Click to Continue > by Browse to to Save und http://searchiu.com/?affil=141 Startseite - Malware
Hallo,
mein Laptop scheint mit dem Browse to Save Virus befallen zu sein.
Außerdem habe ich bei Firefox die Startseite "hxxp://searchiu.com/?affil=141", die ebenfalls Malware zu sein scheint.
Die Startseite lässt sich nicht ändern. Egal ob man in den Firefoxoptionen die Startseite zurücksetzt oder andere Internetadressen eingibt, bleibt die Startseite trotzdem searchiu.com.
Die Symtome des Browse to Save Virus sind ähnlich wie in diesem Thread.
Auf jeglichen Internetseiten sind manche Wörter blau und unterstrichen und führen zu irgendwelchen Werbeseiten oder beim Mouseover wird ein Banner angezeigt. Außerdem werden Banner save to browse Banner einfach eingeblendet.
Ich habe defogger, OTL, Gmer laufen lassen. Folgend die Logfiles:
OTL.txt: Code:
OTL logfile created on: 09.04.2013 09:39:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,61 Gb Total Physical Memory | 0,56 Gb Available Physical Memory | 35,03% Memory free
3,21 Gb Paging File | 1,86 Gb Available in Paging File | 57,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,09 Gb Total Space | 29,98 Gb Free Space | 20,52% Space Free | Partition Type: NTFS
Drive D: | 152,00 Gb Total Space | 55,97 Gb Free Space | 36,82% Space Free | Partition Type: NTFS
Computer Name: ***-ASUS | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.09 09:37:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.02.23 03:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2013.02.23 03:33:26 | 000,389,928 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013.02.23 03:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2013.02.08 11:46:24 | 001,320,768 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.08.16 03:47:40 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 13:58:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 13:58:22 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.21 16:40:56 | 000,578,264 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.07.09 23:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
========== Modules (No Company Name) ==========
MOD - [2012.01.10 13:38:49 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2011.11.10 05:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.11.09 23:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013.04.04 13:40:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.03 18:17:32 | 000,474,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2013.03.14 13:51:48 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.23 03:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013.02.23 03:33:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013.02.23 03:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013.02.22 03:54:48 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.05.08 13:58:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 13:58:22 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.21 16:40:56 | 000,578,264 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.02.22 03:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.02.22 03:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012.08.01 20:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.06.23 13:41:00 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.27 15:52:29 | 000,118,400 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ezplay.sys -- (ezplay)
DRV:64bit: - [2012.05.08 13:58:23 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 13:58:23 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.11.10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.10 04:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.06.26 02:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
DRV:64bit: - [2011.06.26 02:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)
DRV:64bit: - [2011.03.07 12:22:46 | 002,228,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.04 17:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.04 12:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.11.04 12:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://u-search.net/?a=1&e=1
IE - HKLM\..\SearchScopes,DefaultScope = {819218B0-1380-4BA2-89C3-E1BCF2DF5D69}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{819218B0-1380-4BA2-89C3-E1BCF2DF5D69}: "URL" = hxxp://u-search.net/?a=1&e=1&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 1F 46 DD EF C0 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {819218B0-1380-4BA2-89C3-E1BCF2DF5D69}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{605D08E1-0E4D-4DEC-B3BD-D982C37638F1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{819218B0-1380-4BA2-89C3-E1BCF2DF5D69}: "URL" = hxxp://u-search.net/?a=1&e=1&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=204.124.180.101:3128;http=204.124.180.101:3128;https=204.124.180.101:3128;socks=204.124.180.101:3128
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "u-Search"
FF - prefs.js..browser.search.defaultenginename: "u-Search"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://u-search.net/?a=1&e=2&q="
FF - prefs.js..browser.search.order.1: "u-Search"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..extensions.enabledAddons: %7Bb749fc7c-e949-447f-926c-3f4eed6accfe%7D:0.7.1.1
FF - prefs.js..extensions.enabledAddons: unplug%40compunach:2.054
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: addon%40foxtab.com:1.4.51
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: adonis.cuhk%40gmail.com:1.8.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..keyword.URL: "hxxp://u-search.net/?a=1&e=2&q="
FF - prefs.js..browser.startup.homepage: "hxxp://u-search.net/?a=1&e=1"
FF - user.js..browser.search.defaultengine: "u-Search"
FF - user.js..browser.search.defaultenginename: "u-Search"
FF - user.js..browser.search.order.1: "u-Search"
FF - user.js..browser.startup.homepage: "hxxp://u-search.net/?a=1&e=1"
FF - user.js..browser.search.defaulturl: "hxxp://u-search.net/?a=1&e=2&q="
FF - user.js..keyword.URL: "hxxp://u-search.net/?a=1&e=2&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 13:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.14 22:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 13:40:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.14 22:01:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2011.12.31 13:50:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.08 18:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0e7iwdh.default\extensions
[2013.02.23 17:43:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0e7iwdh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.04.03 23:24:32 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0e7iwdh.default\extensions\addon@foxtab.com
[2013.02.17 19:32:24 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0e7iwdh.default\extensions\foxyproxy@eric.h.jung
[2013.04.06 10:21:36 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0e7iwdh.default\extensions\ich@maltegoetz.de
[2013.04.04 18:10:20 | 000,000,000 | ---D | M] (BRowsE2soave) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0e7iwdh.default\extensions\oyoe1-iea@vqtgk-aie.com
[2013.04.08 18:13:21 | 000,005,781 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\extensions\adonis.cuhk@gmail.com.xpi
[2013.02.23 17:43:06 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.01.28 19:32:37 | 000,142,907 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\extensions\unplug@compunach.xpi
[2013.03.14 16:35:17 | 000,552,809 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\extensions\uriloader@pdf.js.xpi
[2012.09.17 15:57:22 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2013.02.14 22:26:47 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.10 11:05:17 | 000,001,210 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\searchplugins\search.xml
[2012.09.29 11:03:39 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\searchplugins\sweetim.xml
[2012.09.12 22:40:57 | 000,002,017 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\searchplugins\u-search.xml
[2013.04.04 13:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.04 13:39:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.04 13:38:59 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2013.04.04 13:40:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 16:08:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - Extension: BRowsE2soave = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\omijpafilmeabcfknpnecgdnmpooanie\1\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (BRowsE2soave) - {2AF83333-6EB3-0F49-434E-A97D72D7C58D} - C:\ProgramData\BRowsE2soave\515da54828573.dll ()
O2 - BHO: (FoxTab) - {4DF4AC8C-FFA8-40FF-91F0-EB8389314B78} - C:\Users\***\AppData\LocalLow\FoxTab\IE\FoxTab.dll (The FoxTab Team)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [phonostar-Player] C:\Program Files (x86)\phonostar-Player\phonostarStarter.exe File not found
O4 - HKCU..\Run: [Torrent2Exe[a9ef6dee1c772f6dbd50c99b4a0bd4dd968b7ec3]] D:\hdr\The_Lord_of_the_Rings__The_Fellowship_of_the_Ring_10.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.27.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33E17A7B-286B-45FF-8D95-B8E47C0E083F}: DhcpNameServer = 192.168.27.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC3A2165-EDC6-4E1A-AE4A-FC43A9BD1989}: DhcpNameServer = 192.168.10.33
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\progra~2\browse~1\sprote~1.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{561c0e3b-a1ab-11e1-8b04-5404a671f5a2}\Shell - "" = AutoRun
O33 - MountPoints2\{561c0e3b-a1ab-11e1-8b04-5404a671f5a2}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{74b76b2b-33c6-11e1-b9a2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74b76b2b-33c6-11e1-b9a2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\InstAll.exe
O33 - MountPoints2\{a5b73620-9787-11e1-88a0-7ede2bd680d8}\Shell - "" = AutoRun
O33 - MountPoints2\{a5b73620-9787-11e1-88a0-7ede2bd680d8}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.09 09:37:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.04.07 15:10:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ConvertXToDVD
[2013.04.04 18:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013.04.04 18:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013.04.04 18:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
[2013.04.04 18:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BRowsE2soave
[2013.04.04 18:08:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2013.04.04 18:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BRowsE2soave
[2013.04.04 18:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.04.04 17:08:55 | 000,000,000 | ---D | C] -- C:\Fraps
[2013.04.04 13:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.03 23:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemium TubeBox
[2013.04.03 23:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemium
[2013.04.03 23:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SelfUpdater
[2013.04.03 22:36:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.03 22:33:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\IsolatedStorage
[2013.04.03 22:32:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Freemium
[2013.04.03 22:32:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Freemium TubeBox
[2013.04.03 22:32:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Freemium TubeBox 3.6.1 Portable
[2013.04.03 20:43:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ashampoo
[2013.04.03 20:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013.04.03 18:17:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Freetec
[2013.04.03 18:16:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TubeBox
[2013.04.03 18:15:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater
[2013.04.03 18:10:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DownloadGuide
[2013.03.14 22:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.14 15:35:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Video deluxe 2013
[2013.03.14 15:35:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MAGIX
[2013.03.14 15:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2013.03.14 15:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2013.03.14 15:08:18 | 000,000,000 | ---D | C] -- C:\Programme (x86)
[2013.03.14 15:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2013.03.14 15:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2013.03.14 15:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.03.10 17:24:11 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2013.03.10 17:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2
[2013.03.10 17:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Postal2
[2012.05.27 15:52:29 | 000,118,400 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\ezplay.sys
========== Files - Modified Within 30 Days ==========
[2013.04.09 09:42:26 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 09:42:26 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 09:40:09 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.09 09:40:09 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.09 09:40:09 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.09 09:40:09 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.09 09:40:09 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.09 09:37:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.04.09 09:33:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.09 09:33:35 | 1292,673,024 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.09 09:32:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.09 09:31:16 | 000,000,188 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.04.09 09:26:21 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.04.08 22:38:29 | 000,017,308 | ---- | M] () -- C:\Users\***\Documents\Schriftliche Äußerung zum Sachverhalt.odt
[2013.04.08 07:36:08 | 000,001,189 | ---- | M] () -- C:\Users\***\AppData\Roaming\vso_ts_preview.xml
[2013.04.05 22:26:06 | 000,000,443 | ---- | M] () -- C:\Windows\cedt.INI
[2013.04.04 18:11:36 | 000,000,562 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013.04.03 23:45:56 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Freemium TubeBox.lnk
[2013.04.03 23:36:16 | 000,001,049 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.03 23:35:49 | 000,001,015 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2013.03.18 16:31:02 | 000,942,027 | ---- | M] () -- C:\Users\***\Documents\Von Schengen nach Maastricht.odt
[2013.03.18 08:07:31 | 000,294,099 | ---- | M] () -- C:\Users\***\Desktop\Von Schengen nach Maastricht.pdf
[2013.03.15 21:16:25 | 268,259,728 | ---- | M] () -- C:\Users\***\Desktop\video.mp4
[2013.03.15 17:55:18 | 000,002,112 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2013.03.15 17:49:11 | 000,210,913 | ---- | M] () -- C:\Users\***\Documents\Lissabonner Vertrag.jpg
[2013.03.15 17:43:14 | 000,295,624 | ---- | M] () -- C:\Users\***\Documents\Lissabonner Vertrag.pdf
[2013.03.15 17:19:38 | 000,062,320 | ---- | M] () -- C:\Users\***\Documents\Von Schengen nach Maastricht.pdf
[2013.03.14 17:59:32 | 000,419,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.14 15:12:04 | 000,120,200 | ---- | M] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2013.03.14 15:10:48 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013.lnk
[2013.03.11 21:47:03 | 000,000,103 | -H-- | M] () -- C:\Users\***\Desktop\.~lock.deutschlisa.odt#
[2013.03.11 18:19:52 | 006,388,093 | ---- | M] () -- C:\Users\***\Documents\Cannabis.odp
========== Files Created - No Company Name ==========
[2013.04.09 09:31:16 | 000,000,188 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.04.09 09:26:08 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.04.08 19:11:18 | 000,017,308 | ---- | C] () -- C:\Users\***\Documents\Schriftliche Äußerung zum Sachverhalt.odt
[2013.04.04 18:11:36 | 000,000,562 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013.04.03 23:45:56 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\Freemium TubeBox.lnk
[2013.03.18 08:07:27 | 000,294,099 | ---- | C] () -- C:\Users\***\Desktop\Von Schengen nach Maastricht.pdf
[2013.03.15 19:49:55 | 268,259,728 | ---- | C] () -- C:\Users\***\Desktop\video.mp4
[2013.03.15 17:55:18 | 000,002,112 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2013.03.15 17:43:09 | 000,295,624 | ---- | C] () -- C:\Users\***\Documents\Lissabonner Vertrag.pdf
[2013.03.15 17:38:10 | 000,210,913 | ---- | C] () -- C:\Users\***\Documents\Lissabonner Vertrag.jpg
[2013.03.15 17:10:22 | 000,062,320 | ---- | C] () -- C:\Users\***\Documents\Von Schengen nach Maastricht.pdf
[2013.03.14 17:40:20 | 000,942,027 | ---- | C] () -- C:\Users\***\Documents\Von Schengen nach Maastricht.odt
[2013.03.14 15:10:48 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013.lnk
[2013.03.11 21:47:03 | 000,000,103 | -H-- | C] () -- C:\Users\***\Desktop\.~lock.deutschlisa.odt#
[2013.03.11 18:19:41 | 006,388,093 | ---- | C] () -- C:\Users\***\Documents\Cannabis.odp
[2012.12.01 15:34:13 | 000,000,244 | ---- | C] () -- C:\Users\***\.swfinfo
[2012.11.08 18:27:35 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2012.09.29 09:49:55 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.09.23 18:20:56 | 000,001,189 | ---- | C] () -- C:\Users\***\AppData\Roaming\vso_ts_preview.xml
[2012.09.11 18:56:48 | 000,000,024 | ---- | C] () -- C:\Windows\Medi8or.ini
[2012.09.11 18:56:36 | 000,001,304 | ---- | C] () -- C:\Windows\mediator.dat
[2012.08.10 19:15:22 | 000,000,142 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.06.16 17:31:43 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.05.27 15:52:29 | 000,099,384 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe
[2012.05.27 15:52:29 | 000,007,833 | ---- | C] () -- C:\Users\***\AppData\Roaming\ezplay.cat
[2012.05.27 15:52:29 | 000,001,126 | ---- | C] () -- C:\Users\***\AppData\Roaming\ezplay.inf
[2012.05.27 15:52:29 | 000,000,125 | ---- | C] () -- C:\Users\***\AppData\Roaming\ezplay.ini
[2012.05.20 12:13:14 | 000,000,521 | ---- | C] () -- C:\Windows\eReg.dat
[2012.04.09 19:43:38 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.26 12:27:34 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.02.05 18:51:36 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.04 19:29:02 | 000,000,443 | ---- | C] () -- C:\Windows\cedt.INI
[2012.01.04 03:06:23 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.01.02 20:28:49 | 000,006,160 | ---- | C] () -- C:\Users\***\AppData\Roaming\gd.db
[2012.01.02 20:28:49 | 000,000,242 | ---- | C] () -- C:\Users\***\AppData\Roaming\groovedown.settings
[2011.12.31 20:40:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.10 04:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 04:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.02.26 18:34:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2013.04.03 20:43:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2013.02.22 23:34:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2013.03.06 12:57:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2012.02.26 12:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2012.05.20 11:10:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.11.09 17:34:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.12.16 15:57:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dev-Cpp
[2012.09.22 10:33:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Digiarty
[2013.04.09 09:35:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.12.04 16:47:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.11.08 13:01:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EurekaLog
[2013.04.07 01:54:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2013.04.03 23:45:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Freemium
[2012.12.17 15:10:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeMoviesToDVD
[2012.09.12 22:40:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Groovedown
[2012.09.12 22:40:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Groovedown_Uninstall
[2013.03.15 17:55:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.06.16 15:20:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2012.01.02 20:28:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lang
[2013.03.14 15:35:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.10 13:45:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.02.27 12:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.10.21 00:05:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar GmbH
[2012.11.08 13:17:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Replay Media Catcher 4
[2012.01.10 14:48:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2013.04.08 06:45:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
========== Purity Check ==========
< End of report >
Extras.txt: Code:
OTL Extras logfile created on: 09.04.2013 09:39:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,61 Gb Total Physical Memory | 0,56 Gb Available Physical Memory | 35,03% Memory free
3,21 Gb Paging File | 1,86 Gb Available in Paging File | 57,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,09 Gb Total Space | 29,98 Gb Free Space | 20,52% Space Free | Partition Type: NTFS
Drive D: | 152,00 Gb Total Space | 55,97 Gb Free Space | 36,82% Space Free | Partition Type: NTFS
Computer Name: ***-ASUS | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F4DA35-93B4-4EE5-8F07-D20F5C2DEB99}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{0A47694A-0592-4932-911C-255363211CB2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0FD74214-A025-4B9F-ABAD-A18BA73A5F60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11FED726-D47A-408E-83F9-9F9EEE66BB1A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1688719C-99CB-4FF3-A511-43EC4F897E9B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1722B74A-8693-4349-BCEF-D9F46D241517}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1B024AB0-8D11-403A-9B76-BE6E8383F664}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1F08706C-202D-48E2-AE47-66883BC40C19}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{20C473B9-8D48-4755-BCDF-9F464BF818EC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{25E98F3E-2D47-4A09-B433-785EA9CB1245}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{32DB14E4-57A6-4A3F-9FCD-553412C2F6C9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3CF1C591-94F8-4753-BE82-562A3DC3531F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3F15C3AB-7FB7-4E9D-8B80-02B83CF700B3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{45B62E7F-3B44-4E74-97B7-9A077CA9A551}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{47E9A09F-E551-420A-B720-48C75FE3207B}" = lport=139 | protocol=6 | dir=in | app=system |
"{4BD0DF3F-4FD1-4BAF-983B-765AE38CB9C9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{4FC5659C-2981-4E58-9E07-1328545FDF1C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{53EA49B9-ADDE-4FBE-91B1-7717C4F8C68F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5824FFCC-2E10-49E7-88C9-B37C4A8D257E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5F04A618-6860-41D0-A624-AD15CCE157E7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5F69A8C1-12FA-473D-9817-6384CC8A9A04}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{630F2579-90AF-4F3A-BD1F-5C14F2B1963D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6406C847-A818-4B58-9CE8-B2A1F75625BF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{659B30FC-E534-4A9B-9CCD-B18D70812F30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{663A69DD-C317-4444-8B3A-075B34ECF978}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{695368AE-A8B8-4B21-9BCC-A6BC72C0B5F7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A17699C-A3BA-408F-A3DC-E0D515580B74}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6AF543AE-C654-4C3D-82FC-D5C7BA554BA2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6F7C270D-240C-4683-BD8A-B334B2AD9FB2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70B6056B-C13B-41EA-B463-8FCCFE4A0EC0}" = rport=139 | protocol=6 | dir=out | app=system |
"{717A8EFE-2B73-4A0E-A445-ACA74744E151}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72A4BE9B-885D-4BAD-866D-98DD76022B62}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{747EAB9C-277E-4D16-A052-F668BDF4F1F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7567E01B-B044-478E-A8E1-ACF2B603FFCE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E040544-0863-4695-B6AE-A0C01AD6BECB}" = rport=445 | protocol=6 | dir=out | app=system |
"{84046E89-3AF9-4EEB-9ABC-AC385CDE22E3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{8BED41D8-FAF1-4E44-B47A-1E9711E0C98D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{8E65E84D-DB13-4048-9EE9-21A4A79023AC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{8F399E1C-BC66-4C2E-9C70-6A3F6AB79143}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9176A182-D8B6-463C-9994-122F67D40129}" = lport=137 | protocol=17 | dir=in | app=system |
"{9282D338-5025-4EEE-B9E9-599B126AFBBA}" = lport=138 | protocol=17 | dir=in | app=system |
"{95A19215-8BE6-48DF-BF6C-DD981EECB698}" = lport=10243 | protocol=6 | dir=in | app=system |
"{976E8094-E8B2-4D09-806A-94D0AF7F8308}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9862BFB2-4BFC-4C73-B486-299B5FDB1EAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EE0117B-49A5-4EC3-9367-A719546554E7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9FEDB2DE-CEC3-4739-B78F-804E785BC95A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A88DDCA7-994C-4D3E-9E84-95C26C16768A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{AB8227F2-D357-4998-990E-020EBE588DD0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B15AF2B6-CCCB-469D-866F-AE0F4065CC83}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B85C3CED-0E52-405A-898F-AB383BE64BA6}" = rport=138 | protocol=17 | dir=out | app=system |
"{BC11FE91-05F5-46C8-8BCE-2BB606300C1E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{BF289483-FE33-44DE-AF64-B41D332BF642}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C03D564D-5655-4246-849B-AE264612BF33}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C3B0E199-9A77-49DF-A977-199E32CBEC36}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C7BE285D-EC93-40EF-BA46-3E25437BC4FC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C8CCCA07-FF31-4DF3-88D9-1398D5CC9B7E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C92731F0-9C9F-4963-A9B6-F4EC28D77DFA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D00658A9-3161-4C0B-811D-A5F18B6ADC12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D090B816-406E-49DA-BB6E-F02E03FA977D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D12D777D-860E-43A5-9F0C-F5D8C6ACCF70}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D96C33CA-F15E-491F-8BB9-908CF94EB3F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E3F9A1D2-D32E-4979-9414-24475F96F367}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0B85121-FA8B-41F7-846A-A3F2566700AB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9167BDD-7911-4C1C-A986-DE5B50106330}" = lport=445 | protocol=6 | dir=in | app=system |
"{FC706D1E-1E7D-49AE-AA3A-840FFBD9BEB8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{FFEAE8B8-2D2B-417C-A6AA-485C35B8595C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B07402-3410-4D7D-A999-865B2993E281}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{094B2455-3DE8-4F07-AA87-27DD4BBA1A02}" = protocol=6 | dir=out | app=system |
"{0AD7C013-1EAC-4AAF-8663-CCD136A4FEC9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0D735C61-7250-4362-A8AF-147582A4B753}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1215004F-CC9A-4E53-9562-03A3C5D0A553}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1374A1F6-169E-489D-BCDA-C963201F1CF1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1DDA3641-D0FD-4A7F-8B9D-0ED2365060D9}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{37AB9D0F-80BB-4805-9D5C-DFFB13203B73}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{3D439E63-AA62-4C4C-9FC8-02E471893D0C}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{468F0BEB-51B0-4720-B90F-622961FB4BA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{472AA3CD-CF99-4DC5-986C-29B1B8526643}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47B0C4BA-1B51-4B12-83A3-D6EA25F0637D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D6AAC7D-8147-4361-9672-5E87F199473F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5516041B-AF1C-49F5-8361-8124D15C34F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58D48ABF-CCF9-4A94-99D1-3A71FFD52748}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6824FD90-6BEC-45E7-BEEC-417AA2D7C61F}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{74123421-95B8-420E-89A1-690F25206416}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{835082E7-0B9D-4A3F-A7F1-D3B8A6985F47}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{846B87C0-26F6-426B-8E9D-4EB65207E430}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8AD58ADB-05ED-47C9-A9DC-D3604C02A7F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9188CFC6-4932-4861-A84A-24FC74645902}" = protocol=6 | dir=in | app=c:\program files (x86)\downloadtoolz\hulu video downloader\hulu_d.exe |
"{943F4C43-ADEB-4867-AD19-DD49096C48F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97832A68-5D5C-4FB7-9679-8308FBBED566}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9CA0E70C-799F-417F-874C-B319C01941F3}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{BF7EDEC7-4505-43CF-9F21-14D008DA5DF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1EBAFF8-4BFA-4524-8F27-921E48F61290}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5A6FEAC-9CAC-4DAC-8B49-92368E2A22E4}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{C60BB474-949D-4B45-B1B8-17702633D0A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DFB17DF1-0324-48BB-9EB2-CC7E55E575F1}" = protocol=17 | dir=in | app=c:\program files (x86)\downloadtoolz\hulu video downloader\hulu_d.exe |
"{E1B49AAB-8A11-4038-A8F2-A9845B749FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{E40F666A-A581-4949-A809-29A6D1215D65}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E6C527CA-B5C8-40F2-A7D5-9989C5108774}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF796DBF-15D6-461E-AC53-910448AAB9C9}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{F76B73DA-2D48-4770-9D81-6EFA5FFA5699}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB4D7BE2-F2FA-42FD-AF79-57A7B49A2DF4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{002FA12C-A174-4E71-AF8D-C787E2CAFF94}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{0BAF23D1-913B-4863-90E7-9A0484C2594F}D:\otrkeys\half life 2 by happy.part05\half life 2\hl2.exe" = protocol=6 | dir=in | app=d:\otrkeys\half life 2 by happy.part05\half life 2\hl2.exe |
"TCP Query User{0D6537EA-5109-45E1-B8FA-3EB3F194D470}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{0F38FEAC-7C7D-4433-85AE-811E7B74FBE0}C:\users\***\desktop\spiele\cod4\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\cod4\iw3mp.exe |
"TCP Query User{2138F118-8F5F-4F43-9529-6F44370C118E}D:\hdr\the_lord_of_the_rings__the_fellowship_of_the_ring_10.exe" = protocol=6 | dir=in | app=d:\hdr\the_lord_of_the_rings__the_fellowship_of_the_ring_10.exe |
"TCP Query User{3A1B21C2-ED21-4ACA-B159-238704F97E39}C:\users\***\desktop\rtmpexplorer\rtmpsrv.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpsrv.exe |
"TCP Query User{3A985E8A-F3D3-490A-956F-D9E89D9BE6E8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{44033CA5-60FF-4A11-8961-09B72232FA37}C:\users\***\desktop\rtmpdump-2.4-git-010913-windows\rtmpsrv.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\rtmpdump-2.4-git-010913-windows\rtmpsrv.exe |
"TCP Query User{5A8613BE-4CE3-4F21-9EB9-81A71078224D}C:\users\***\desktop\rtmpexplorer2\rtmpsrv.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\rtmpexplorer2\rtmpsrv.exe |
"TCP Query User{6EACA207-5D66-4ED0-BDB1-5A1E45BF8F03}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{87334105-F209-4F88-8FF2-F4E18590143A}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe |
"TCP Query User{9071C708-53E0-4AE2-B2E4-6763878B30A8}D:\otrkeys\half life 2\hl2.exe" = protocol=6 | dir=in | app=d:\otrkeys\half life 2\hl2.exe |
"TCP Query User{940DA95D-69C2-422A-850A-4BB10555CB8B}C:\users\***\desktop\rtmpexplorer\rtmpsuck.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpsuck.exe |
"TCP Query User{A299B8A4-16A1-4099-A1E8-B70BD6B78E9A}C:\users\***\desktop\spiele\counter-strike\hltv.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\counter-strike\hltv.exe |
"TCP Query User{ACFEABBC-657C-4F0E-9A1C-2D66B6FB27A8}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{ADD25604-0D07-4741-A5F0-159F7365A89E}C:\users\***\desktop\spiele\age of empires ii the conquerors\empires2.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\age of empires ii the conquerors\empires2.exe |
"TCP Query User{B66A31D0-49D0-4FCB-97A9-7EEC19CC4A63}C:\users\***\desktop\spiele\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\counter-strike\hl.exe |
"TCP Query User{D065624A-5F8F-42A5-A1A7-06FF84B0E8F0}C:\users\***\desktop\rtmpexplorer\rtmpsrv-vlc.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpsrv-vlc.exe |
"TCP Query User{E8D3AEC4-F0B4-452F-947D-B290F25C1056}C:\users\***\desktop\rtmpexplorer\rtmpgw.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpgw.exe |
"UDP Query User{18A72E5E-1A91-4E5D-A2D6-98AFFADA246B}C:\users\***\desktop\rtmpexplorer\rtmpgw.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpgw.exe |
"UDP Query User{198B79A8-35FF-4A13-BF70-3C57AD5B3A3D}C:\users\***\desktop\spiele\cod4\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\cod4\iw3mp.exe |
"UDP Query User{22C1DB5F-3D74-4302-BF4D-D2544EA4DD89}C:\users\***\desktop\rtmpdump-2.4-git-010913-windows\rtmpsrv.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\rtmpdump-2.4-git-010913-windows\rtmpsrv.exe |
"UDP Query User{247FEE0A-9BC3-4FE6-9B25-615E1617C7E6}C:\users\***\desktop\rtmpexplorer2\rtmpsrv.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\rtmpexplorer2\rtmpsrv.exe |
"UDP Query User{26149AF1-F5FE-4DC0-B51F-56F67E9DA608}C:\users\***\desktop\rtmpexplorer\rtmpsrv.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpsrv.exe |
"UDP Query User{27959DD7-DEB9-451B-9356-A4292E02834C}D:\hdr\the_lord_of_the_rings__the_fellowship_of_the_ring_10.exe" = protocol=17 | dir=in | app=d:\hdr\the_lord_of_the_rings__the_fellowship_of_the_ring_10.exe |
"UDP Query User{2A009D67-048A-41C3-8E79-BC16FDA2A090}D:\otrkeys\half life 2 by happy.part05\half life 2\hl2.exe" = protocol=17 | dir=in | app=d:\otrkeys\half life 2 by happy.part05\half life 2\hl2.exe |
"UDP Query User{2BD7400C-664C-4B51-A6BA-FBDDF33D4DDD}D:\otrkeys\half life 2\hl2.exe" = protocol=17 | dir=in | app=d:\otrkeys\half life 2\hl2.exe |
"UDP Query User{3CFCA7CB-F8D5-4D38-882E-7CBAD04EDBA3}C:\users\***\desktop\spiele\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\counter-strike\hl.exe |
"UDP Query User{43BE88E7-81B0-4037-A728-9C951B36B857}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{46420E65-9F12-4499-83E3-AF8A5BA443F7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4E829E1F-006E-4008-A443-B7823F702809}C:\users\***\desktop\rtmpexplorer\rtmpsuck.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpsuck.exe |
"UDP Query User{7862F8CC-D874-4AB6-9420-731514C46D4E}C:\users\***\desktop\rtmpexplorer\rtmpsrv-vlc.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpsrv-vlc.exe |
"UDP Query User{8AFAB0C8-B6AF-4249-8165-A44E6A732358}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{9BC3E318-FE74-41DA-AC25-37DBF2F26A76}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe |
"UDP Query User{9F83E311-E63A-4BCD-AFE7-E73DA7C3BDDD}C:\users\***\desktop\spiele\age of empires ii the conquerors\empires2.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\age of empires ii the conquerors\empires2.exe |
"UDP Query User{AD73F28C-6F93-4B4F-A298-6BB14E839B3F}C:\users\***\desktop\spiele\counter-strike\hltv.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\counter-strike\hltv.exe |
"UDP Query User{C1F48B88-241A-4F64-A193-96067218892B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{F20CFA62-8AC7-479F-A088-3CFD997EC4E1}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D04B2F4-BD8F-B8CE-DC9F-54369EC2783A}" = AMD Fuel
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{35A50BE1-FDD7-4FC7-CCE5-03D2A63D4CF4}" = AMD Catalyst Install Manager
"{3C32C938-3071-BEF0-1EA5-403A420031A0}" = ccc-utility64
"{3F372A41-8007-012F-F5AE-685F588FC897}" = AMD Media Foundation Decoders
"{48E18BB4-394D-4976-AB9D-716F9302A942}" = BrowseToSave
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}" = MAGIX Video deluxe 2013
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ffdshow64_is1" = ffdshow x64 v1.1.3476 [2010-06-15]
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinGimp-2.0_is1" = GIMP 2.6.8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2461E016-9FB4-B233-A74D-91D11A664342}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51002784-18FA-8FF9-9A1A-2468E7FCA096}" = Catalyst Control Center Graphics Previews Common
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{BAAE49C1-2844-4614-BCB9-1485569E344D}" = pdfforge Toolbar v6.9
"{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" =
"{C454E7DD-A09A-6D06-7FF9-59753475FC09}" = AMD VISION Engine Control Center
"{CE23BD08-F6FD-3337-D8BC-5B55E69263A5}" = Catalyst Control Center InstallProxy
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D4911E92-A059-4901-8AB3-8638B6D96456}_is1" = Groovedown Version 0.84
"{DA109884-7CDC-5F21-5F0B-742AA74F84E1}" = Catalyst Control Center Localization All
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2471277-4C40-44B8-9A5D-D170F237673C}" = TubeBox
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Any Video Converter_is1" = Any Video Converter 3.3.4
"Audacity_is1" = Audacity 2.0.2
"AudibleManager" = AudibleManager
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Crimson Editor SVN286M" = Crimson Editor SVN286M
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ffdshow_is1" = ffdshow v1.1.3476 [2010-06-15]
"FileZilla Client" = FileZilla Client 3.6.0.2
"Fraps" = Fraps (remove only)
"Free Videos To DVD_is1" = Free Videos To DVD V 4.0.0
"Groovedown" = Groovedown
"HotspotShield" = Hotspot Shield 2.88
"ImgBurn" = ImgBurn
"LAME_is1" = LAME v3.99.3 (for Windows)
"MAGIX_{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}" = MAGIX Video deluxe 2013
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Postal 2" = Postal 2
"RonyaSoft CD DVD Label Maker" = RonyaSoft CD DVD Label Maker 3.01
"SP_f2a323db" =
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Textaizer Pro_is1" = Textaizer Pro v4.0
"The KMPlayer" = The KMPlayer (remove only)
"tint" = Tint
"TmNationsForever_is1" = TmNationsForever
"TubeBox 3.5.3" = TubeBox
"VLC media player" = VLC media player 1.1.11
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WinX DVD Author_is1" = WinX DVD Author 6.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.04.2013 16:36:09 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15320
Error - 08.04.2013 16:36:13 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.04.2013 16:36:13 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19454
Error - 08.04.2013 16:36:13 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19454
Error - 08.04.2013 16:36:14 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.04.2013 16:36:14 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 20452
Error - 08.04.2013 16:36:14 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 20452
Error - 08.04.2013 16:36:18 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.04.2013 16:36:18 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24851
Error - 08.04.2013 16:36:18 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24851
[ System Events ]
Error - 06.04.2013 04:20:52 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 06.04.2013 04:37:28 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Hotspot Shield Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 06.04.2013 04:37:40 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Hotspot Shield Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.04.2013 04:37:42 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Routing Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 06.04.2013 09:05:32 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Hotspot Shield Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 06.04.2013 09:05:44 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Routing Service" wurde unerwartet beendet.
Dies ist bereits 2 Mal passiert.
Error - 06.04.2013 09:06:44 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Hotspot Shield Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.04.2013 09:55:01 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 09.04.2013 02:48:55 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 09.04.2013 03:34:01 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
Gmer.log: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-09 11:50:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a ST932032 rev.0003 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\kwtcapod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a71465 2 bytes [A7, 75]
.text C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a714bb 2 bytes [A7, 75]
.text ... * 2
.text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a71465 2 bytes [A7, 75]
.text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a714bb 2 bytes [A7, 75]
.text ... * 2
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1840] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_http_auth_create_response + 294 000000006ab32076 4 bytes [24, D9, B9, 68]
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1840] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_mp4_read_dec_config_descr + 435 000000006ab37283 4 bytes [74, 4C, 09, 66]
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1840] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_nut_add_sp + 70 000000006ab751a6 4 bytes [20, EF, B9, 68]
.text C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075a71465 2 bytes [A7, 75]
.text C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075a714bb 2 bytes [A7, 75]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a71465 2 bytes [A7, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a714bb 2 bytes [A7, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a71465 2 bytes [A7, 75]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a714bb 2 bytes [A7, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0x92 0xE4 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2E 0x06 0x6D 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0x00 0xF3 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5F 0x10 0x6F 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0x92 0xE4 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2E 0x06 0x6D 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0x00 0xF3 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5F 0x10 0x6F 0x75 ...
---- EOF - GMER 2.1 ----
Zum Schluss möchte ich mich schon mal für dieses Angebot und die entgegengebrachte Hilfe sehr bedanken.:dankeschoen:
Mojodo |
Bitte lesen:
AdwCleaner auf deinen Desktop.
SecurityCheck und:
