 05095176 ____R (Swearware) C:\Users\CK\Desktop\ComboFix.exe 2013-07-27 20:39 - 2013-07-28 00:39 - 00000058 _____ C:\Users\CK\AppData\Roaming\WB.CFG 2013-07-27 20:39 - 2013-07-27 20:39 - 00000005 _____ C:\Users\CK\AppData\Roaming\WBPU-TTL.DAT 2013-07-27 20:30 - 2013-07-30 14:10 - 00000000 ____D C:\FRST 2013-07-27 20:30 - 2013-07-27 20:30 - 01780815 _____ (Farbar) C:\Users\CK\Desktop\FRST64.exe 2013-07-26 15:19 - 2013-07-26 15:19 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-07-13 18:37 - 2013-07-13 18:39 - 00000000 ____D C:\Windows\system32\MRT 2013-07-05 12:31 - 2013-07-27 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-07-30 15:21 - 2013-07-30 15:21 - 00000131 _____ C:\Users\CK\Desktop\regfix.reg 2013-07-30 15:18 - 2013-07-30 15:18 - 00000658 _____ C:\Users\CK\Desktop\Age of Empires III - Verknüpfung.lnk 2013-07-30 15:18 - 2011-12-29 13:07 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-30 15:12 - 2013-07-29 21:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-30 15:12 - 2010-09-16 23:30 - 00274465 _____ C:\Windows\DirectX.log 2013-07-30 14:57 - 2013-07-30 14:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games 2013-07-30 14:50 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-30 14:50 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-30 14:46 - 2010-09-16 23:07 - 01808203 _____ C:\Windows\WindowsUpdate.log 2013-07-30 14:42 - 2011-12-29 13:07 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-30 14:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-30 14:42 - 2009-07-14 06:51 - 00368750 _____ C:\Windows\setupact.log 2013-07-30 14:36 - 2013-07-30 14:36 - 00003024 _____ C:\Windows\System32\Tasks\{05D1DC08-D3B7-46C7-98B4-033E5E270892} 2013-07-30 14:10 - 2013-07-27 20:30 - 00000000 ____D C:\FRST 2013-07-30 13:37 - 2010-09-17 08:59 - 00654166 _____ C:\Windows\system32\perfh007.dat 2013-07-30 13:37 - 2010-09-17 08:59 - 00130006 _____ C:\Windows\system32\perfc007.dat 2013-07-30 13:37 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-30 12:38 - 2013-07-30 12:38 - 00000000 ____D C:\ProgramData\Age of Empires 3 2013-07-30 12:38 - 2013-07-29 20:35 - 00000000 ____D C:\Users\CK\Documents\My Games 2013-07-30 12:37 - 2010-07-02 13:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-07-30 11:38 - 2010-09-16 23:04 - 00042348 _____ C:\Windows\PFRO.log 2013-07-30 11:34 - 2013-07-29 20:35 - 00000000 ____D C:\Users\CK\AppData\Local\My Games 2013-07-30 08:39 - 2013-07-30 08:39 - 00000000 ____D C:\Program Files (x86)\ESET 2013-07-29 22:24 - 2013-07-29 22:24 - 00000000 ____D C:\Program Files (x86)\2K Games 2013-07-29 22:00 - 2011-01-21 19:08 - 00000000 ____D C:\Users\CK\AppData\Local\Adobe 2013-07-29 21:57 - 2013-07-29 21:57 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-07-29 21:57 - 2010-07-02 13:59 - 00000000 ____D C:\ProgramData\Adobe 2013-07-29 21:57 - 2010-07-02 13:58 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-07-29 21:55 - 2013-07-29 21:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-29 21:55 - 2012-06-11 14:54 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-29 21:55 - 2011-05-21 02:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-29 21:38 - 2011-02-01 13:36 - 00000000 ____D C:\Program Files (x86)\Doom 3 2013-07-29 21:31 - 2013-07-29 21:31 - 00001125 _____ C:\Users\CK\Desktop\JRT.txt 2013-07-29 21:23 - 2013-07-29 21:23 - 00000946 _____ C:\AdwCleaner[S2].txt 2013-07-29 08:57 - 2013-07-29 08:57 - 00891098 _____ C:\Users\CK\Desktop\SecurityCheck.exe 2013-07-29 08:54 - 2013-07-29 08:54 - 02347384 _____ (ESET) C:\Users\CK\Desktop\esetsmartinstaller_enu.exe 2013-07-28 18:01 - 2013-07-28 18:01 - 00000000 ____D C:\Windows\ERUNT 2013-07-28 18:00 - 2013-07-28 18:00 - 00016189 _____ C:\Users\CK\Desktop\AdwCleaner[S1].txt 2013-07-28 17:57 - 2013-07-28 17:56 - 00016189 _____ C:\AdwCleaner[S1].txt 2013-07-28 17:55 - 2013-07-28 17:55 - 00017305 _____ C:\AdwCleaner[R1].txt 2013-07-28 17:54 - 2013-07-28 17:54 - 00666633 _____ C:\Users\CK\Desktop\adwcleaner.exe 2013-07-28 17:54 - 2013-07-28 17:54 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\CK\Desktop\JRT.exe 2013-07-28 08:52 - 2013-07-28 08:52 - 00017265 _____ C:\ComboFix.txt 2013-07-28 08:52 - 2013-07-28 08:38 - 00000000 ____D C:\Qoobox 2013-07-28 08:52 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-07-28 08:51 - 2013-07-28 08:38 - 00000000 ____D C:\Windows\erdnt 2013-07-28 08:48 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-07-28 08:47 - 2009-07-14 04:34 - 71303168 _____ C:\Windows\system32\config\software.bak 2013-07-28 08:47 - 2009-07-14 04:34 - 16252928 _____ C:\Windows\system32\config\system.bak 2013-07-28 08:47 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2013-07-28 08:47 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2013-07-28 08:47 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\default.bak 2013-07-28 08:37 - 2013-07-28 08:37 - 05095176 ____R (Swearware) C:\Users\CK\Desktop\ComboFix.exe 2013-07-28 00:39 - 2013-07-27 20:39 - 00000058 _____ C:\Users\CK\AppData\Roaming\WB.CFG 2013-07-27 20:39 - 2013-07-27 20:39 - 00000005 _____ C:\Users\CK\AppData\Roaming\WBPU-TTL.DAT 2013-07-27 20:30 - 2013-07-27 20:30 - 01780815 _____ (Farbar) C:\Users\CK\Desktop\FRST64.exe 2013-07-27 18:40 - 2013-07-05 12:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-26 15:19 - 2013-07-26 15:19 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-07-26 15:19 - 2010-07-02 13:53 - 00000000 ____D C:\Program Files (x86)\Google 2013-07-26 10:47 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-15 20:37 - 2011-11-11 18:43 - 00000000 ____D C:\Users\CK\Desktop\Diverses 2013-07-13 18:39 - 2013-07-13 18:37 - 00000000 ____D C:\Windows\system32\MRT 2013-07-13 18:22 - 2012-05-11 11:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-13 18:22 - 2012-05-11 11:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-13 08:13 - 2011-12-29 13:07 - 00004098 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-13 08:13 - 2011-12-29 13:07 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-13 07:27 - 2011-01-20 15:13 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-05 15:03 - 2012-05-05 15:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-24 11:35 ==================== End Of Log ============================ --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2013 04 Ran by CK at 2013-07-30 15:26:23 Running from C:\Users\CK\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) (x32) 64 Bit HP CIO Components Installer (Version: 7.2.8) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Acer Arcade Deluxe (x32 Version: 4.0.7615) Acer Arcade Movie (x32 Version: 9.0.6423) Acer Backup Manager (x32 Version: 2.0.0.63) Acer Crystal Eye webcam (x32 Version: 1.0.3.5) Acer eRecovery Management (x32 Version: 4.05.3013) Acer PowerSmart Manager (x32 Version: 5.02.3004) Acer ScreenSaver (x32 Version: 1.1.0222.2010) Acer Updater (x32 Version: 1.02.3001) Acer VCM (x32 Version: 4.05.3002) Acrobat.com (x32 Version: 1.6.65) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Age of Empires III (x32 Version: 1.00.0000) Airport Mania First Flight (x32) Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001) Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17) Amazonia (x32) Apple Application Support (x32 Version: 1.4.1) Apple Mobile Device Support (Version: 3.3.0.69) Apple Software Update (x32 Version: 2.1.2.120) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.23) ATI Catalyst Install Manager (Version: 3.0.765.0) Avira Free Antivirus (x32 Version: 12.1.9.2400) Backup Manager Basic (x32 Version: 2.0.0.63) Bonjour (Version: 2.0.4.0) Cake Mania (x32) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2010.0421.657.10561) Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0421.657.10561) Catalyst Control Center Graphics Full New (x32 Version: 2010.0421.657.10561) Catalyst Control Center Graphics Light (x32 Version: 2010.0421.657.10561) Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0421.657.10561) Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561) Catalyst Control Center Localization All (x32 Version: 2010.0421.657.10561) CCC Help Chinese Standard (x32 Version: 2010.0421.0656.10561) CCC Help Chinese Traditional (x32 Version: 2010.0421.0656.10561) CCC Help Czech (x32 Version: 2010.0421.0656.10561) CCC Help Danish (x32 Version: 2010.0421.0656.10561) CCC Help Dutch (x32 Version: 2010.0421.0656.10561) CCC Help English (x32 Version: 2010.0421.0656.10561) CCC Help Finnish (x32 Version: 2010.0421.0656.10561) CCC Help French (x32 Version: 2010.0421.0656.10561) CCC Help German (x32 Version: 2010.0421.0656.10561) CCC Help Greek (x32 Version: 2010.0421.0656.10561) CCC Help Hungarian (x32 Version: 2010.0421.0656.10561) CCC Help Italian (x32 Version: 2010.0421.0656.10561) CCC Help Japanese (x32 Version: 2010.0421.0656.10561) CCC Help Korean (x32 Version: 2010.0421.0656.10561) CCC Help Norwegian (x32 Version: 2010.0421.0656.10561) CCC Help Polish (x32 Version: 2010.0421.0656.10561) CCC Help Portuguese (x32 Version: 2010.0421.0656.10561) CCC Help Russian (x32 Version: 2010.0421.0656.10561) CCC Help Spanish (x32 Version: 2010.0421.0656.10561) CCC Help Swedish (x32 Version: 2010.0421.0656.10561) CCC Help Thai (x32 Version: 2010.0421.0656.10561) CCC Help Turkish (x32 Version: 2010.0421.0656.10561) ccc-core-static (x32 Version: 2010.0421.657.10561) ccc-utility64 (Version: 2010.0421.657.10561) CDBurnerXP (Version: 4.3.8.2474) CDBurnerXP (x32 Version: 4.4.0.2838) dows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (Version: 07/07/2009 1.12.2) Dream Day First Home (x32) EPSON BX620FWD Series Printer Uninstall EPSON Scan (x32) EpsonNet Print (x32 Version: 2.4j) EpsonNet Setup 3.3 (x32 Version: 3.3b) ESET Online Scanner v3 (x32) eSobi v2 (x32 Version: 2.0.4.000274) Farm Frenzy 2 (x32) Free Studio version 5.7.4.918 (x32 Version: 5.7.4.918) Galapago (x32) Garmin Training Center (x32 Version: 3.6.5) Garmin USB Drivers (x32 Version: 2.3.0.0) Google Earth (x32 Version: 7.1.1.1888) Google Update Helper (x32 Version: 1.3.21.153) Heroes of Hellas (x32) HPDiagnosticAlert (x32 Version: 1.00.0000) Identity Card (x32 Version: 1.00.3003) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014) Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002) iTunes (Version: 10.1.1.4) Junk Mail filter update (x32 Version: 14.0.8089.726) Launch Manager (x32 Version: 4.0.7) MediaShow Espresso (x32 Version: 5.5.1403_23691) Merriam Websters Spell Jam (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MyWinLocker (x32 Version: 3.1.212.0) MyWinLocker Suite (x32 Version: 3.1.212.0) No23 Recorder (x32 Version: 2.1.0.3) NTI Backup Now 5 (x32 Version: 5.1.2.630) NTI Backup Now Standard (x32 Version: 5.1.2.630) NTI Media Maker 8 (x32 Version: 8.0.12.6636) Optical Drive Power Management (x32 Version: 1.01.3007) Pointofix (x32) Poker Pop (x32) ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14) PX Profile Update (x32 Version: 1.00.1.) QuickTime (x32 Version: 7.69.80.9) Shredder (Version: 2.0.8.3) Shredder (x32 Version: 2.0.8.3) Spin & Win (x32) Spybot - Search & Destroy (x32 Version: 1.6.2) Synaptics Pointing Device Driver (Version: 14.0.6.0) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32) Update for Zip Opener (HKCU) Update für Microsoft Office Excel 2007 Help (KB963678) (x32) Update für Microsoft Office Outlook 2007 Help (KB963677) (x32) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update für Microsoft Office Word 2007 Help (KB963665) (x32) VLC media player 1.1.5 (x32 Version: 1.1.5) Welcome Center (x32 Version: 1.02.3002) WIDCOMM Bluetooth Software (Version: 6.3.0.4300) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5) Windows Live Call (x32 Version: 14.0.8064.0206) Windows Live Communications Platform (x32 Version: 14.0.8064.206) Windows Live Essentials (x32 Version: 14.0.8089.0726) Windows Live Essentials (x32 Version: 14.0.8089.726) Windows Live Fotogalerie (x32 Version: 14.0.8081.709) Windows Live Mail (x32 Version: 14.0.8089.0726) Windows Live Messenger (x32 Version: 14.0.8089.0726) Windows Live Movie Maker (x32 Version: 14.0.8091.0730) Windows Live Sync (x32 Version: 14.0.8089.726) Windows Live Writer (x32 Version: 14.0.8089.0726) Windows Live-Uploadtool (x32 Version: 14.0.8014.1029) ZoneAlarm Free (x32 Version: 10.1.065.000) ==================== Restore Points ========================= 13-07-2013 16:36:27 Windows Update 22-07-2013 10:13:09 Geplanter Prüfpunkt 28-07-2013 06:39:16 ComboFix created restore point 29-07-2013 18:28:24 DirectX wurde installiert 29-07-2013 18:30:19 Installiert Sid Meier's Civilization IV Colonization 29-07-2013 19:38:13 Removed Doom 3 29-07-2013 20:23:19 DirectX wurde installiert 29-07-2013 20:24:43 Installiert Sid Meier's Civilization 4 Complete 30-07-2013 09:54:07 Installiert Age of Empires III 30-07-2013 11:13:01 Windows Update 30-07-2013 11:51:10 Windows Update 30-07-2013 12:38:33 Entfernt Age of Empires III 30-07-2013 12:49:39 Installiert Age of Empires III ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-07-28 08:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {08A4A439-1854-4381-AEF9-C5F0D9237A4B} - \BrowserDefendert No Task File Task: {184F287B-5BAF-4B93-A3C9-247BBB692F02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29] (Google Inc.) Task: {18A5B7F0-440A-4E7D-A103-73D1E30B3CAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-29] (Adobe Systems Incorporated) Task: {7135F53D-64D0-4167-BD36-BD7369CF4B5C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {9485626A-3604-4CC6-BE7D-02C829CF2A15} - \EPUpdater No Task File Task: {B475A789-C8C4-47A9-84FA-367309498DC1} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2009-07-14] (Microsoft Corporation) Task: {CAABDE9C-4FC1-4578-9F49-C3AAD2A012DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: High Definition Audio-Controller Description: High Definition Audio-Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HDAudBus Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/30/2013 02:46:03 PM) (Source: MsiInstaller) (User: CK-PC) Description: Produkt: Age of Empires III -- Diese Installation kann nicht durch direktes Laden des MSI-Pakets ausgeführt werden. Sie müssen Setup.exe ausführen. Error: (07/30/2013 00:38:16 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ins5F6E.tmp, Version: 3.0.0.0, Zeitstempel: 0x40daa4fa Name des fehlerhaften Moduls: ins5F6E.tmp, Version: 3.0.0.0, Zeitstempel: 0x40daa4fa Ausnahmecode: 0xc0000005 Fehleroffset: 0x00058b9c ID des fehlerhaften Prozesses: 0x1220 Startzeit der fehlerhaften Anwendung: 0xins5F6E.tmp0 Pfad der fehlerhaften Anwendung: ins5F6E.tmp1 Pfad des fehlerhaften Moduls: ins5F6E.tmp2 Berichtskennung: ins5F6E.tmp3 Error: (07/30/2013 00:37:51 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: age3.exe, Version: 4.107.803.3365, Zeitstempel: 0x46b74385 Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdb3c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000005 ID des fehlerhaften Prozesses: 0xf6c Startzeit der fehlerhaften Anwendung: 0xage3.exe0 Pfad der fehlerhaften Anwendung: age3.exe1 Pfad des fehlerhaften Moduls: age3.exe2 Berichtskennung: age3.exe3 Error: (07/30/2013 00:25:10 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error: (07/30/2013 11:53:38 AM) (Source: MsiInstaller) (User: CK-PC) Description: Produkt: Age of Empires III -- Diese Installation kann nicht durch direktes Laden des MSI-Pakets ausgeführt werden. Sie müssen Setup.exe ausführen. Error: (07/30/2013 08:39:25 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error: (07/30/2013 08:39:19 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error: (07/30/2013 08:39:19 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error: (07/29/2013 10:00:24 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00173668 ID des fehlerhaften Prozesses: 0x1078 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 System errors: ============= Error: (07/30/2013 11:50:11 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/29/2013 09:38:04 PM) (Source: DCOM) (User: ) Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -Embedding740{B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE} Microsoft Office Sessions: ========================= Error: (04/24/2012 11:08:56 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/05/2011 06:15:35 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6671 seconds with 3840 seconds of active time. This session ended with a crash. Error: (10/16/2011 00:12:56 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 76 seconds with 60 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-07-28 08:46:17.112 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-28 08:46:17.002 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-11-20 17:38:16.030 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-11-20 17:21:57.809 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-11-20 17:14:05.562 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-11-20 15:20:17.137 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-11-20 15:15:11.639 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-11-20 15:05:07.943 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-11-20 14:49:32.049 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-11-20 13:39:06.489 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 3766.69 MB Available physical RAM: 2291.04 MB Total Pagefile: 7531.51 MB Available Pagefile: 5845.93 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:227.39 GB) (Free:171.82 GB) NTFS (Disk=0 Partition=3) Drive e: (MeineDateien) (Fixed) (Total:225.27 GB) (Free:191.66 GB) NTFS (Disk=0 Partition=4) Drive f: (AOE III DISC 1) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 11A2AAD5) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=227 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=225 GB) - (Type=OF Extended) ==================== End Of Log ============================ |
30.07.2013, 17:09 | #20 |
/// the machine /// TB-Ausbilder | Wie entferne ich den Win32.Downloader.gen Trojaner Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\CK\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run [x] <===== ATTENTION SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File C:\Users\CK\AppData\Roaming\BabSolution Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Regfix bitte nochmal ausführen, mit Rechtsklick als Admin ausführen. Dann bitte mal ein Log von Spybot posten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.07.2013, 17:45 | #21 |
| Wie entferne ich den Win32.Downloader.gen Trojaner Hallo Schrauber, sorry, es tut mir echt leid, dass ich dir so viel Zeit mit dieser blöden Toolbar stehle, obwohl es ja eigentlich um den Trojaner ging... Wie dem auch sei, die Fixlist habe ich erstellt und daraufhin FRST laufen lassen. Das Ergebnis folgt. Allerdings sei gesagt, dass FRST wenn ich auf Fix klicke weniger als eine Sekunde braucht um durchzulaufen. Ist das normal? Sonst dauert alles immer länger...: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-07-2013 04 Ran by CK at 2013-07-30 18:42:32 Run:3 Running from C:\Users\CK\Desktop Boot Mode: Normal ============================================== HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NTRedirect => Value not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value not found. HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found. "C:\Users\CK\AppData\Roaming\BabSolution" => File/Directory not found. ==== End of Fixlog ==== Spybot habe ich nun zum gefühlt 10.000 Mal durchlaufen lassen und die Toolbar wird leider immer noch erkannt. Das Spybot Log folgt (ich hoffe es ist das richtige. Hat etwas gedauert bis ich das gefunden hatte...): Code:
ATTFilter --- Search result list --- Delta.Toolbar: [SBI $D54913A1] Einstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\bProtectTabs --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SDWinSec.exe (1.0.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2011-01-20 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-11-04 advcheck.dll (1.6.5.20) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2013-04-11 Includes\Adware.sbi (*) 2013-07-03 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2012-11-14 Includes\Dialer.sbi (*) 2013-04-11 Includes\DialerC.sbi (*) 2013-04-11 Includes\HeavyDuty.sbi (*) 2012-11-14 Includes\Hijackers.sbi (*) 2013-04-11 Includes\HijackersC.sbi (*) 2012-11-14 Includes\iPhone.sbi (*) 2013-06-25 Includes\Keyloggers.sbi (*) 2013-04-11 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2013-05-29 Includes\Malware.sbi (*) 2013-07-24 Includes\MalwareC.sbi (*) 2012-11-14 Includes\PUPS.sbi (*) 2013-07-22 Includes\PUPSC.sbi (*) 2010-01-25 Includes\Revision.sbi (*) 2012-11-14 Includes\Security.sbi (*) 2013-04-11 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2013-05-22 Includes\Spyware.sbi (*) 2013-06-19 Includes\SpywareC.sbi (*) 2012-11-19 Includes\Tracks.uti 2013-01-16 Includes\Trojans.sbi (*) 2013-07-11 Includes\TrojansC-02.sbi (*) 2013-07-24 Includes\TrojansC-03.sbi (*) 2013-06-27 Includes\TrojansC-04.sbi (*) 2013-06-13 Includes\TrojansC-05.sbi (*) 2013-04-19 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll --- System information --- Unknown Windows version 6.1 (Build: 7600) (6.1.7600) --- Startup entries list --- Located: HK_LM:Run, Adobe ARM command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe size: 958576 MD5: 48BE298F7FD1BEF4D8FBACB04D8D95C4 Located: HK_LM:Run, ArcadeMovieService command: "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" file: C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe size: 124136 MD5: 0F073B3EF1CDC4AEDF844BF5BC54C143 Located: HK_LM:Run, avgnt command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe size: 348664 MD5: 07761DE4451878A20690B5BDD3934123 Located: HK_LM:Run, BackupManagerTray command: "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k file: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe size: 265984 MD5: BCDFB6FAFD26A7FD8BF907E27F51B7A3 Located: HK_LM:Run, EgisTecPMMUpdate command: "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" file: C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe size: 407920 MD5: 0ADF079D36B2C25E6E9BECE1BD937ACE Located: HK_LM:Run, EgisUpdate command: "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d file: C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe size: 201584 MD5: F255E48EA981E943A14CF16269F3F3AF Located: HK_LM:Run, GrooveMonitor command: "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" file: C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe size: 30040 MD5: 0E34B7BB1FCF22BCC1E394D16F9E992B Located: HK_LM:Run, IAStorIcon command: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe file: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe size: 284696 MD5: 25107F58D1B8F60D67D1EE95798C0DE8 Located: HK_LM:Run, iTunesHelper command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe" file: C:\Program Files (x86)\iTunes\iTunesHelper.exe size: 421160 MD5: E5B82EA4B98828D50C61137BFA8793F1 Located: HK_LM:Run, LManager command: C:\Program Files (x86)\Launch Manager\LManager.exe file: C:\Program Files (x86)\Launch Manager\LManager.exe size: 1300560 MD5: 522EEC6D2CAF10ADF7D9B6868A5BDEA9 Located: HK_LM:Run, MDS_Menu command: "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" file: C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe size: 222504 MD5: 4EFCDF3DB1BBA69C09622991280C4ACB Located: HK_LM:Run, QuickTime Task command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime file: C:\Program Files (x86)\QuickTime\QTTask.exe size: 421888 MD5: 0AEE5668EB59912F32FF245BFA72465F Located: HK_LM:Run, StartCCC command: "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun file: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe size: 98304 MD5: CA9949725E12283FB3461CCF05AA2438 Located: HK_LM:Run, SuiteTray command: "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" file: C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe size: 337264 MD5: AF7DE2922E01EFA48BF5F2A8511CF896 Located: Startup (allgemein), Acer VCM.lnk where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe file: C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe size: 704032 MD5: 322640D2A69831A182DE6BC937C1828E Located: Startup (allgemein), Bluetooth.lnk where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe file: C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! --- Browser helper object list --- {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Spybot-S&D IE Protection description: Spybot-S&D IE Browser plugin classification: Legitimate known filename: SDHelper.dll info link: hxxp://www.safer-networking.org/ info source: Safer-Networking Ltd. Path: C:\Program Files (x86)\Spybot - Search & Destroy\ Long name: SDHelper.dll Short name: Date (created): 20.01.2011 16:06:42 Date (last access): 20.01.2011 16:06:42 Date (last write): 26.01.2009 16:31:02 Filesize: 1879896 Attributes: archive MD5: 022C2F6DCCDFA0AD73024D254E62AFAC CRC32: 5BA24007 Version: 1.6.2.14 {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Groove GFS Browser Helper Path: C:\Program Files (x86)\Microsoft Office\Office12\ Long name: GrooveShellExtensions.dll Short name: GR469A~1.DLL Date (created): 26.02.2009 19:36:54 Date (last access): 30.10.2011 17:19:58 Date (last write): 26.02.2009 19:36:54 Filesize: 2217832 Attributes: archive MD5: 30DB64D316F502558DB2380F7343C9FD CRC32: 152B40A2 Version: 12.0.6500.5000 {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Anmelde-Hilfsprogramm) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Windows Live Anmelde-Hilfsprogramm Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\ Long name: WindowsLiveLogin.dll Short name: WINDOW~1.DLL Date (created): 22.01.2009 15:41:30 Date (last access): 16.09.2010 23:28:58 Date (last write): 22.01.2009 15:41:30 Filesize: 408448 Attributes: archive MD5: B7899C3E21B299D7A3C0DA96CAE340BD CRC32: 288935F8 Version: 5.0.818.5 --- ActiveX list --- --- Process list --- PID: 0 ( 0) [System] PID: 2644 (2836) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe size: 349552 MD5: 0D6972A795995F07B6D78CA7724744FB PID: 3120 (2836) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe size: 26448 MD5: B8B1A3F5EFA0DBE88EAB41A7110B9A31 PID: 3188 (2836) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe size: 704032 MD5: 322640D2A69831A182DE6BC937C1828E PID: 3392 (3120) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe size: 30544 MD5: 53A968F934EAFC233BA42BE797775852 PID: 3500 (3140) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe size: 284696 MD5: 25107F58D1B8F60D67D1EE95798C0DE8 PID: 3508 (3140) C:\Program Files (x86)\Launch Manager\LManager.exe size: 1300560 MD5: 522EEC6D2CAF10ADF7D9B6868A5BDEA9 PID: 3560 (3140) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe size: 407920 MD5: 0ADF079D36B2C25E6E9BECE1BD937ACE PID: 3572 (3140) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe size: 265984 MD5: BCDFB6FAFD26A7FD8BF907E27F51B7A3 PID: 3612 (3140) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe size: 124136 MD5: 0F073B3EF1CDC4AEDF844BF5BC54C143 PID: 3648 (3140) C:\Program Files (x86)\iTunes\iTunesHelper.exe size: 421160 MD5: E5B82EA4B98828D50C61137BFA8793F1 PID: 3656 (3140) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe size: 348664 MD5: 07761DE4451878A20690B5BDD3934123 PID: 3900 (3552) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe size: 201584 MD5: F255E48EA981E943A14CF16269F3F3AF PID: 244 (2836) C:\Program Files (x86)\Mozilla Firefox\firefox.exe size: 920472 MD5: C8D28F8B498CADBB9445AC4545BD41B7 PID: 4940 ( 244) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe size: 17304 MD5: E9349A03FD81B4806714A16796B5E20A PID: 4124 (4940) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe size: 1861512 MD5: D8425B8D6DC2AA8D871363B0775BCF18 PID: 368 (4124) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe size: 1861512 MD5: D8425B8D6DC2AA8D871363B0775BCF18 PID: 460 (2836) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe size: 5365592 MD5: 0477C2F9171599CA5BC3307FDFBA8D89 PID: 4 ( 0) System PID: 316 ( 4) smss.exe PID: 424 ( 416) csrss.exe PID: 512 ( 416) wininit.exe size: 96256 PID: 540 ( 524) csrss.exe PID: 572 ( 512) services.exe PID: 600 ( 512) lsass.exe PID: 608 ( 512) lsm.exe PID: 724 ( 524) winlogon.exe PID: 736 ( 572) svchost.exe size: 20992 PID: 840 ( 572) svchost.exe size: 20992 PID: 904 ( 572) atiesrxx.exe PID: 972 ( 572) svchost.exe size: 20992 PID: 1012 ( 572) svchost.exe size: 20992 PID: 284 ( 572) svchost.exe size: 20992 PID: 544 ( 572) svchost.exe size: 20992 PID: 1064 ( 572) svchost.exe size: 20992 PID: 1216 (1012) wlanext.exe size: 77312 PID: 1224 ( 424) conhost.exe PID: 1320 ( 572) spoolsv.exe PID: 1348 ( 572) sched.exe PID: 1400 ( 904) atieclxx.exe PID: 1488 ( 572) svchost.exe size: 20992 PID: 1596 ( 572) eEBSvc.exe PID: 1756 ( 572) armsvc.exe PID: 1792 ( 572) avguard.exe PID: 1860 ( 572) AppleMobileDeviceService.exe PID: 1912 ( 572) mDNSResponder.exe PID: 1932 ( 572) btwdins.exe PID: 1972 ( 572) dsiwmis.exe PID: 1128 ( 572) ePowerSvc.exe PID: 1588 ( 572) LMS.exe PID: 1808 ( 572) svchost.exe size: 20992 PID: 1176 ( 572) IScheduleSvc.exe PID: 1420 ( 572) SchedulerSvc.exe PID: 2036 ( 572) ODDPWRSvc.exe PID: 2040 ( 572) svchost.exe size: 20992 PID: 2076 ( 572) RichVideo.exe PID: 2104 ( 572) RS_Service.exe PID: 2156 ( 572) svchost.exe size: 20992 PID: 2212 ( 572) UpdaterService.exe PID: 2344 ( 572) SDWinSec.exe size: 1153368 MD5: 794D4B48DFB6E999537C7C3947863463 PID: 2676 ( 572) C:\Windows\System32\taskhost.exe PID: 2696 ( 284) taskeng.exe size: 192000 PID: 2656 (1012) C:\Windows\System32\dwm.exe PID: 2836 (2596) C:\Windows\explorer.exe size: 2870272 MD5: 0862495E0C825893DB75EF44FAEA8E93 PID: 3048 (2836) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe size: 320000 MD5: 2C2C3D428E6581CF56A80416AA327425 PID: 2624 (2836) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe size: 223264 MD5: A5F30B7295A8D0CE87FDE15FCF9646E1 PID: 2460 (2836) C:\Windows\System32\igfxpers.exe PID: 2832 (2836) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe size: 1842472 MD5: 3B30F234512DB4EFDD0168928C61FC8E PID: 3100 ( 736) C:\Windows\System32\wbem\unsecapp.exe PID: 3212 ( 736) WmiPrvSE.exe PID: 3232 (2836) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe size: 1125152 MD5: 30273CDB6D7175A8B3BC83706BFB7EB5 PID: 3384 (2208) C:\Windows\System32\GfxUI.exe PID: 3544 (3508) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe size: 72712 MD5: C19AAD30985941B6B7E8D3A7BEFF715B PID: 3796 (1972) LMworker.exe PID: 3860 (1792) avshadow.exe PID: 3868 ( 424) conhost.exe PID: 3932 ( 572) SearchIndexer.exe size: 428032 PID: 3168 ( 572) iPodService.exe PID: 3440 (2832) SynTPHelper.exe PID: 4720 (3092) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe size: 850464 MD5: D7B56AA1057D236634D08B806D7F6512 PID: 4756 (1128) ePowerEvent.exe PID: 4856 (3580) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe size: 65536 MD5: E7704CBF568815C1CAA6E513387BD3F2 PID: 4100 (4856) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe size: 65536 MD5: 74EF310FAC89341CE2897B7F2C4A7B0F PID: 5024 ( 572) IAStorDataMgrSvc.exe PID: 3452 ( 572) UNS.exe PID: 4236 ( 572) wmpnetwk.exe PID: 1944 ( 572) svchost.exe size: 20992 PID: 4964 ( 572) svchost.exe size: 20992 PID: 4192 ( 972) audiodg.exe --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 30.07.2013 18:40:20 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\Windows\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page hxxp://www.google.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page C:\Windows\SysWOW64\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360111m006l04f3z135t57j1j194 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360111m006l04f3z135t57j1j194 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL hxxp://go.microsoft.com/fwlink/?LinkId=54896 --- Winsock Layered Service Provider list --- Protocol 0: MSAFD-Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip[*] Protocol 1: MSAFD-Tcpip [UDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip[*] Protocol 2: MSAFD-Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip[*] Protocol 3: MSAFD-Tcpip [TCP/IPv6] GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IPv6 protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip[*] Protocol 4: MSAFD-Tcpip [UDP/IPv6] GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IPv6 protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip[*] Protocol 5: MSAFD-Tcpip [RAW/IPv6] GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IPv6 protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip[*] Protocol 6: RSVP-TCPv6-Dienstanbieter GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 7: RSVP-TCP-Dienstanbieter GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 8: RSVP-UDPv6-Dienstanbieter GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 9: RSVP-UDP-Dienstanbieter GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 10: MSAFD RfComm [Bluetooth] GUID: {9FC48064-7298-43E4-B7BD-181F2089792A} Filename: %SystemRoot%\system32\mswsock.dll Description: Bluetooth DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD RfComm [Bluetooth] Namespace Provider 0: NLA (Network Location Awareness, NLAv1)-Namespace GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace Namespace Provider 1: TCP/IP GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP Namespace Provider 2: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS Namespace Provider 3: E-Mail-Namenshimanbieter GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE} Filename: Namespace Provider 4: PNRP-Wolken-Namespaceanbieter GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D} Filename: Namespace Provider 5: PNRP-Namen-Namespaceanbieter GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D} Filename: Namespace Provider 6: Bluetooth-Namespace GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D} Filename: %SystemRoot%\system32\wshbth.dll Description: Bluetooth DB filename: %SystemRoot%\system32\wshbth.dll DB protocol: Bluetooth-Namespace Namespace Provider 7: mdnsNSP GUID: {B600E6E9-553B-4A19-8696-335E5C896153} Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll Description: Apple Rendezvous protocol DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll DB protocol: mdnsNSP |
31.07.2013, 08:11 | #22 |
/// the machine /// TB-Ausbilder | Wie entferne ich den Win32.Downloader.gen Trojaner hi, Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.07.2013, 08:30 | #23 |
| Wie entferne ich den Win32.Downloader.gen Trojaner Guten Morgen Schrauber, es hat alles geklappt und auch nur ca. 5 Minuten gedauert. Der Editor öffnete sich mit folgendem Log: Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 09:25 on 31/07/2013 by CK Administrator - Elevation successful ========== filefind ========== Searching for "*bProtect*" No files found. Searching for "*delta*" C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_1.save --a---- 19867939 bytes [19:59 10/02/2011] [19:59 10/02/2011] C8A45408E8C3D40AFA695D38EA1DA302 C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_1.txt --a---- 91 bytes [19:59 10/02/2011] [19:59 10/02/2011] 89FEBA7A9369C358461477E4DE48495E C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_2a.save --a---- 12701270 bytes [21:12 12/02/2011] [21:12 12/02/2011] CC361335228237F412612FBABF976680 C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_2a.txt --a---- 94 bytes [21:12 12/02/2011] [21:12 12/02/2011] 44825CB7349E4CCBEDD65AACF0D25F79 C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_2b.save --a---- 10540949 bytes [17:46 15/02/2011] [17:46 15/02/2011] 9E5D41077673139306F93A5890D8FFAA C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_2b.txt --a---- 94 bytes [17:46 15/02/2011] [17:46 15/02/2011] A244C27992FF2D1DD24112FCF2166502 C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_3.save --a---- 14789066 bytes [16:18 05/03/2011] [16:18 05/03/2011] 3266A078AD70779F4D0C9FF766B261A1 C:\Program Files (x86)\Doom 3\base\savegames\AutoSave__Delta_Labs_Sector_3.txt --a---- 91 bytes [16:18 05/03/2011] [16:18 05/03/2011] BD96B42D13D070BFCC4B8927AFF3C136 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar.zip --a---- 575 bytes [17:01 27/07/2013] [17:01 27/07/2013] 853A310683E9B7021E2ECA1FE6B994D7 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar1.zip --a---- 570 bytes [17:01 27/07/2013] [17:01 27/07/2013] AA707FD76A7F6BBF9F90C289A89C44D8 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar10.zip --a---- 730 bytes [17:01 27/07/2013] [17:01 27/07/2013] 92884871658C28C3879B17A80A956487 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar100.zip --a---- 651 bytes [17:01 27/07/2013] [17:01 27/07/2013] DA35864670DF9BB98BBEE44DB2DB9B7F C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar101.zip --a---- 571 bytes [17:01 27/07/2013] [17:01 27/07/2013] A3030AC2F6286FF442E8BD7C68F1DC28 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar102.zip --a---- 644 bytes [17:01 27/07/2013] [17:01 27/07/2013] 69505F93AD56A214FD0BEB078B65B555 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar103.zip --a---- 572 bytes [17:01 27/07/2013] [17:01 27/07/2013] AABF82A455BE205FF194A69AE235865C C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar104.zip --a---- 646 bytes [17:01 27/07/2013] [17:01 27/07/2013] 363626C422DC4767848FAFB1652AFB12 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar105.zip --a---- 551 bytes [17:01 27/07/2013] [17:01 27/07/2013] 177A1023F2F83334E4B2D3429E910D7D C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar106.zip --a---- 617 bytes [17:01 27/07/2013] [17:01 27/07/2013] 5ACB97DA84C7C7151DD5C3D0E312262E C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar11.zip --a---- 896 bytes [17:01 27/07/2013] [17:01 27/07/2013] B9DF5631323CDA36BE8A24D034149769 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar12.zip --a---- 793 bytes [17:01 27/07/2013] [17:01 27/07/2013] D2882E6A2C5E97CF62C87B216AAE14CE C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar13.zip --a---- 758 bytes [17:01 27/07/2013] [17:01 27/07/2013] 475F936F5C591CBE1A0D3EA39B74EF2C C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar14.zip --a---- 717 bytes [17:01 27/07/2013] [17:01 27/07/2013] 6FDA13082DBE5E0795165AC316090E84 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar15.zip --a---- 682 bytes [17:01 27/07/2013] [17:01 27/07/2013] 158ACC9AAB654417D0D06EF387A64DE1 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar16.zip --a---- 671 bytes [17:01 27/07/2013] [17:01 27/07/2013] 507E0F797EFFCC2DCC148CA092E68AB2 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar17.zip --a---- 671 bytes [17:01 27/07/2013] [17:01 27/07/2013] 2665281C7464B4310DE604C6EE870DEC C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar18.zip --a---- 653 bytes [17:01 27/07/2013] [17:01 27/07/2013] 3DAF01FC59BBFD514FD2FA7961F5B5A6 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar19.zip --a---- 1606 bytes [17:01 27/07/2013] [17:01 27/07/2013] F2B353F572366FA4758980F2D57E1703 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar2.zip --a---- 500 bytes [17:01 27/07/2013] [17:01 27/07/2013] BD66670BBB8926F89028C9D10675442F C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar20.zip --a---- 1775 bytes [17:01 27/07/2013] [17:01 27/07/2013] 4F6C32B0ADCFFA86495DC990460B071F C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar21.zip --a---- 5551 bytes [17:01 27/07/2013] [17:01 27/07/2013] 11D399C68799F56AA7429D46AD3BF664 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar22.zip --a---- 3838 bytes [17:01 27/07/2013] [17:01 27/07/2013] 8CB732C444A630AC4AD74145C22BE30F C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar23.zip --a---- 2828220 bytes [17:01 27/07/2013] [17:01 27/07/2013] B7F4551486D7C9BF47E437C569E47344 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar24.zip --a---- 1091778 bytes [17:01 27/07/2013] [17:01 27/07/2013] 28D8A07E4524ED06D5C7591F70FEC6E6 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar25.zip --a---- 6162 bytes [17:01 27/07/2013] [17:01 27/07/2013] FFE335545F598E024D48EF1E47736CBF C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar26.zip --a---- 2411 bytes [17:01 27/07/2013] [17:01 27/07/2013] C913AE423052607365ECB86D48B23B5D C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar27.zip --a---- 31124 bytes [17:01 27/07/2013] [17:01 27/07/2013] 776DB0F8EB0FF9E4FFDDF23816E9B419 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar28.zip --a---- 2828213 bytes [17:01 27/07/2013] [17:01 27/07/2013] 0CF9DDC74EDDEB7E256F017639B139F4 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar29.zip --a---- 1781 bytes [17:01 27/07/2013] [17:01 27/07/2013] 723FFE158A4AB954A128CBB6BC3E9F1C C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar3.zip --a---- 580 bytes [17:01 27/07/2013] [17:01 27/07/2013] 4E51A07C122DCCD9A31C67A09EEE13F2 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar30.zip --a---- 1594 bytes [17:01 27/07/2013] [17:01 27/07/2013] 92F534FC961B10892FC9EEFED6513038 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar31.zip --a---- 865 bytes [17:01 27/07/2013] [17:01 27/07/2013] FBAEC6648AE09C16EE88811B01DB1792 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar32.zip --a---- 1039 bytes [17:01 27/07/2013] [17:01 27/07/2013] DFC533B3F4436E6A3F3C17371B5740D8 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar33.zip --a---- 591 bytes [17:01 27/07/2013] [17:01 27/07/2013] 518670D00706BB320583B5612AD5ECE2 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar34.zip --a---- 628 bytes [17:01 27/07/2013] [17:01 27/07/2013] 303BEA5961AB52C2397905A5A627903E C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar35.zip --a---- 578 bytes [17:01 27/07/2013] [17:01 27/07/2013] D4B6D63451ECF09723ECDD97AE049914 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar36.zip --a---- 6791919 bytes [17:01 27/07/2013] [17:01 27/07/2013] 4219ECEFABA557459B8C7ED63F0B0989 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar37.zip --a---- 1352 bytes [17:01 27/07/2013] [17:01 27/07/2013] 8CFA8B14474CCA09971E04C52AE715FB C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar38.zip --a---- 564 bytes [17:01 27/07/2013] [17:01 27/07/2013] 13355392D91D8A8ECB2CB17498FEA224 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar39.zip --a---- 147248 bytes [17:01 27/07/2013] [17:01 27/07/2013] CAEBA08FC93F6DB1B658CFFE1C9D7610 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar4.zip --a---- 934 bytes [17:01 27/07/2013] [17:01 27/07/2013] 4AEB1419ECA6D514E8DFEA750B878279 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar40.zip --a---- 611 bytes [17:01 27/07/2013] [17:01 27/07/2013] 5C152E5F906557E002DC6473A9D58DC9 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar41.zip --a---- 538 bytes [17:01 27/07/2013] [17:01 27/07/2013] 3D8324CBBE494B7AD622D0643A020753 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar42.zip --a---- 542 bytes [17:01 27/07/2013] [17:01 27/07/2013] 701428CCDF6C3EE327B5AB121C536AA5 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar43.zip --a---- 634 bytes [17:01 27/07/2013] [17:01 27/07/2013] 130647D411A239409878EC9E22BCAF30 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar44.zip --a---- 614 bytes [17:01 27/07/2013] [17:01 27/07/2013] 64459A137EAD1A49EE35FEBE49E2DAC0 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar45.zip --a---- 609 bytes [17:01 27/07/2013] [17:01 27/07/2013] D66B49CA2833B6330B7E6D666CA1C589 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar46.zip --a---- 146457 bytes [17:01 27/07/2013] [17:01 27/07/2013] E43374CB29E95705B7C9F7C4906DDBC5 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar47.zip --a---- 614 bytes [17:01 27/07/2013] [17:01 27/07/2013] DA645BF91326D6E52E57E13792B154D5 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar48.zip --a---- 539 bytes [17:01 27/07/2013] [17:01 27/07/2013] 5A0EA3F36E7886DA00EA5B728C60CD43 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar49.zip --a---- 543 bytes [17:01 27/07/2013] [17:01 27/07/2013] F35C574DD0BD5912E6BAE1BBEEF660C0 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar5.zip --a---- 636 bytes [17:01 27/07/2013] [17:01 27/07/2013] 915AAB649D52D3E758E7E696023C23F3 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar50.zip --a---- 637 bytes [17:01 27/07/2013] [17:01 27/07/2013] 35E1B3F71EDAE94569A77424223981C4 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar51.zip --a---- 693 bytes [17:01 27/07/2013] [17:01 27/07/2013] 6623B57C90969626D45F241C76B76FB5 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar52.zip --a---- 615 bytes [17:01 27/07/2013] [17:01 27/07/2013] FD9B335154221E90C278E45064FC23B3 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar53.zip --a---- 607 bytes [17:01 27/07/2013] [17:01 27/07/2013] E72F27D6C7F48FBF7977DD5BF680B33C C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar54.zip --a---- 142333 bytes [17:01 27/07/2013] [17:01 27/07/2013] 385E5F3DED16FF76065B30BF743AD604 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar55.zip --a---- 609 bytes [17:01 27/07/2013] [17:01 27/07/2013] C938FE8A4BF5BD51F4EE5D798E6C0A04 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar56.zip --a---- 540 bytes [17:01 27/07/2013] [17:01 27/07/2013] 9D5943F3B034D4FD7906E7F619DE2FAC C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar57.zip --a---- 544 bytes [17:01 27/07/2013] [17:01 27/07/2013] 0EDC94A2D0E943661570B5E7D4ECDA24 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar58.zip --a---- 633 bytes [17:01 27/07/2013] [17:01 27/07/2013] 1B2942DEA1949A0A79D2E4C24E6996BE C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar59.zip --a---- 617 bytes [17:01 27/07/2013] [17:01 27/07/2013] DD27418F51EBDF44BB801DD052F9E9AE C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar6.zip --a---- 613 bytes [17:01 27/07/2013] [17:01 27/07/2013] DAC4EC40432DDB9664BF27C06A254694 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar60.zip --a---- 611 bytes [17:01 27/07/2013] [17:01 27/07/2013] 58BBFF1A6D085E49C0B5AB2E939B5E87 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar61.zip --a---- 551 bytes [17:01 27/07/2013] [17:01 27/07/2013] 0DCCD18D6B229632B850B7A483ED8F0B C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar62.zip --a---- 617 bytes [17:01 27/07/2013] [17:01 27/07/2013] FD2642EA6E87EB17C77291C0192FEFBF C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar63.zip --a---- 625 bytes [17:01 27/07/2013] [17:01 27/07/2013] DBF800E1AC9D87B65598AFC56AC035AC C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar64.zip --a---- 269235 bytes [17:01 27/07/2013] [17:01 27/07/2013] 2A2C5EE131F3BBD0206B52655E704B52 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar65.zip --a---- 611 bytes [17:01 27/07/2013] [17:01 27/07/2013] 8470C85FBA10786C9672ECF8E03575F9 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar66.zip --a---- 544 bytes [17:01 27/07/2013] [17:01 27/07/2013] 42BEDE05BF469CD2AA70F68C11103E36 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar67.zip --a---- 547 bytes [17:01 27/07/2013] [17:01 27/07/2013] BB924335BB35FEA616C371CB0A32A675 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar68.zip --a---- 636 bytes [17:01 27/07/2013] [17:01 27/07/2013] 6130682696072141752CD03B5735D079 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar69.zip --a---- 616 bytes [17:01 27/07/2013] [17:01 27/07/2013] 9474721088B6E13A889001500128FE5A C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar7.zip --a---- 608 bytes [17:01 27/07/2013] [17:01 27/07/2013] 8F10C51DD5057A448FFA4CB54007B7F6 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar70.zip --a---- 612 bytes [17:01 27/07/2013] [17:01 27/07/2013] 77F4231756643AC6EAD3723311532417 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar71.zip --a---- 550 bytes [17:01 27/07/2013] [17:01 27/07/2013] BF1D70A521DD4FD28335F316FE147322 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar72.zip --a---- 618 bytes [17:01 27/07/2013] [17:01 27/07/2013] 14249E108FE517BEC808B2D04F06E0DC C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar73.zip --a---- 1656676 bytes [17:01 27/07/2013] [17:01 27/07/2013] FF9B3E57F989F65403095D786B711189 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar74.zip --a---- 599 bytes [15:38 29/07/2013] [15:38 29/07/2013] FC7AFF635828BB8216459F2F5479FC9C C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar77.zip --a---- 561 bytes [17:01 27/07/2013] [17:01 27/07/2013] AB8C0C6C8FF5EE8E92673A0260522672 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar78.zip --a---- 183001 bytes [17:01 27/07/2013] [17:01 27/07/2013] 204B384140B4F88D22DC3132C70B707F C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar79.zip --a---- 549 bytes [17:01 27/07/2013] [17:01 27/07/2013] 3E690C89DB26D9889CA5EF01B31A7C31 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar8.zip --a---- 494 bytes [17:01 27/07/2013] [17:01 27/07/2013] 0113286DB7A17D0D6E86F574C765E2DA C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar80.zip --a---- 613 bytes [17:01 27/07/2013] [17:01 27/07/2013] D573B2245D0ECD372212A981247451D6 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar81.zip --a---- 571 bytes [17:01 27/07/2013] [17:01 27/07/2013] 1F897C3F1B417B74A25660F3889913F2 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar82.zip --a---- 646 bytes [17:01 27/07/2013] [17:01 27/07/2013] 3DBD7FF77C89DFF4BF595827004B6E56 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar83.zip --a---- 571 bytes [17:01 27/07/2013] [17:01 27/07/2013] 0A322D688A28D84E003372F2F648B914 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar84.zip --a---- 649 bytes [17:01 27/07/2013] [17:01 27/07/2013] 9AEE58137964CA853460ADC334DA1F04 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar85.zip --a---- 569 bytes [17:01 27/07/2013] [17:01 27/07/2013] FB69BC589E1F43CE1162FE8E0E826BB0 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar86.zip --a---- 645 bytes [17:01 27/07/2013] [17:01 27/07/2013] 78A93D4A137D9972A4AF7716DE9C54F4 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar87.zip --a---- 571 bytes [17:01 27/07/2013] [17:01 27/07/2013] 2817CDAD470A36ADD2FBC0DD8876ECEB C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar88.zip --a---- 646 bytes [17:01 27/07/2013] [17:01 27/07/2013] FA2A20F6CD2BD98A2695C167BC89A98D C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar89.zip --a---- 570 bytes [17:01 27/07/2013] [17:01 27/07/2013] EA972ADBE8A7BF7C965FDA9C791AC6E1 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar9.zip --a---- 650 bytes [17:01 27/07/2013] [17:01 27/07/2013] 945647B16EBE2BA7B35E4A335D9294C2 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar90.zip --a---- 648 bytes [17:01 27/07/2013] [17:01 27/07/2013] 6B3D02E757CDED0595B64A12804BF136 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar91.zip --a---- 570 bytes [17:01 27/07/2013] [17:01 27/07/2013] 51269004284C4B2788E1FFEF06F67D6A C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar92.zip --a---- 646 bytes [17:01 27/07/2013] [17:01 27/07/2013] 57CE6DA9F74129FE2DED9A018B644C68 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar93.zip --a---- 571 bytes [17:01 27/07/2013] [17:01 27/07/2013] F7144686592C29A9BD8C378C68FC1FFA C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar94.zip --a---- 643 bytes [17:01 27/07/2013] [17:01 27/07/2013] F6B842DB62BF1264D59E7AD4F3B2BA33 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar95.zip --a---- 571 bytes [17:01 27/07/2013] [17:01 27/07/2013] 2A147507CB00BBD5468DAB6D33AAE8AE C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar96.zip --a---- 650 bytes [17:01 27/07/2013] [17:01 27/07/2013] E7943CD8D4B0A7F8A4FEC89A46F5DD43 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar97.zip --a---- 573 bytes [17:01 27/07/2013] [17:01 27/07/2013] F4AF175D15DBD5AB44A5B3B99399E2B2 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar98.zip --a---- 645 bytes [17:01 27/07/2013] [17:01 27/07/2013] D856FD95A6F5EBAAC39E2FF43741DA46 C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar99.zip --a---- 573 bytes [17:01 27/07/2013] [17:01 27/07/2013] 2B2BFA626D1FC1234ADD62EE055E46A1 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar.zip --a---- 575 bytes [17:01 27/07/2013] [17:01 27/07/2013] 853A310683E9B7021E2ECA1FE6B994D7 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar1.zip --a---- 570 bytes [17:01 27/07/2013] [17:01 27/07/2013] AA707FD76A7F6BBF9F90C289A89C44D8 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar10.zip --a---- 730 bytes [17:01 27/07/2013] [17:01 27/07/2013] 92884871658C28C3879B17A80A956487 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar100.zip --a---- 651 bytes [17:01 27/07/2013] [17:01 27/07/2013] DA35864670DF9BB98BBEE44DB2DB9B7F C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar101.zip --a---- 571 bytes [17:01 27/07/2013] [17:01 27/07/2013] A3030AC2F6286FF442E8BD7C68F1DC28 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar102.zip --a---- 644 bytes [17:01 27/07/2013] [17:01 27/07/2013] 69505F93AD56A214FD0BEB078B65B555 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar103.zip --a---- 572 bytes [17:01 27/07/2013] [17:01 27/07/2013] AABF82A455BE205FF194A69AE235865C C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar104.zip --a---- 646 bytes [17:01 27/07/2013] [17:01 27/07/2013] 363626C422DC4767848FAFB1652AFB12 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar105.zip --a---- 551 bytes [17:01 27/07/2013] [17:01 27/07/2013] 177A1023F2F83334E4B2D3429E910D7D C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar106.zip --a---- 617 bytes [17:01 27/07/2013] [17:01 27/07/2013] 5ACB97DA84C7C7151DD5C3D0E312262E C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar11.zip --a---- 896 bytes [17:01 27/07/2013] [17:01 27/07/2013] B9DF5631323CDA36BE8A24D034149769 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar12.zip --a---- 793 bytes [17:01 27/07/2013] [17:01 27/07/2013] D2882E6A2C5E97CF62C87B216AAE14CE C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar13.zip --a---- 758 bytes [17:01 27/07/2013] [17:01 27/07/2013] 475F936F5C591CBE1A0D3EA39B74EF2C C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar14.zip --a---- 717 bytes [17:01 27/07/2013] [17:01 27/07/2013] 6FDA13082DBE5E0795165AC316090E84 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar15.zip --a---- 682 bytes [17:01 27/07/2013] [17:01 27/07/2013] 158ACC9AAB654417D0D06EF387A64DE1 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar16.zip --a---- 671 bytes [17:01 27/07/2013] [17:01 27/07/2013] 507E0F797EFFCC2DCC148CA092E68AB2 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar17.zip --a---- 671 bytes [17:01 27/07/2013] [17:01 27/07/2013] 2665281C7464B4310DE604C6EE870DEC C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar18.zip --a---- 653 bytes [17:01 27/07/2013] [17:01 27/07/2013] 3DAF01FC59BBFD514FD2FA7961F5B5A6 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar19.zip --a---- 1606 bytes [17:01 27/07/2013] [17:01 27/07/2013] F2B353F572366FA4758980F2D57E1703 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar2.zip --a---- 500 bytes [17:01 27/07/2013] [17:01 27/07/2013] BD66670BBB8926F89028C9D10675442F C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar20.zip --a---- 1775 bytes [17:01 27/07/2013] [17:01 27/07/2013] 4F6C32B0ADCFFA86495DC990460B071F C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar21.zip --a---- 5551 bytes [17:01 27/07/2013] [17:01 27/07/2013] 11D399C68799F56AA7429D46AD3BF664 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar22.zip --a---- 3838 bytes [17:01 27/07/2013] [17:01 27/07/2013] 8CB732C444A630AC4AD74145C22BE30F C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar23.zip --a---- 2828220 bytes [17:01 27/07/2013] [17:01 27/07/2013] B7F4551486D7C9BF47E437C569E47344 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar24.zip --a---- 1091778 bytes [17:01 27/07/2013] [17:01 27/07/2013] 28D8A07E4524ED06D5C7591F70FEC6E6 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar25.zip --a---- 6162 bytes [17:01 27/07/2013] [17:01 27/07/2013] FFE335545F598E024D48EF1E47736CBF C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar26.zip --a---- 2411 bytes [17:01 27/07/2013] [17:01 27/07/2013] C913AE423052607365ECB86D48B23B5D C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar27.zip --a---- 31124 bytes [17:01 27/07/2013] [17:01 27/07/2013] 776DB0F8EB0FF9E4FFDDF23816E9B419 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar28.zip --a---- 2828213 bytes [17:01 27/07/2013] [17:01 27/07/2013] 0CF9DDC74EDDEB7E256F017639B139F4 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar29.zip --a---- 1781 bytes [17:01 27/07/2013] [17:01 27/07/2013] 723FFE158A4AB954A128CBB6BC3E9F1C C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar3.zip --a---- 580 bytes [17:01 27/07/2013] [17:01 27/07/2013] 4E51A07C122DCCD9A31C67A09EEE13F2 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar30.zip --a---- 1594 bytes [17:01 27/07/2013] [17:01 27/07/2013] 92F534FC961B10892FC9EEFED6513038 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar31.zip --a---- 865 bytes [17:01 27/07/2013] [17:01 27/07/2013] FBAEC6648AE09C16EE88811B01DB1792 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar32.zip --a---- 1039 bytes [17:01 27/07/2013] [17:01 27/07/2013] DFC533B3F4436E6A3F3C17371B5740D8 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar33.zip --a---- 591 bytes [17:01 27/07/2013] [17:01 27/07/2013] 518670D00706BB320583B5612AD5ECE2 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar34.zip --a---- 628 bytes [17:01 27/07/2013] [17:01 27/07/2013] 303BEA5961AB52C2397905A5A627903E C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar35.zip --a---- 578 bytes [17:01 27/07/2013] [17:01 27/07/2013] D4B6D63451ECF09723ECDD97AE049914 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar36.zip --a---- 6791919 bytes [17:01 27/07/2013] [17:01 27/07/2013] 4219ECEFABA557459B8C7ED63F0B0989 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar37.zip --a---- 1352 bytes [17:01 27/07/2013] [17:01 27/07/2013] 8CFA8B14474CCA09971E04C52AE715FB C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar38.zip --a---- 564 bytes [17:01 27/07/2013] [17:01 27/07/2013] 13355392D91D8A8ECB2CB17498FEA224 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar39.zip --a---- 147248 bytes [17:01 27/07/2013] [17:01 27/07/2013] CAEBA08FC93F6DB1B658CFFE1C9D7610 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar4.zip --a---- 934 bytes [17:01 27/07/2013] [17:01 27/07/2013] 4AEB1419ECA6D514E8DFEA750B878279 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar40.zip --a---- 611 bytes [17:01 27/07/2013] [17:01 27/07/2013] 5C152E5F906557E002DC6473A9D58DC9 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar41.zip --a---- 538 bytes [17:01 27/07/2013] [17:01 27/07/2013] 3D8324CBBE494B7AD622D0643A020753 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar42.zip --a---- 542 bytes [17:01 27/07/2013] [17:01 27/07/2013] 701428CCDF6C3EE327B5AB121C536AA5 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar43.zip --a---- 634 bytes [17:01 27/07/2013] [17:01 27/07/2013] 130647D411A239409878EC9E22BCAF30 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar44.zip --a---- 614 bytes [17:01 27/07/2013] [17:01 27/07/2013] 64459A137EAD1A49EE35FEBE49E2DAC0 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar45.zip --a---- 609 bytes [17:01 27/07/2013] [17:01 27/07/2013] D66B49CA2833B6330B7E6D666CA1C589 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar46.zip --a---- 146457 bytes [17:01 27/07/2013] [17:01 27/07/2013] E43374CB29E95705B7C9F7C4906DDBC5 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar47.zip --a---- 614 bytes [17:01 27/07/2013] [17:01 27/07/2013] DA645BF91326D6E52E57E13792B154D5 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar48.zip --a---- 539 bytes [17:01 27/07/2013] [17:01 27/07/2013] 5A0EA3F36E7886DA00EA5B728C60CD43 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar49.zip --a---- 543 bytes [17:01 27/07/2013] [17:01 27/07/2013] F35C574DD0BD5912E6BAE1BBEEF660C0 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar5.zip --a---- 636 bytes [17:01 27/07/2013] [17:01 27/07/2013] 915AAB649D52D3E758E7E696023C23F3 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar50.zip --a---- 637 bytes [17:01 27/07/2013] [17:01 27/07/2013] 35E1B3F71EDAE94569A77424223981C4 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar51.zip --a---- 693 bytes [17:01 27/07/2013] [17:01 27/07/2013] 6623B57C90969626D45F241C76B76FB5 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar52.zip --a---- 615 bytes [17:01 27/07/2013] [17:01 27/07/2013] FD9B335154221E90C278E45064FC23B3 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar53.zip --a---- 607 bytes [17:01 27/07/2013] [17:01 27/07/2013] E72F27D6C7F48FBF7977DD5BF680B33C C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar54.zip --a---- 142333 bytes [17:01 27/07/2013] [17:01 27/07/2013] 385E5F3DED16FF76065B30BF743AD604 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar55.zip --a---- 609 bytes [17:01 27/07/2013] [17:01 27/07/2013] C938FE8A4BF5BD51F4EE5D798E6C0A04 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar56.zip --a---- 540 bytes [17:01 27/07/2013] [17:01 27/07/2013] 9D5943F3B034D4FD7906E7F619DE2FAC C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar57.zip --a---- 544 bytes [17:01 27/07/2013] [17:01 27/07/2013] 0EDC94A2D0E943661570B5E7D4ECDA24 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar58.zip --a---- 633 bytes [17:01 27/07/2013] [17:01 27/07/2013] 1B2942DEA1949A0A79D2E4C24E6996BE C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar59.zip --a---- 617 bytes [17:01 27/07/2013] [17:01 27/07/2013] DD27418F51EBDF44BB801DD052F9E9AE C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar6.zip --a---- 613 bytes [17:01 27/07/2013] [17:01 27/07/2013] DAC4EC40432DDB9664BF27C06A254694 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar60.zip --a---- 611 bytes [17:01 27/07/2013] [17:01 27/07/2013] 58BBFF1A6D085E49C0B5AB2E939B5E87 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar61.zip --a---- 551 bytes [17:01 27/07/2013] [17:01 27/07/2013] 0DCCD18D6B229632B850B7A483ED8F0B C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar62.zip --a---- 617 bytes [17:01 27/07/2013] [17:01 27/07/2013] FD2642EA6E87EB17C77291C0192FEFBF C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar63.zip --a---- 625 bytes [17:01 27/07/2013] [17:01 27/07/2013] DBF800E1AC9D87B65598AFC56AC035AC C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar64.zip --a---- 269235 bytes [17:01 27/07/2013] [17:01 27/07/2013] 2A2C5EE131F3BBD0206B52655E704B52 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar65.zip --a---- 611 bytes [17:01 27/07/2013] [17:01 27/07/2013] 8470C85FBA10786C9672ECF8E03575F9 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar66.zip --a---- 544 bytes [17:01 27/07/2013] [17:01 27/07/2013] 42BEDE05BF469CD2AA70F68C11103E36 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar67.zip --a---- 547 bytes [17:01 27/07/2013] [17:01 27/07/2013] BB924335BB35FEA616C371CB0A32A675 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar68.zip --a---- 636 bytes [17:01 27/07/2013] [17:01 27/07/2013] 6130682696072141752CD03B5735D079 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar69.zip --a---- 616 bytes [17:01 27/07/2013] [17:01 27/07/2013] 9474721088B6E13A889001500128FE5A C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar7.zip --a---- 608 bytes [17:01 27/07/2013] [17:01 27/07/2013] 8F10C51DD5057A448FFA4CB54007B7F6 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar70.zip --a---- 612 bytes [17:01 27/07/2013] [17:01 27/07/2013] 77F4231756643AC6EAD3723311532417 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar71.zip --a---- 550 bytes [17:01 27/07/2013] [17:01 27/07/2013] BF1D70A521DD4FD28335F316FE147322 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar72.zip --a---- 618 bytes [17:01 27/07/2013] [17:01 27/07/2013] 14249E108FE517BEC808B2D04F06E0DC C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar73.zip --a---- 1656676 bytes [17:01 27/07/2013] [17:01 27/07/2013] FF9B3E57F989F65403095D786B711189 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar74.zip --a---- 599 bytes [15:38 29/07/2013] [15:38 29/07/2013] FC7AFF635828BB8216459F2F5479FC9C C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar77.zip --a---- 561 bytes [17:01 27/07/2013] [17:01 27/07/2013] AB8C0C6C8FF5EE8E92673A0260522672 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar78.zip --a---- 183001 bytes [17:01 27/07/2013] [17:01 27/07/2013] 204B384140B4F88D22DC3132C70B707F C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar79.zip --a---- 549 bytes [17:01 27/07/2013] [17:01 27/07/2013] 3E690C89DB26D9889CA5EF01B31A7C31 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar8.zip --a---- 494 bytes [17:01 27/07/2013] [17:01 27/07/2013] 0113286DB7A17D0D6E86F574C765E2DA C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar80.zip --a---- 613 bytes [17:01 27/07/2013] [17:01 27/07/2013] D573B2245D0ECD372212A981247451D6 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar81.zip --a---- 571 bytes [17:01 27/07/2013] [17:01 27/07/2013] 1F897C3F1B417B74A25660F3889913F2 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar82.zip --a---- 646 bytes [17:01 27/07/2013] [17:01 27/07/2013] 3DBD7FF77C89DFF4BF595827004B6E56 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar83.zip --a---- 571 bytes [17:01 27/07/2013] [17:01 27/07/2013] 0A322D688A28D84E003372F2F648B914 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar84.zip --a---- 649 bytes [17:01 27/07/2013] [17:01 27/07/2013] 9AEE58137964CA853460ADC334DA1F04 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar85.zip --a---- 569 bytes [17:01 27/07/2013] [17:01 27/07/2013] FB69BC589E1F43CE1162FE8E0E826BB0 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar86.zip --a---- 645 bytes [17:01 27/07/2013] [17:01 27/07/2013] 78A93D4A137D9972A4AF7716DE9C54F4 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar87.zip --a---- 571 bytes [17:01 27/07/2013] [17:01 27/07/2013] 2817CDAD470A36ADD2FBC0DD8876ECEB C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar88.zip --a---- 646 bytes [17:01 27/07/2013] [17:01 27/07/2013] FA2A20F6CD2BD98A2695C167BC89A98D C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar89.zip --a---- 570 bytes [17:01 27/07/2013] [17:01 27/07/2013] EA972ADBE8A7BF7C965FDA9C791AC6E1 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar9.zip --a---- 650 bytes [17:01 27/07/2013] [17:01 27/07/2013] 945647B16EBE2BA7B35E4A335D9294C2 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar90.zip --a---- 648 bytes [17:01 27/07/2013] [17:01 27/07/2013] 6B3D02E757CDED0595B64A12804BF136 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar91.zip --a---- 570 bytes [17:01 27/07/2013] [17:01 27/07/2013] 51269004284C4B2788E1FFEF06F67D6A C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar92.zip --a---- 646 bytes [17:01 27/07/2013] [17:01 27/07/2013] 57CE6DA9F74129FE2DED9A018B644C68 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar93.zip --a---- 571 bytes [17:01 27/07/2013] [17:01 27/07/2013] F7144686592C29A9BD8C378C68FC1FFA C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar94.zip --a---- 643 bytes [17:01 27/07/2013] [17:01 27/07/2013] F6B842DB62BF1264D59E7AD4F3B2BA33 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar95.zip --a---- 571 bytes [17:01 27/07/2013] [17:01 27/07/2013] 2A147507CB00BBD5468DAB6D33AAE8AE C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar96.zip --a---- 650 bytes [17:01 27/07/2013] [17:01 27/07/2013] E7943CD8D4B0A7F8A4FEC89A46F5DD43 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar97.zip --a---- 573 bytes [17:01 27/07/2013] [17:01 27/07/2013] F4AF175D15DBD5AB44A5B3B99399E2B2 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar98.zip --a---- 645 bytes [17:01 27/07/2013] [17:01 27/07/2013] D856FD95A6F5EBAAC39E2FF43741DA46 C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar99.zip --a---- 573 bytes [17:01 27/07/2013] [17:01 27/07/2013] 2B2BFA626D1FC1234ADD62EE055E46A1 C:\Windows\System32\msdelta.dll --a---- 451584 bytes [23:22 13/07/2009] [01:41 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D C:\Windows\SysWOW64\msdelta.dll --a---- 305152 bytes [23:12 13/07/2009] [01:15 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC C:\Windows\winsxs\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_9c2159bf9f702069\msdelta.dll --a---- 451584 bytes [23:22 13/07/2009] [01:41 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\msdelta.dll --a---- 451584 bytes [02:55 14/07/2009] [02:55 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\msdelta.dll --a---- 451584 bytes [02:55 14/07/2009] [02:55 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\msdelta.dll --a---- 451584 bytes [02:55 14/07/2009] [02:55 14/07/2009] D9A5B279A8D2F8775FA254927F33DA6D C:\Windows\winsxs\FileMaps\$$_media_delta_0f36d7d9b4f7293c.cdf-ms --a---- 2436 bytes [02:59 14/07/2009] [05:32 14/07/2009] 0ED4291DC068EB860AC15A6E5360224C C:\Windows\winsxs\Manifests\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_9c2159bf9f702069.manifest --a---- 2888 bytes [02:33 14/07/2009] [02:21 14/07/2009] 6B7D6AD4FA771B7D532B7AD67D396853 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_c5d387d64eb8e1f2.manifest --a---- 2461 bytes [02:33 14/07/2009] [02:26 14/07/2009] B84326CF1509A48DF01F10CC45B97A3F C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8.manifest --a---- 27794 bytes [02:17 14/07/2009] [02:18 14/07/2009] 2D159244CBBD3875345AFDD9C34B444B C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33.manifest --a---- 2886 bytes [02:33 14/07/2009] [01:54 14/07/2009] 110D843CC1C2B3A02A46D4AD962C04B6 C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_69b4ec52965b70bc.manifest --a---- 2459 bytes [02:33 14/07/2009] [01:57 14/07/2009] 6A0B78A725C86457BCED783D682C9BB5 C:\Windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33\msdelta.dll --a---- 305152 bytes [23:12 13/07/2009] [01:15 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\msdelta.dll --a---- 305152 bytes [02:43 14/07/2009] [02:43 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\msdelta.dll --a---- 305152 bytes [02:43 14/07/2009] [02:43 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\msdelta.dll --a---- 305152 bytes [02:43 14/07/2009] [02:43 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC ========== regfind ========== Searching for "bProtect" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "bProtectTabs"="hxxp://www.google.com" Searching for "delta" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\Delta] @="C:\Windows\Media\Delta\Windows Ding.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta] @="C:\Windows\Media\Delta\Windows Logon Sound.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta] @="C:\Windows\Media\Delta\Windows Battery Critical.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta] @="C:\Windows\Media\Delta\Windows Hardware Insert.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta] @="C:\Windows\Media\Delta\Windows Hardware Remove.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta] @="C:\Windows\Media\Delta\Windows Hardware Fail.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta] @="C:\Windows\Media\Delta\Windows Notify.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta] @="C:\Windows\Media\Delta\Windows Battery Low.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep\Delta] @="C:\Windows\Media\Delta\Windows Notify.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta] @="C:\Windows\Media\Delta\Windows Print complete.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta] @="C:\Windows\Media\Delta\Windows Error.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta] @="C:\Windows\Media\Delta\Windows Exclamation.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExit\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand\Delta] @="C:\Windows\Media\Delta\Windows Critical Stop.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta] @="C:\Windows\Media\Delta\Windows Balloon.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta] @="C:\Windows\Media\Delta\Windows Logoff Sound.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta] @="C:\Windows\Media\Delta\Windows Logon Sound.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta] @="C:\Windows\Media\Delta\Windows User Account Control.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta] @="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FaxError\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta] @="C:\Windows\Media\Delta\Windows Feed Discovered.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\Delta] @="C:\Windows\Media\Delta\Windows Navigation Start.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta] @="C:\Windows\Media\Delta\Windows Information Bar.wav" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta] [HKEY_CURRENT_USER\AppEvents\Schemes\Names\Delta] [HKEY_CURRENT_USER\Software\Macromedia\Shockwave 8\uicontrol\sw3dbaddriverlist1] @="*2k*savage/ix!^5.12.01.7012$79x=stbnvidiatnt16mb!=4.10.01.9131$o2k=diamondstealthiiis530!=5.12.01.8007-8.30.24$72k=m!=5.00.2180.3711$***=atigraphicsproturbopci(atim64-gx)!^9999.0.0.0$ont=nvidiageforce256!=4.00.1381.0327$****virge!^9999.0.0.0$*9x=ibmthinkpad(cyber9397dvd)!=4.10.01.2173$79x=mach64:ragepro!=4.11.2560$*2k=m!^5.12.01.1200$o9x=intel(r)82810graphicscontroller!=4.12.01.2656$o**=m!^5.12.01.1509$o2k=3dfxvoodooseries!=5.00.2195.0197$ont=3dfxvoodooseries!=4.00.1381.0229$o2k=diamondstealthiiis540!=5.12.01.8007-8.30.24$*9x*permedia2!^4.10.01.2359$****mystique!^9999.0.0.0$*9x*g400!^4.12.1.1710$***=2164w!^9999.0.0.0$*9x=mach64:ragepro!^4.10.1720$ont*3dblasterriva!^4.03.00.2100$ont*nvidia!^4.00.1381.0508$79x*nvidia!^4.12.01.0513$o9x*diamondviperv770!^4.11.01.0402$****g100!^9999.0.0.0$59x*nvidiariva128!=4.10.1713$ont*radeon!^4.3.3109$o2k*voodoobanshee!=5.00.2195.2b$o***permedia3!^4.12.01.2107$o***ragefury!^4.3.139$o***rage128g [HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace] "LocalDelta"="C:\Users\CK\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML" [HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace] "RemoteDelta"="C:\Users\CK\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSR.XML" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*] "ContentViewModeLayoutPatternForBrowse"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*] "ContentViewModeLayoutPatternForSearch"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive] "ContentViewModeLayoutPatternForBrowse"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Document] "ContentViewModeLayoutPatternForBrowse"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Email] "ContentViewModeLayoutPatternForBrowse"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Music] "ContentViewModeLayoutPatternForBrowse"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Music] "ContentViewModeLayoutPatternForSearch"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Picture] "ContentViewModeLayoutPatternForBrowse"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Picture] "ContentViewModeLayoutPatternForSearch"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Video] "ContentViewModeLayoutPatternForBrowse"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Video] "ContentViewModeLayoutPatternForSearch"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Appointment] "ContentViewModeLayoutPatternForBrowse"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Appointment] "ContentViewModeLayoutPatternForSearch"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Contact] "ContentViewModeLayoutPatternForBrowse"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Contact] "ContentViewModeLayoutPatternForSearch"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Schedule.Meeting] "ContentViewModeLayoutPatternForBrowse"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Schedule.Meeting] "ContentViewModeLayoutPatternForSearch"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F6D68FF-81A4-3F8A-AD32-8E8DDDA7FC41}\2.0.0.0] "Class"="System.Diagnostics.SymbolStore.SymbolLineDelta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F6D68FF-81A4-3F8A-AD32-8E8DDDA7FC41}\4.0.0.0] "Class"="System.Diagnostics.SymbolStore.SymbolLineDelta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.msg] "ContentViewModeLayoutPatternForBrowse"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.msg] "ContentViewModeLayoutPatternForSearch"="delta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0354F99D-8BE0-4B79-A5A6-455D573E9786}] @="IGrooveDeltaProcessingStatus" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0B690558-1451-443E-A22C-8108704CFB61}] @="IGrooveDeltaProgressListener" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28995BB1-7BE1-427C-A37C-89C335651F45}] @="IGrooveExplicitDeltaMethodInvoker" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{632CFD20-794A-4B34-9AC5-89972BDF7D93}] @="DGrooveAggregatedDeltaProcessingStatusListener" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71F7E96D-CCC3-4206-9964-BF0E87641EAB}] @="IGrooveDeltaExecutionContext" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{78F8CF92-8132-11D1-9350-0080C7DE32C6}] @="IGrooveDelta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{78F8CFA2-8132-11D1-9350-0080C7DE32C6}] @="IGrooveAdvancedDelta" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7EB88474-D2B6-4F39-BCDA-A9640C2014D8}] @="IGrooveAggregatedDeltaProcessingStatusListener" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{80E23CA9-AE74-4E4E-8E93-8E2BC3D0B86B}] @="IGrooveSupportsDeltas" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A120ECA3-4ED2-4368-ADD8-9D44CDC7ECCE}] @="IGrooveDeltaMethodInvoker" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A621B292-B02C-4400-90FE-457E218F89C6}] @="IGrooveAdvancedDelta2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B9897767-FFB6-48A1-A869-E27FAE1CE7C6}] @="IGrooveAdvancedDelta3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CF505815-EDE4-48A6-AEEF-F16344F2E008}] @="IGrooveDeltaExecutionEndSubscriber" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_9afd56f432219a2e] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_0a20a2633b1984ad] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_none_f2cfa9dc6d3f5297] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_ae0206df82bc1377] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\Half SD] "WinSAT_CPU Delta"="-1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\HD Default] "WinSAT_CPU Delta"="2.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MP4] "WinSAT_CPU Delta"="0.2" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-ISO] "WinSAT_CPU Delta"="0.2" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-TTS] "WinSAT_CPU Delta"="0.2" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD Default] "WinSAT_CPU Delta"="0.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD WMV] "WinSAT_CPU Delta"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyDeltaTB_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyDeltaTB_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\Half SD] "WinSAT_CPU Delta"="-1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\HD Default] "WinSAT_CPU Delta"="2.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MP4] "WinSAT_CPU Delta"="0.2" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-ISO] "WinSAT_CPU Delta"="0.2" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-TTS] "WinSAT_CPU Delta"="0.2" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD Default] "WinSAT_CPU Delta"="0.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD WMV] "WinSAT_CPU Delta"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{0354F99D-8BE0-4B79-A5A6-455D573E9786}] @="IGrooveDeltaProcessingStatus" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{0B690558-1451-443E-A22C-8108704CFB61}] @="IGrooveDeltaProgressListener" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{28995BB1-7BE1-427C-A37C-89C335651F45}] @="IGrooveExplicitDeltaMethodInvoker" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{632CFD20-794A-4B34-9AC5-89972BDF7D93}] @="DGrooveAggregatedDeltaProcessingStatusListener" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{71F7E96D-CCC3-4206-9964-BF0E87641EAB}] @="IGrooveDeltaExecutionContext" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{78F8CF92-8132-11D1-9350-0080C7DE32C6}] @="IGrooveDelta" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{78F8CFA2-8132-11D1-9350-0080C7DE32C6}] @="IGrooveAdvancedDelta" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7EB88474-D2B6-4F39-BCDA-A9640C2014D8}] @="IGrooveAggregatedDeltaProcessingStatusListener" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{80E23CA9-AE74-4E4E-8E93-8E2BC3D0B86B}] @="IGrooveSupportsDeltas" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A120ECA3-4ED2-4368-ADD8-9D44CDC7ECCE}] @="IGrooveDeltaMethodInvoker" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A621B292-B02C-4400-90FE-457E218F89C6}] @="IGrooveAdvancedDelta2" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B9897767-FFB6-48A1-A869-E27FAE1CE7C6}] @="IGrooveAdvancedDelta3" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{CF505815-EDE4-48A6-AEEF-F16344F2E008}] @="IGrooveDeltaExecutionEndSubscriber" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0012] "RoamDelta"="3" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0012\Ndi\params\RoamDelta] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0012] "RoamDelta"="3" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0012\Ndi\Params\RoamDelta] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0012] "RoamDelta"="3" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0012\Ndi\params\RoamDelta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\.Default\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\.Default\Delta] @="C:\Windows\Media\Delta\Windows Ding.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta] @="C:\Windows\Media\Delta\Windows Logon Sound.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta] @="C:\Windows\Media\Delta\Windows Battery Critical.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta] @="C:\Windows\Media\Delta\Windows Hardware Insert.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta] @="C:\Windows\Media\Delta\Windows Hardware Remove.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta] @="C:\Windows\Media\Delta\Windows Hardware Fail.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta] @="C:\Windows\Media\Delta\Windows Notify.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta] @="C:\Windows\Media\Delta\Windows Battery Low.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\MailBeep\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\MailBeep\Delta] @="C:\Windows\Media\Delta\Windows Notify.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta] @="C:\Windows\Media\Delta\Windows Print complete.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta] @="C:\Windows\Media\Delta\Windows Error.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta] @="C:\Windows\Media\Delta\Windows Exclamation.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemExit\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemHand\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemHand\Delta] @="C:\Windows\Media\Delta\Windows Critical Stop.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta] @="C:\Windows\Media\Delta\Windows Balloon.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta] @="C:\Windows\Media\Delta\Windows Logoff Sound.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta] @="C:\Windows\Media\Delta\Windows Logon Sound.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta] @="C:\Windows\Media\Delta\Windows User Account Control.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta] @="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FaxError\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta] @="C:\Windows\Media\Delta\Windows Feed Discovered.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\Navigating\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\Navigating\Delta] @="C:\Windows\Media\Delta\Windows Navigation Start.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta] @="C:\Windows\Media\Delta\Windows Information Bar.wav" [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta] [HKEY_USERS\S-1-5-19\AppEvents\Schemes\Names\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\.Default\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\.Default\Delta] @="C:\Windows\Media\Delta\Windows Ding.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta] @="C:\Windows\Media\Delta\Windows Logon Sound.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta] @="C:\Windows\Media\Delta\Windows Battery Critical.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta] @="C:\Windows\Media\Delta\Windows Hardware Insert.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta] @="C:\Windows\Media\Delta\Windows Hardware Remove.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta] @="C:\Windows\Media\Delta\Windows Hardware Fail.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta] @="C:\Windows\Media\Delta\Windows Notify.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta] @="C:\Windows\Media\Delta\Windows Battery Low.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\MailBeep\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\MailBeep\Delta] @="C:\Windows\Media\Delta\Windows Notify.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta] @="C:\Windows\Media\Delta\Windows Print complete.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta] @="C:\Windows\Media\Delta\Windows Error.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta] @="C:\Windows\Media\Delta\Windows Exclamation.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemExit\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemHand\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemHand\Delta] @="C:\Windows\Media\Delta\Windows Critical Stop.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta] @="C:\Windows\Media\Delta\Windows Balloon.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta] @="C:\Windows\Media\Delta\Windows Logoff Sound.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta] @="C:\Windows\Media\Delta\Windows Logon Sound.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta] @="C:\Windows\Media\Delta\Windows User Account Control.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta] @="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FaxError\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta] @="C:\Windows\Media\Delta\Windows Feed Discovered.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\Navigating\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\Navigating\Delta] @="C:\Windows\Media\Delta\Windows Navigation Start.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta] @="C:\Windows\Media\Delta\Windows Information Bar.wav" [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta] [HKEY_USERS\S-1-5-20\AppEvents\Schemes\Names\Delta] [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\Namespace] "LocalDelta"="C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\Namespace] "RemoteDelta"="C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSR.XML" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\.Default\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\.Default\Delta] @="C:\Windows\Media\Delta\Windows Ding.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta] @="C:\Windows\Media\Delta\Windows Logon Sound.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta] @="C:\Windows\Media\Delta\Windows Battery Critical.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta] @="C:\Windows\Media\Delta\Windows Hardware Insert.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta] @="C:\Windows\Media\Delta\Windows Hardware Remove.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta] @="C:\Windows\Media\Delta\Windows Hardware Fail.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta] @="C:\Windows\Media\Delta\Windows Notify.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta] @="C:\Windows\Media\Delta\Windows Battery Low.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\MailBeep\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\MailBeep\Delta] @="C:\Windows\Media\Delta\Windows Notify.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta] @="C:\Windows\Media\Delta\Windows Print complete.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta] @="C:\Windows\Media\Delta\Windows Error.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta] @="C:\Windows\Media\Delta\Windows Exclamation.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\SystemExit\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\SystemHand\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\SystemHand\Delta] @="C:\Windows\Media\Delta\Windows Critical Stop.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta] @="C:\Windows\Media\Delta\Windows Balloon.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta] @="C:\Windows\Media\Delta\Windows Logoff Sound.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta] @="C:\Windows\Media\Delta\Windows Logon Sound.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta] @="C:\Windows\Media\Delta\Windows User Account Control.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta] @="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\Explorer\FaxError\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta] @="C:\Windows\Media\Delta\Windows Feed Discovered.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\Explorer\Navigating\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\Explorer\Navigating\Delta] @="C:\Windows\Media\Delta\Windows Navigation Start.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta] @="C:\Windows\Media\Delta\Windows Information Bar.wav" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\AppEvents\Schemes\Names\Delta] [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\Software\Macromedia\Shockwave 8\uicontrol\sw3dbaddriverlist1] @="*2k*savage/ix!^5.12.01.7012$79x=stbnvidiatnt16mb!=4.10.01.9131$o2k=diamondstealthiiis530!=5.12.01.8007-8.30.24$72k=m!=5.00.2180.3711$***=atigraphicsproturbopci(atim64-gx)!^9999.0.0.0$ont=nvidiageforce256!=4.00.1381.0327$****virge!^9999.0.0.0$*9x=ibmthinkpad(cyber9397dvd)!=4.10.01.2173$79x=mach64:ragepro!=4.11.2560$*2k=m!^5.12.01.1200$o9x=intel(r)82810graphicscontroller!=4.12.01.2656$o**=m!^5.12.01.1509$o2k=3dfxvoodooseries!=5.00.2195.0197$ont=3dfxvoodooseries!=4.00.1381.0229$o2k=diamondstealthiiis540!=5.12.01.8007-8.30.24$*9x*permedia2!^4.10.01.2359$****mystique!^9999.0.0.0$*9x*g400!^4.12.1.1710$***=2164w!^9999.0.0.0$*9x=mach64:ragepro!^4.10.1720$ont*3dblasterriva!^4.03.00.2100$ont*nvidia!^4.00.1381.0508$79x*nvidia!^4.12.01.0513$o9x*diamondviperv770!^4.11.01.0402$****g100!^9999.0.0.0$59x*nvidiariva128!=4.10.1713$ont*radeon!^4.3.3109$o2k*voodoobanshee!=5.00.2195.2b$o***permedia3!^4.12.01 [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\Software\Microsoft\Windows Media\WMSDK\Namespace] "LocalDelta"="C:\Users\CK\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML" [HKEY_USERS\S-1-5-21-1175982145-2459420584-2656628947-1000\Software\Microsoft\Windows Media\WMSDK\Namespace] "RemoteDelta"="C:\Users\CK\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSR.XML" -= EOF =- |
31.07.2013, 09:59 | #24 |
/// the machine /// TB-Ausbilder | Wie entferne ich den Win32.Downloader.gen Trojaner OTL laden wenn noch nit vorhanden: Fixen mit OTL
Code:
ATTFilter :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "bProtectTabs"=- [-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\Delta] :Commands [reboot]
Nochmal scannen mit Spybot
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.07.2013, 18:40 | #25 |
| Wie entferne ich den Win32.Downloader.gen Trojaner Hallo Schrauber, ich kann freudig verkünden: Die Toolbar scheint weg zu sein. Ich habe alles so ausgeführt wie du gesagt hast und Spybot hat sie nicht mehr gefunden. Nun ist mir aber folgendes aufgefallen (damit uns nicht langweilig wird...): In C: kann ich nicht mehr auf die Ordner "Dokumente und Einstellungen", "Documents and settings" und "Programme" zugreifen. Wenn ich die Ordner öffnen will in einem Fenster: "Auf ... kann nicht zugegriffen werden. Zugriff verweigert" Ist da irgendetwas an den Administratorechten verändert worden? Für die Entfernung des Trojaners und der Toolbar bedanke ich mich ausdrücklich bei dir! Achso, der Log von OTL: Code:
ATTFilter ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs deleted successfully. Registry key HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\Delta\ deleted successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.69.0 log created on 07312013_192308 |
31.07.2013, 19:59 | #26 |
/// the machine /// TB-Ausbilder | Wie entferne ich den Win32.Downloader.gen Trojaner Kannste die rechte übernehmen? Rechtsklick > Eigenschaften > Sicherheit? Wenn nicht: Downloade dir bitte Windows Repair (All In One) von hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.07.2013, 21:42 | #27 |
| Wie entferne ich den Win32.Downloader.gen Trojaner Hallo Schrauber, ich habe alles soweit ausgeführt. Ich hatte eine etwas andere Version von Windows Repair (V. 1.9.14) aber ich habe alle von dir aufgeführten Schritte ausgeführt. Bei "Start Repairs" gab es ein paar weitere Haken als in deinem Screenshot, aber ich habe nur die angeklickt die auch im Screenshot angeklickt waren. Die Probleme mit den Zugriffen auf einzelne Ordner haben sich nicht gelöst, sondern eher geändert. Insgesamt sind jetzt hier einige Dinge etwas merkwürdig. Die kleine "Windowsinformation" (das kleine Fähnchen) unten in der Taskleiste zeigt mir bspw. an, dass ich Windows Defender aktiveren soll. Dabei ist die Windows Firewall aktiviert (laut Systemsteuerung). Ebenso soll ich online nach einem Antivirenprogramm suchen, obwohl Antivir nach wie vor auf dem Rechner ist. Alle Ordner auf die ich nicht zugreifen konnte sind nun leicht transparent dargestellt. In "Dokumente und Einstellungen" komme ich nun rein, aber in "Documents and settings" nach wie vor nicht. In den "Programme" Ordner komme ich rein (nun gibt es zwei statt vorher einen), jedoch gibt es innerhalb des "Programme" Ordners den Ordner "Gemeinsame Dateien" auf den ich auch nicht zugreifen kann. Meine Festplatte ist geteilt (in C: für Programme und E: für meine persönlichen Dateien) und nun ist in E: ein Ordner namens "System Volume Information", der ebenfalls leicht transparent aussieht und auf den ich auch nicht zugreifen kann. Es gibt noch viele weitere merkwürdige Dinge, aber ich will jetzt auch nicht jeden Ordner namentlich auflisten... Die ganzen Logs von Windows Repair sind zu groß als sie hier in den Post einzufügen (wurde mir zumindest eben so angezeigt). Ich versuche mal sie anzuhängen. Insgesamt bin ich etwas beunruhigt. Meinst du wir bekommen das wieder hin??? Notfalls bringe ich meinen Rechner in einen Laden, denn für dich ist das ja so ferndiagnosemäßig sicherlich etwas mühsam, oder? |
01.08.2013, 09:20 | #28 |
/// the machine /// TB-Ausbilder | Wie entferne ich den Win32.Downloader.gen Trojaner Joah, Ferndiagnose is immer bescheiden Das Transparente heisst die Ordner sind normal versteckt, du hast nur laut Einstellungen im Moment alle versteckten Ordner sichtbar. das passt soweit. Ich würd ne Rep-Installation versuchen, wenn das nix bringt DAten sichern und formatieren. Irgendwas ist da gehörig verbogen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.08.2013, 10:26 | #29 |
| Wie entferne ich den Win32.Downloader.gen Trojaner Hallo Schrauber, ich habe die Daten gesichert und anschließend den Rechner formatiert. Nun sind die Werkseinstellungen wieder hergestellt. Frage: Statt auf Avira Antivir setze ich nun auf Avast Free Antivirus. Denn nachdem ich hier im Forum etwas rumgestöbert habe schienen mir die meisten von euch der Meinung zu sein, dass Avast besser ist. Soll ich deiner Meinung nach Spybot wieder draufspielen oder kann ich darauf verzichten? Vielen Dank für deine Unterstützung und deine Hilfe! Dank dir weiß ich nun auch was ein Log ist... Viele Grüße Troink |
02.08.2013, 12:01 | #30 |
/// the machine /// TB-Ausbilder | Wie entferne ich den Win32.Downloader.gen Trojaner Lass Spybot weg Und gern geschehn
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Wie entferne ich den Win32.Downloader.gen Trojaner |
eingefangen, entfern, entferne, entfernt, gefangen, immer wieder, loswerden, scan, spybot, troja, trojane, trojaner, trojaner eingefangen, win, win32.downloader.gen |