Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Computer gesperrt durch Bundespolizei

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.09.2012, 09:31   #1
Iknazio
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



Hallo Freunde,
ich habe mir den Trojaner eingefangen der mir mit dem formschönen aber ärgerlichen "Die Bundespolizei hat Ihren Rechner gesperrt" Bildchen den ganzen Rechner blockiert.

Rechner: Desktop-Rechner
IntelCore2 Quad Q6600, 2,4GHz
3072MB SDRAM, 64bit
Windows Vista 32bit

Rechner wurde im abgesicherten Modus gestartet.
Die Bildschirm-Auflösung ist dann anders, keine Ahnung ob das normal ist.
Malware, OTL, Defogger und GMER liegen schon auf dem desktop bereit, aber ich kann, zwecks fehlender Internet-verbindung, kein update für malware machen. die rules.ref datei hab ich auf dem stick (von meinem Laptop rübergezogen) aber den Folder ProgrammData gibt's auf dem Desktop-Rechner nicht, was kann ich da machen?
Wohin soll ich die rules-datei kopieren?

Habe schon einiges hier gelesen und da ich mich nicht wirklich gut, im Sinne von schlecht, mit meinem Rechner auskenne, ist mir schon Angst und Bange davor was nun kommt.
Ich hatte noch nie sowas...

Ich hoffe Ihr bringt mich da durch, wünsche Euch und mir Geduld :-)

Vielen Dank schonmal für die Hilfe

cheerio
Iknazio

ok, hab die "mbam-rules.exe" runtergeladen, scheint zu funktionieren.
scan läuft, werde dann die logs posten.

Alt 20.09.2012, 11:59   #2
Iknazio
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



log dateien von malware angehängt.
__________________


Alt 20.09.2012, 12:08   #3
Iknazio
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



sorry, vergesst den anhang, da waren 2 abgebrochene versuche dabei ;-)
hier jetzt das richtige...

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.17.07

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
zankit :: ZANKIT-SERVER [Administrator]

20.09.2012 11:12:13
mbam-log-2012-09-20 (11-12-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 417279
Laufzeit: 49 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\zankit\ms.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Defogger hat nix

hier das OTL log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.09.2012 13:03:50 - Run 1
OTL by OldTimer - Version 3.2.64.0     Folder = C:\Users\zankit\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,73% Memory free
6,19 Gb Paging File | 5,93 Gb Available in Paging File | 95,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 301,61 Gb Free Space | 67,66% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,92 Gb Free Space | 54,61% Space Free | Partition Type: FAT32
 
Computer Name: ZANKIT-SERVER | User Name: zankit | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.19 11:24:04 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\zankit\Desktop\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.09.29 15:48:42 | 000,094,720 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2008.02.02 23:08:12 | 001,722,368 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzArchive10.tgp
MOD - [2007.03.12 23:34:20 | 000,162,304 | ---- | M] () -- C:\Windows\System32\ztvunrar36.dll
MOD - [2006.05.14 13:03:54 | 000,655,360 | ---- | M] () -- C:\Programme\TUGZip\TzShell.dll
MOD - [2005.02.17 23:15:22 | 000,077,824 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzImage10.tgp
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.07 11:07:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012.09.04 09:26:36 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.11 21:09:16 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011.06.02 18:10:46 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2010.11.30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010.10.20 11:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.09.23 16:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () [Auto | Stopped] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () [Auto | Stopped] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Hofer Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012.09.07 11:07:30 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Programme\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012.09.07 11:07:30 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012.09.07 11:07:28 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Programme\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012.08.01 10:51:35 | 000,228,376 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020)
DRV - [2012.08.01 10:51:35 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2011.07.01 09:35:47 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Stopped] -- C:\Programme\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011.06.02 18:10:47 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011.03.24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010.11.29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010.11.29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010.08.20 18:41:52 | 000,126,800 | ---- | M] (BitDefender LLC) [Kernel | System | Stopped] -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV - [2010.08.20 15:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Stopped] -- c:\Programme\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010.05.13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.13 17:57:04 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2009.05.01 01:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.05.01 00:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009.05.01 00:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.01.08 08:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.11.21 11:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.10.12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{A812E1BB-14C4-405E-B824-F4E508228D59}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-at&FORM=IEFM&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=V54OEHjrmOsMZdOgBFq8ciS8jUw?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{A812E1BB-14C4-405E-B824-F4E508228D59}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-at&FORM=IEFM&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "hxxp://search.myheritage.com/"
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=1157&systemid=1&sr=0&q="
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\zankit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.06.05 13:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012.06.11 11:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 13:14:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 16:27:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012.06.11 11:09:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
 
[2012.05.10 12:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zankit\AppData\Roaming\mozilla\Extensions
[2012.08.20 14:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions
[2009.10.01 12:35:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.10 12:58:13 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012.02.09 12:57:09 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2011.06.10 13:08:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\engine@conduit.com
[2011.04.06 11:26:55 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\ffxtlbr@Facemoods.com
[2012.08.20 14:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\staged
[2010.10.10 16:46:56 | 000,004,669 | ---- | M] () (No name found) -- C:\Users\zankit\AppData\Roaming\mozilla\firefox\profiles\m914852j.default\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
[2011.08.16 10:07:48 | 000,000,935 | ---- | M] () -- C:\Users\zankit\AppData\Roaming\mozilla\firefox\profiles\m914852j.default\searchplugins\conduit.xml
[2012.05.10 12:57:54 | 000,002,517 | ---- | M] () -- C:\Users\zankit\AppData\Roaming\mozilla\firefox\profiles\m914852j.default\searchplugins\Search_Results.xml
[2012.09.13 16:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.19 14:23:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.08.29 09:11:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.13 16:27:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.06.11 11:09:23 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2012.05.10 12:58:19 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2012.03.19 14:23:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.08.12 08:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.06 11:26:55 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.10 12:57:54 | 000,002,517 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Facemoods = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\
CHR - Extension: Google Mail = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll (iMesh, Inc)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [gjohsjyxjgqrkda] C:\ProgramData\gjohsjyx.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\zankit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3B7C135-B02D-4EA3-A6BB-EAB071E7C218}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA4F6B54-CC46-486E-83FC-323E81F62EA8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\zankit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\zankit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.12.07 12:08:34 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\Shell\AutoRun\command - "" = I:\DVD-WRITER.exe
O33 - MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.20 10:13:11 | 000,000,000 | ---D | C] -- C:\Users\zankit\AppData\Roaming\Malwarebytes
[2012.09.20 10:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.20 10:13:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.20 10:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.20 10:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.20 10:12:12 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\zankit\Desktop\OTL.exe
[2012.09.20 10:10:57 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\zankit\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.18 18:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\deahgmifjhzytbh
[2012.09.07 11:07:30 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012.09.03 19:32:37 | 000,000,000 | ---D | C] -- C:\Users\zankit\Documents\Ahnenblatt
[2012.09.03 19:32:37 | 000,000,000 | ---D | C] -- C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
[2012.09.03 19:32:36 | 000,000,000 | ---D | C] -- C:\Users\zankit\AppData\Roaming\Ahnenblatt
[2012.09.03 19:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\Ahnenblatt
[2012.09.03 19:32:13 | 004,697,808 | ---- | C] (Dirk Boettcher                                              ) -- C:\Users\zankit\Desktop\absetup.exe
[2012.09.03 19:29:48 | 000,000,000 | ---D | C] -- C:\Users\zankit\Documents\MyHeritage
[2012.09.03 19:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\MyHeritage
[2012.08.28 11:38:27 | 000,000,000 | ---D | C] -- C:\Users\zankit\Desktop\stencils_icons
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\zankit\Desktop\*.tmp files -> C:\Users\zankit\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.20 13:00:54 | 000,000,000 | ---- | M] () -- C:\Users\zankit\defogger_reenable
[2012.09.20 12:57:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.20 12:18:18 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 12:18:17 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 12:18:16 | 000,110,669 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.20 10:49:12 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.20 10:09:18 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.20 10:09:17 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.20 10:09:17 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.20 10:09:17 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.19 12:50:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.19 11:44:10 | 000,302,592 | ---- | M] () -- C:\Users\zankit\Desktop\0u8mvzqu.exe
[2012.09.19 11:24:04 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\zankit\Desktop\OTL.exe
[2012.09.19 11:20:12 | 000,050,477 | ---- | M] () -- C:\Users\zankit\Desktop\Defogger.exe
[2012.09.19 10:39:12 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\zankit\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.18 18:35:34 | 000,110,669 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.09.18 18:22:08 | 000,076,348 | ---- | M] () -- C:\ProgramData\eqqivvaivoarqqp
[2012.09.18 18:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.18 18:19:57 | 000,080,896 | ---- | M] () -- C:\ProgramData\gjohsjyx.exe
[2012.09.18 17:56:35 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.17 17:23:08 | 000,005,603 | ---- | M] () -- C:\Users\zankit\Desktop\Rückmeldung Grillfest 2012.pdf
[2012.09.12 18:34:53 | 000,009,322 | ---- | M] () -- C:\Users\zankit\Desktop\cooltext762715016.jpg
[2012.09.12 18:16:05 | 000,029,160 | ---- | M] () -- C:\Users\zankit\Desktop\gregsotherhand.zip
[2012.09.12 11:10:04 | 000,180,783 | ---- | M] () -- C:\Users\zankit\Desktop\001.jpg
[2012.09.12 10:45:26 | 000,039,565 | ---- | M] () -- C:\Users\zankit\Desktop\id-156493_f2ea3e8260baf1f427afc46534301b4c.jpg
[2012.09.12 10:24:02 | 001,561,037 | ---- | M] () -- C:\Users\zankit\Desktop\Mainz_Museumsnacht_Plakat_abgerissen_rot.jpg
[2012.09.12 10:23:40 | 000,307,214 | ---- | M] () -- C:\Users\zankit\Desktop\abgerissene-plakate.jpg
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.07 11:07:30 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012.09.06 09:45:00 | 000,220,711 | ---- | M] () -- C:\Users\zankit\Desktop\gretschhouse5.jpg
[2012.09.04 11:57:51 | 000,002,509 | ---- | M] () -- C:\Users\zankit\Desktop\se femilie.csv
[2012.09.03 19:32:38 | 000,001,714 | ---- | M] () -- C:\Users\zankit\Desktop\Ahnenblatt.lnk
[2012.09.03 19:32:16 | 004,697,808 | ---- | M] (Dirk Boettcher                                              ) -- C:\Users\zankit\Desktop\absetup.exe
[2012.09.03 19:27:07 | 029,083,344 | ---- | M] () -- C:\Users\zankit\Desktop\family_tree_builder_5634i.exe
[2012.08.28 15:50:54 | 000,048,508 | ---- | M] () -- C:\Users\zankit\Desktop\akustische-gitarre-t10447.jpg
[2012.08.27 10:58:13 | 000,131,072 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.08.22 12:08:00 | 000,017,439 | ---- | M] () -- C:\Users\zankit\Desktop\Invoice James J Halford No. 051.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\zankit\Desktop\*.tmp files -> C:\Users\zankit\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.20 13:00:54 | 000,000,000 | ---- | C] () -- C:\Users\zankit\defogger_reenable
[2012.09.20 10:13:03 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.20 10:12:29 | 000,050,477 | ---- | C] () -- C:\Users\zankit\Desktop\Defogger.exe
[2012.09.20 10:11:24 | 000,302,592 | ---- | C] () -- C:\Users\zankit\Desktop\0u8mvzqu.exe
[2012.09.18 18:22:08 | 000,080,896 | ---- | C] () -- C:\ProgramData\gjohsjyx.exe
[2012.09.18 18:19:58 | 000,076,348 | ---- | C] () -- C:\ProgramData\eqqivvaivoarqqp
[2012.09.17 17:23:06 | 000,005,603 | ---- | C] () -- C:\Users\zankit\Desktop\Rückmeldung Grillfest 2012.pdf
[2012.09.12 18:34:53 | 000,009,322 | ---- | C] () -- C:\Users\zankit\Desktop\cooltext762715016.jpg
[2012.09.12 18:16:05 | 000,029,160 | ---- | C] () -- C:\Users\zankit\Desktop\gregsotherhand.zip
[2012.09.12 11:10:04 | 000,180,783 | ---- | C] () -- C:\Users\zankit\Desktop\001.jpg
[2012.09.12 10:45:26 | 000,039,565 | ---- | C] () -- C:\Users\zankit\Desktop\id-156493_f2ea3e8260baf1f427afc46534301b4c.jpg
[2012.09.12 10:24:02 | 001,561,037 | ---- | C] () -- C:\Users\zankit\Desktop\Mainz_Museumsnacht_Plakat_abgerissen_rot.jpg
[2012.09.12 10:23:40 | 000,307,214 | ---- | C] () -- C:\Users\zankit\Desktop\abgerissene-plakate.jpg
[2012.09.06 09:45:00 | 000,220,711 | ---- | C] () -- C:\Users\zankit\Desktop\gretschhouse5.jpg
[2012.09.04 11:57:51 | 000,002,509 | ---- | C] () -- C:\Users\zankit\Desktop\se femilie.csv
[2012.09.03 19:32:38 | 000,001,714 | ---- | C] () -- C:\Users\zankit\Desktop\Ahnenblatt.lnk
[2012.09.03 19:26:32 | 029,083,344 | ---- | C] () -- C:\Users\zankit\Desktop\family_tree_builder_5634i.exe
[2012.08.28 15:50:54 | 000,048,508 | ---- | C] () -- C:\Users\zankit\Desktop\akustische-gitarre-t10447.jpg
[2012.08.27 10:49:37 | 000,131,072 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2012.08.22 12:08:00 | 000,017,439 | ---- | C] () -- C:\Users\zankit\Desktop\Invoice James J Halford No. 051.odt
[2012.01.27 14:24:41 | 003,445,337 | ---- | C] () -- C:\Users\zankit\ROUGH_Shake_01.mp3
[2012.01.27 14:24:41 | 002,811,497 | ---- | C] () -- C:\Users\zankit\roughmix fight_01.mp3
[2011.06.25 08:42:02 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.06.25 08:42:02 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.04.19 08:43:00 | 000,998,677 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.04.05 14:17:18 | 000,120,075 | ---- | C] () -- C:\Users\zankit\Interessenbogen_WJ.pdf
[2010.11.11 16:09:50 | 000,389,302 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - Lebenslauf +.pdf
[2010.10.25 13:14:44 | 000,000,076 | ---- | C] () -- C:\Users\zankit\AppData\Roaming\Default.PLS
[2010.10.07 09:48:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Space Choir
[2010.10.07 09:48:02 | 000,000,268 | RH-- | C] () -- C:\Users\zankit\AppData\Roaming\Solid Colors
[2010.10.07 09:48:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.10.07 09:48:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Automatic Filter
[2010.10.07 09:46:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\Jazz
[2010.10.07 09:46:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Spacious
[2010.10.07 09:46:06 | 000,000,012 | RH-- | C] () -- C:\ProgramData\BSD
[2010.10.07 09:33:45 | 000,000,268 | RH-- | C] () -- C:\Users\zankit\AppData\Roaming\Sound Effects
[2010.10.07 09:29:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.07.08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010.06.20 11:42:42 | 000,110,669 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.06.20 11:36:10 | 000,110,669 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.04.28 08:54:57 | 000,000,760 | ---- | C] () -- C:\Users\zankit\AppData\Roaming\setup_ldm.iss
[2010.03.10 16:30:22 | 000,389,715 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - CV+.pdf
[2010.03.08 19:42:41 | 000,384,593 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - Lebenslauf.pdf
[2010.02.23 10:17:38 | 000,000,025 | ---- | C] () -- C:\Users\zankit\AppData\Roaming\bdfvconp.ini
[2009.09.09 11:27:39 | 000,326,518 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - CV.pdf
[2009.05.05 20:26:04 | 000,008,879 | ---- | C] () -- C:\Users\zankit\ztet_03.jpg
[2009.05.05 20:25:58 | 000,006,362 | ---- | C] () -- C:\Users\zankit\ztet_02.jpg
[2009.05.05 20:25:53 | 000,011,644 | ---- | C] () -- C:\Users\zankit\ztet_08.jpg
[2009.05.05 20:25:37 | 000,048,612 | ---- | C] () -- C:\Users\zankit\ztet_01.jpg
[2009.05.05 20:25:32 | 000,005,686 | ---- | C] () -- C:\Users\zankit\ztet_07.jpg
[2009.05.05 20:23:11 | 000,005,500 | ---- | C] () -- C:\Users\zankit\ztet_04.gif
[2009.04.04 12:31:19 | 000,047,994 | ---- | C] () -- C:\Users\zankit\sylvia logo.pdf
[2008.08.17 13:16:05 | 290,538,496 | ---- | C] () -- C:\Users\zankit\postein17808.pst
[2008.08.17 13:11:31 | 001,033,216 | ---- | C] () -- C:\Users\zankit\kal17808.pst
[2008.08.17 13:02:57 | 542,458,880 | ---- | C] () -- C:\Users\zankit\backup.pst
[2008.07.18 09:59:29 | 000,007,916 | ---- | C] () -- C:\Users\zankit\AppData\Local\d3d9caps.dat
[2008.07.17 22:49:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.07.17 14:41:28 | 000,060,928 | ---- | C] () -- C:\Users\zankit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2011.02.27 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\4Media
[2012.09.04 14:50:59 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Ahnenblatt
[2011.11.15 10:52:25 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Bitcoin
[2011.04.19 09:20:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\BitDefender
[2012.07.18 17:09:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Blender Foundation
[2012.09.18 18:37:04 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Dropbox
[2012.04.25 13:11:58 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FileZilla
[2011.04.11 10:03:59 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FreeAudioPack
[2011.04.11 10:05:21 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FreeCDRipper
[2011.08.12 10:49:39 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\go
[2010.05.29 09:48:54 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Leadertech
[2012.05.10 12:57:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\MusicNet
[2012.07.27 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Need for Speed World
[2010.10.07 09:48:06 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nikon
[2010.06.23 13:55:22 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nokia
[2011.04.19 08:01:08 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Opera
[2010.06.22 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\PC Suite
[2009.10.22 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Peace Craft
[2011.04.19 09:14:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\QuickScan
[2008.12.05 17:45:57 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Spellborn Downloader
[2008.07.20 17:15:50 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Ulead Systems
[2011.11.14 12:19:01 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
[/code]

und die extras:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.09.2012 13:03:50 - Run 1
OTL by OldTimer - Version 3.2.64.0     Folder = C:\Users\zankit\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,73% Memory free
6,19 Gb Paging File | 5,93 Gb Available in Paging File | 95,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 301,61 Gb Free Space | 67,66% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,92 Gb Free Space | 54,61% Space Free | Partition Type: FAT32
 
Computer Name: ZANKIT-SERVER | User Name: zankit | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23C976A4-26AF-45AE-ADC3-B2A82E809AA9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2874F68B-6188-41E5-90C3-6455BF27DAC4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2AE23A41-F785-492F-A4AA-D2CF90AB2870}" = lport=139 | protocol=6 | dir=in | app=system | 
"{31BF188F-F03A-4506-9255-2E959B578967}" = rport=445 | protocol=6 | dir=out | app=system | 
"{325F69B8-8234-4652-A89F-D52C0F2C67E4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3DD2844B-8D18-451E-B080-2234F4C7D2AB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4A3DAFFD-4021-4DB1-B216-C76FEB3FF143}" = lport=138 | protocol=17 | dir=in | app=system | 
"{629C4A15-E494-40B0-8894-0BB31BAFE1DA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7C632FB1-A609-4F9D-80E0-81D59585A696}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{871D9D25-F4D0-4276-BB27-D222F5155406}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C807128E-6720-4A65-B756-25ABC5F2F4F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{D54F48D0-5D52-4201-A6DD-FA456D7C2D5D}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{F9E68322-A962-4815-8B0F-6DB750897175}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1379CFE5-D837-4D16-9F8B-FE96B4A4E816}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{155E6A4D-75DC-4000-ACC0-A173323331CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{19F68800-AD9B-4DA2-A174-B338AA33697C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{1D50B077-71E3-497E-AF08-C48CE8D230FB}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{2762AB4E-4B03-4AF9-8A8F-D75EB12BC7D5}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{291992A6-7727-4C90-A93D-2A79383AB60B}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{2BB0880D-4062-4870-A82B-4DD467000435}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{33DC2FEC-4BDF-4454-A991-C7FD4FB786D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3A80D618-DACB-44F4-BB6D-3E90984764D1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{3B53117B-C794-4BE4-96B8-E7FBEE574909}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{3BF3620B-C5C3-480B-A050-5ECE76375CC1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3FEC34E3-63C1-48FE-A12E-B176B671E85F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{425C8777-B1A3-490F-97E6-E8BFA0894262}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{5224A520-6B18-492E-A075-B5AE6D4C1E63}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{558638E4-7F91-47DE-BD01-0D2056B26067}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{67083C61-3752-4086-BC28-ACF94319C2F9}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{71682D17-9300-4FF1-9220-D364A75E957A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{74B1150F-AB8A-4B8C-B166-C76494C21960}" = protocol=6 | dir=in | app=c:\users\zankit\appdata\roaming\dropbox\bin\dropbox.exe | 
"{87F09664-E8F6-4FCF-B68F-DB53F9EA3AA7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{9199742B-83D1-4C77-9E02-B18C1BE115F3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9F6700FE-9205-4A77-9E8F-2166DC360AB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AC99D272-27E6-40A6-BDC3-98FB01FE17C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C68AC561-EAF6-404F-AC51-BB2374804646}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D0F44B58-4DD1-459A-9D18-F69E97D5885D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D7369D91-F35C-473D-AF18-EFBD945D76BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DBA1E31C-AAE1-4E33-A795-4B9039A7352A}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{DF71B3C8-95EA-4368-AFBE-CBB0E3EAE071}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{E49F89C5-AF78-47BF-921B-960E2FDB20F7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E4F39962-9A38-40AE-AD51-32E8D055D3AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E98A0256-E748-4E66-9823-AEB39A99C5F9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{EB96714E-DBB5-4F76-9382-F0928F4042DC}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
"{F0496759-D4D5-4588-85C6-0B9EE7B3B6AD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{FC182528-E3E7-4728-B558-4A5A79CFF193}" = protocol=17 | dir=in | app=c:\users\zankit\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{0BB2B016-A1F1-41B7-B05C-8CAE0DA28666}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"TCP Query User{1151ABA4-2B5F-4D70-B85C-DC9F508BCD18}C:\users\zankit\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\zankit\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{31A372A4-AE64-4335-8255-A01A4FD63D51}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"TCP Query User{6BACD7D3-AE33-4756-964D-D81E66D81234}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{93144B61-CDDA-4F21-B439-F7094DDA3512}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E3A34522-9695-44FA-9D1B-8D40E601F976}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{17613781-05E4-4F16-8119-ED5E00B990F1}C:\users\zankit\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\zankit\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{1D992755-3F51-4650-89CF-F9EB3440DFBA}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"UDP Query User{4F119F6E-89E6-4F45-8947-139CBB28B404}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"UDP Query User{AE740EF3-F32B-4757-B6D7-6F9813D9C0E4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D2A06792-AE48-4814-8015-C526387D189D}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{FC4B4F59-E2BE-4276-B8DA-6B211F97832C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B6CA7A3C-35FD-401F-9335-FFFD2BCD5FF3}" = BitDefender Internet Security 2011
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{E23FFC9A-5388-45F1-8BFB-61DA9A94CDF7}" = Skat 7.5
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ahnenblatt_is1" = Ahnenblatt 2.71
"BitDefender" = BitDefender Internet Security 2011
"Blender" = Blender
"CCleaner" = CCleaner
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"facemoods" = Facemoods Toolbar
"FileZilla Client" = FileZilla Client 3.1.3.1
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.64.1403" = Opera 11.64
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Rapport_msi" = Rapport
"STANDARDR" = Microsoft Office Standard 2007
"TUGZip_is1" = TUGZip 3.5
"Wincore MediaBar" = Wincore MediaBar
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Game Organizer" = EasyBits GO
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.09.2012 12:34:41 | Computer Name = zankit-Server | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.09.2012 06:50:21 | Computer Name = zankit-Server | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.09.2012 06:51:42 | Computer Name = zankit-Server | Source = RasClient | ID = 20227
Description = 
 
Error - 19.09.2012 06:53:40 | Computer Name = zankit-Server | Source = RasClient | ID = 20227
Description = 
 
Error - 20.09.2012 03:44:55 | Computer Name = zankit-Server | Source = EventSystem | ID = 4609
Description = 
 
Error - 20.09.2012 03:45:23 | Computer Name = zankit-Server | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.09.2012 04:05:48 | Computer Name = zankit-Server | Source = EventSystem | ID = 4609
Description = 
 
Error - 20.09.2012 04:06:31 | Computer Name = zankit-Server | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.09.2012 06:58:50 | Computer Name = zankit-Server | Source = EventSystem | ID = 4609
Description = 
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 20.08.2009 11:33:53 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 257845
 seconds with 1320 seconds of active time.  This session ended with a crash.
 
Error - 27.12.2009 09:31:05 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 101
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 08.02.2011 04:27:54 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.02.2011 05:21:11 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.07.2011 06:30:42 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 10095
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 02.09.2011 10:55:51 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 28316
 seconds with 1560 seconds of active time.  This session ended with a crash.
 
Error - 27.09.2011 05:12:58 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7517
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 14.10.2011 04:52:56 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6046
 seconds with 1140 seconds of active time.  This session ended with a crash.
 
Error - 30.11.2011 05:26:28 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2240
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 18.01.2012 13:09:43 | Computer Name = zankit-Server | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 32167
 seconds with 2580 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.09.2012 06:59:10 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.09.2012 06:59:25 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.09.2012 06:59:26 | Computer Name = zankit-Server | Source = DCOM | ID = 10005
Description = 
 
Error - 20.09.2012 06:59:26 | Computer Name = zankit-Server | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
--- --- ---
[/code]

hab jetzt mal den pc im normalen modus gestartet und hab immernoch das schöne bildchen von der bundespolizei...
heul...

und jetzt?
__________________

Geändert von Iknazio (20.09.2012 um 12:24 Uhr)

Alt 24.09.2012, 11:38   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.09.2012, 13:12   #5
Iknazio
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



ja, das funktioniert.

hab jetzt auch gleich noch mal malware einen komplett-scan machen lassen, mit dem neuesten update und es wurde wieder was gefunden.
hier das log:

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.24.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
zankit :: ZANKIT-SERVER [Administrator]

24.09.2012 14:38:48
mbam-log-2012-09-24 (14-38-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 418699
Laufzeit: 51 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gjohsjyxjgqrkda (Trojan.Winlock) -> Daten: C:\ProgramData\gjohsjyx.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\gjohsjyx.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

nochmal OTL drüberjagen?


Alt 24.09.2012, 18:53   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
--> Computer gesperrt durch Bundespolizei

Alt 25.09.2012, 16:51   #7
Iknazio
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



ohmann bin ich verseucht...
hier das eset log:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a60d838779c03b4b93cbbd6a06f2827b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-25 03:48:37
# local_time=2012-09-25 05:48:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 45389610 186115369 0 0
# compatibility_mode=8192 67108863 100 0 119 119 0 0
# scanned=200453
# found=9
# cleaned=0
# scan_time=5476
C:\Program Files\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll	Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll	Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\iMesh Applications\MediaBar\Datamngr\DnsBHO.dll	Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll	Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\ProgramData\deahgmifjhzytbh\main.html	HTML/Ransom.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\deahgmifjhzytbh\main.html	HTML/Ransom.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\zankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NYV6M1Z\brand_files[1].7zip	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Users\zankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V14474CY\firstload_com[1].htm	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
         

Alt 25.09.2012, 19:28   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.09.2012, 08:30   #9
Iknazio
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



Code:
ATTFilter
 # AdwCleaner v2.003 - Datei am 09/26/2012 um 09:29:33 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : zankit - ZANKIT-SERVER
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\zankit\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\searchplugins\Conduit.xml
Datei Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files\facemoods.com
Ordner Gefunden : C:\ProgramData\~0
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Ordner Gefunden : C:\Users\zankit\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\zankit\AppData\LocalLow\facemoods.com
Ordner Gefunden : C:\Users\zankit\AppData\LocalLow\mediabarim
Ordner Gefunden : C:\Users\zankit\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\ConduitCommon
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\CT2849855
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\engine@conduit.com
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\ffxtlbr@Facemoods.com
Ordner Gefunden : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\mediabarim

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\facemoods.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wincore MediaBar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\facemoods.com
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Schlüssel Gefunden : HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4

-\\ Mozilla Firefox v6.0 (de)

Profilname : default 
Datei : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\prefs.js

Gefunden : user_pref("CT2849855..clientLogIsEnabled", false);
Gefunden : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Gefunden : user_pref("CT2849855.CT2849855", "CT2849855");
Gefunden : user_pref("CT2849855.CurrentServerDate", "25-9-2012");
Gefunden : user_pref("CT2849855.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2849855.DialogsGetterLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gefunden : user_pref("CT2849855.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2849855.EMailNotifierPollDate", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.FeedLastCount129349796701375473", 352);
Gefunden : user_pref("CT2849855.FeedPollDate129313974171006416", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313975698350231", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313976370850190", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313976648818968", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313977444757117", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313980389131455", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313980655381977", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313980886163259", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313981234756535", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313983226631720", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedPollDate129313983607725691", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Gefunden : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Gefunden : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Gefunden : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Gefunden : user_pref("CT2849855.FirstServerDate", "19-4-2012");
Gefunden : user_pref("CT2849855.FirstTime", true);
Gefunden : user_pref("CT2849855.FirstTimeFF3", true);
Gefunden : user_pref("CT2849855.FixPageNotFoundErrors", false);
Gefunden : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2849855.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2849855.HomePageProtectorEnabled", false);
Gefunden : user_pref("CT2849855.Initialize", true);
Gefunden : user_pref("CT2849855.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2849855.InstallationType", "Unknown");
Gefunden : user_pref("CT2849855.InstalledDate", "Thu Apr 19 2012 20:07:04 GMT+0200");
Gefunden : user_pref("CT2849855.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2849855.IsGrouping", false);
Gefunden : user_pref("CT2849855.IsInitSetupIni", true);
Gefunden : user_pref("CT2849855.IsMulticommunity", false);
Gefunden : user_pref("CT2849855.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2849855.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2849855.IsProtectorsInit", true);
Gefunden : user_pref("CT2849855.LanguagePackLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gefunden : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2849855.LastLogin_3.14.1.0", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gefunden : user_pref("CT2849855.LastLogin_3.6.0.10", "Mon Aug 20 2012 14:20:42 GMT+0200");
Gefunden : user_pref("CT2849855.LatestVersion", "3.14.1.0");
Gefunden : user_pref("CT2849855.Locale", "de");
Gefunden : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2849855.OriginalFirstVersion", "3.6.0.10");
Gefunden : user_pref("CT2849855.SearchEngineBeforeUnload", "Search Results");
Gefunden : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Gefunden : user_pref("CT2849855.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gefunden : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2849855.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gefunden : user_pref("CT2849855.SearchProtectorEnabled", false);
Gefunden : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
Gefunden : user_pref("CT2849855.ServiceMapLastCheckTime", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.SettingsLastCheckTime", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gefunden : user_pref("CT2849855.SettingsLastUpdate", "1348495115");
Gefunden : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Tue Sep 25 2012 16:05:03 GMT+0200");
Gefunden : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1331806000");
Gefunden : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Gefunden : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2849855.UserID", "UN03201696733962012");
Gefunden : user_pref("CT2849855.ValidationData_Toolbar", 1);
Gefunden : user_pref("CT2849855.WeatherNetwork", "");
Gefunden : user_pref("CT2849855.WeatherPollDate", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gefunden : user_pref("CT2849855.WeatherUnit", "C");
Gefunden : user_pref("CT2849855.alertChannelId", "1241896");
Gefunden : user_pref("CT2849855.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Gefunden : user_pref("CT2849855.backendstorage./9b+7e06cg5el8:", "6E6D6D6A6E6C746E7275");
Gefunden : user_pref("CT2849855.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473737074727A74787B242F4B4947[...]
Gefunden : user_pref("CT2849855.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gefunden : user_pref("CT2849855.backendstorage./9b-0?3g>d", "3E6840703F6E746F7A47797A7A20754C4E4D257E2021522A26[...]
Gefunden : user_pref("CT2849855.backendstorage./9b-0?3g@6:5;", "");
Gefunden : user_pref("CT2849855.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gefunden : user_pref("CT2849855.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gefunden : user_pref("CT2849855.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D464[...]
Gefunden : user_pref("CT2849855.backendstorage./9b5ba==9cjag", "3A3F6C3E6C6D6E6E7A774545487B79794B774C517B");
Gefunden : user_pref("CT2849855.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6A6E6C746D776F717172");
Gefunden : user_pref("CT2849855.backendstorage./9b9643g3/9e", "6A");
Gefunden : user_pref("CT2849855.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Gefunden : user_pref("CT2849855.backendstorage./9b<:222h64<", "393F352F3E");
Gefunden : user_pref("CT2849855.backendstorage./9b=+03eh8h8j?:", "4443");
Gefunden : user_pref("CT2849855.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gefunden : user_pref("CT2849855.backendstorage./9b?b0d:8aj62<h", "6D");
Gefunden : user_pref("CT2849855.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gefunden : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Tue Sep 25 2012 16:05:07 GMT+0200");
Gefunden : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2849855.initDone", true);
Gefunden : user_pref("CT2849855.isAppTrackingManagerOn", false);
Gefunden : user_pref("CT2849855.myStuffEnabled", true);
Gefunden : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2849855.revertSettingsEnabled", true);
Gefunden : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2849855.testingCtid", "");
Gefunden : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gefunden : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gefunden : user_pref("CT2849855.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ConduitSearchList", "BittorrentBar_DE Customized Web Search");
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241896/1237569/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"a57[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\zankit\\AppData\\Roaming\\Mozilla\\[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2849855");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855");
Gefunden : user_pref("CommunityToolbar.globalUserId", "f7112911-cc29-48d7-b4e7-04ed2a761d1f");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849855");
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Sep 25 2012 16:05:0[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Sep 25 2012 16:05:15 GMT+020[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Sep 25 2012 16:05:07 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "3ae3c37e-0168-4121-8bef-92a67dcee737");
Gefunden : user_pref("browser.search.defaultenginename", "Search Results");
Gefunden : user_pref("browser.search.defaultthis.engineName", "BittorrentBar_DE Customized Web Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&Sea[...]
Gefunden : user_pref("browser.search.order.1", "Search Results");
Gefunden : user_pref("browser.search.selectedEngine", "Search Results");
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&q=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v11.64.1403.0

Datei : C:\Users\zankit\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [24995 octets] - [26/09/2012 09:29:33]

########## EOF - C:\AdwCleaner[R1].txt - [25056 octets] ##########
         

Alt 26.09.2012, 15:27   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.09.2012, 15:40   #11
Iknazio
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



Code:
ATTFilter
 # AdwCleaner v2.003 - Datei am 09/26/2012 um 16:31:45 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : zankit - ZANKIT-SERVER
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\zankit\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files\facemoods.com
Ordner Gelöscht : C:\ProgramData\~0
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Ordner Gelöscht : C:\Users\zankit\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\zankit\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\zankit\AppData\LocalLow\mediabarim
Ordner Gelöscht : C:\Users\zankit\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\ConduitCommon
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\CT2849855
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\extensions\ffxtlbr@Facemoods.com
Ordner Gelöscht : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\mediabarim

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wincore MediaBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v6.0 (de)

Profilname : default 
Datei : C:\Users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\prefs.js

Gelöscht : user_pref("CT2849855..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Gelöscht : user_pref("CT2849855.CT2849855", "CT2849855");
Gelöscht : user_pref("CT2849855.CurrentServerDate", "25-9-2012");
Gelöscht : user_pref("CT2849855.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2849855.DialogsGetterLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gelöscht : user_pref("CT2849855.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2849855.EMailNotifierPollDate", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedLastCount129349796701375473", 352);
Gelöscht : user_pref("CT2849855.FeedPollDate129313974171006416", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313975698350231", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313976370850190", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313976648818968", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313977444757117", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313980389131455", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313980655381977", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313980886163259", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313981234756535", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313983226631720", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedPollDate129313983607725691", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Gelöscht : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Gelöscht : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Gelöscht : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Gelöscht : user_pref("CT2849855.FirstServerDate", "19-4-2012");
Gelöscht : user_pref("CT2849855.FirstTime", true);
Gelöscht : user_pref("CT2849855.FirstTimeFF3", true);
Gelöscht : user_pref("CT2849855.FixPageNotFoundErrors", false);
Gelöscht : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2849855.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2849855.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2849855.Initialize", true);
Gelöscht : user_pref("CT2849855.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2849855.InstallationType", "Unknown");
Gelöscht : user_pref("CT2849855.InstalledDate", "Thu Apr 19 2012 20:07:04 GMT+0200");
Gelöscht : user_pref("CT2849855.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2849855.IsGrouping", false);
Gelöscht : user_pref("CT2849855.IsInitSetupIni", true);
Gelöscht : user_pref("CT2849855.IsMulticommunity", false);
Gelöscht : user_pref("CT2849855.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2849855.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2849855.IsProtectorsInit", true);
Gelöscht : user_pref("CT2849855.LanguagePackLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gelöscht : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2849855.LastLogin_3.14.1.0", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gelöscht : user_pref("CT2849855.LastLogin_3.6.0.10", "Mon Aug 20 2012 14:20:42 GMT+0200");
Gelöscht : user_pref("CT2849855.LatestVersion", "3.14.1.0");
Gelöscht : user_pref("CT2849855.Locale", "de");
Gelöscht : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2849855.OriginalFirstVersion", "3.6.0.10");
Gelöscht : user_pref("CT2849855.SearchEngineBeforeUnload", "Search Results");
Gelöscht : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Gelöscht : user_pref("CT2849855.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gelöscht : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2849855.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2849855.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2849855.ServiceMapLastCheckTime", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.SettingsLastCheckTime", "Tue Sep 25 2012 16:05:04 GMT+0200");
Gelöscht : user_pref("CT2849855.SettingsLastUpdate", "1348495115");
Gelöscht : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Tue Sep 25 2012 16:05:03 GMT+0200");
Gelöscht : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1331806000");
Gelöscht : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Gelöscht : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2849855.UserID", "UN03201696733962012");
Gelöscht : user_pref("CT2849855.ValidationData_Toolbar", 1);
Gelöscht : user_pref("CT2849855.WeatherNetwork", "");
Gelöscht : user_pref("CT2849855.WeatherPollDate", "Tue Sep 25 2012 16:05:05 GMT+0200");
Gelöscht : user_pref("CT2849855.WeatherUnit", "C");
Gelöscht : user_pref("CT2849855.alertChannelId", "1241896");
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e06cg5el8:", "6E6D6D6A6E6C746E7275");
Gelöscht : user_pref("CT2849855.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473737074727A74787B242F4B4947[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b-0?3g>d", "3E6840703F6E746F7A47797A7A20754C4E4D257E2021522A26[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2849855.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gelöscht : user_pref("CT2849855.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b5ba==9cjag", "3A3F6C3E6C6D6E6E7A774545487B79794B774C517B");
Gelöscht : user_pref("CT2849855.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6A6E6C746D776F717172");
Gelöscht : user_pref("CT2849855.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2849855.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Gelöscht : user_pref("CT2849855.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2849855.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2849855.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2849855.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2849855.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gelöscht : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Tue Sep 25 2012 16:05:07 GMT+0200");
Gelöscht : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2849855.initDone", true);
Gelöscht : user_pref("CT2849855.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2849855.myStuffEnabled", true);
Gelöscht : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2849855.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2849855.testingCtid", "");
Gelöscht : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gelöscht : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Tue Sep 25 2012 16:05:06 GMT+0200");
Gelöscht : user_pref("CT2849855.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "BittorrentBar_DE Customized Web Search");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241896/1237569/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"a57[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\zankit\\AppData\\Roaming\\Mozilla\\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2849855");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "f7112911-cc29-48d7-b4e7-04ed2a761d1f");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849855");
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Sep 25 2012 16:05:0[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Sep 25 2012 16:05:15 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Sep 25 2012 16:05:07 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "3ae3c37e-0168-4121-8bef-92a67dcee737");
Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "BittorrentBar_DE Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("browser.search.selectedEngine", "Search Results");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&q=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v11.64.1403.0

Datei : C:\Users\zankit\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [25200 octets] - [26/09/2012 16:31:45]

########## EOF - C:\AdwCleaner[S1].txt - [25261 octets] ##########
         

Alt 26.09.2012, 16:34   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.09.2012, 17:04   #13
Iknazio
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



Dachte mir schon, dass wir noch nicht fertig sind

Trotzdem schonmal 1000Dank, weil:

der normale modus scheint wieder zu gehen, startet und lädt in normaler Geschwindigeit, Office Programme öffnen brav, Internet läuft.
Im Start-Menü fehlt nichts, in allen Ordnern ist was drin, ich vermisse auf den ersten Blick Nichts.

Und jetzt?

Alt 27.09.2012, 11:36   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.09.2012, 12:30   #15
Iknazio
 
Computer gesperrt durch Bundespolizei - Standard

Computer gesperrt durch Bundespolizei



mein verseuchter rechner wollte OTL nicht runterladen,.. musste vom laptop über usb-stick rüberziehen,..

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.09.2012 12:53:32 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\zankit\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,63% Memory free
6,20 Gb Paging File | 4,67 Gb Available in Paging File | 75,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 297,93 Gb Free Space | 66,84% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,92 Gb Free Space | 54,61% Space Free | Partition Type: FAT32
Drive I: | 0,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 125,93 Mb Total Space | 82,75 Mb Free Space | 65,71% Space Free | Partition Type: FAT
 
Computer Name: ZANKIT-SERVER | User Name: zankit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.27 12:42:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\zankit\Desktop\OTL.exe
PRC - [2012.09.07 11:07:12 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Programme\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012.09.07 11:07:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012.05.03 16:11:22 | 013,006,952 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2011.07.11 21:09:17 | 001,451,928 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011.07.11 21:09:16 | 002,090,016 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011.06.02 18:11:23 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2011.06.02 18:10:46 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.25 13:30:08 | 001,840,424 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2008.06.03 18:36:42 | 000,095,232 | ---- | M] (CyberLink) -- C:\Windows\System32\CLWatson.exe
PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.21 18:18:44 | 000,557,056 | ---- | M] () -- C:\Programme\Trusteer\Rapport\bin\js32.dll
MOD - [2012.08.01 10:51:35 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011.07.11 21:09:14 | 000,185,040 | ---- | M] () -- C:\Programme\BitDefender\BitDefender 2011\framework.dll
MOD - [2011.06.22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011.06.02 18:11:09 | 000,189,184 | ---- | M] () -- C:\Programme\BitDefender\BitDefender 2011\txmlutil.dll
MOD - [2011.06.02 18:11:09 | 000,109,344 | ---- | M] () -- C:\Programme\BitDefender\BitDefender 2011\connector.dll
MOD - [2011.05.26 20:18:44 | 000,136,536 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\OUTLCTL.DLL
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2009.02.26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008.09.29 15:48:42 | 000,094,720 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2008.02.02 23:08:12 | 001,722,368 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzArchive10.tgp
MOD - [2007.03.12 23:34:20 | 000,162,304 | ---- | M] () -- C:\Windows\System32\ztvunrar36.dll
MOD - [2006.05.14 13:03:54 | 000,655,360 | ---- | M] () -- C:\Programme\TUGZip\TzShell.dll
MOD - [2005.02.17 23:15:22 | 000,077,824 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzImage10.tgp
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.26 18:20:52 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 11:07:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.11 21:09:16 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011.06.02 18:10:46 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2010.11.30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010.10.20 11:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.09.23 16:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Hofer Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012.09.07 11:07:30 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Programme\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012.09.07 11:07:30 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012.09.07 11:07:28 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Programme\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012.08.01 10:51:35 | 000,228,376 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020)
DRV - [2012.08.01 10:51:35 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2011.07.01 09:35:47 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Programme\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011.06.02 18:10:47 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011.03.24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010.11.29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010.11.29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010.08.20 18:41:52 | 000,126,800 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV - [2010.08.20 15:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Programme\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010.05.13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.13 17:57:04 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2009.05.01 01:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.05.01 00:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009.05.01 00:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.01.08 08:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.11.21 11:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.10.12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A812E1BB-14C4-405E-B824-F4E508228D59}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-at&FORM=IEFM&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://search.myheritage.com/"
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.6.1.01
FF - prefs.js..extensions.enabledAddons: FFToolbar@bitdefender.com:8.0
FF - prefs.js..extensions.enabledAddons: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}:3.14.1.0
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\zankit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.06.05 13:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012.06.11 11:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 13:14:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 16:27:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012.06.11 11:09:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
 
[2012.05.10 12:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zankit\AppData\Roaming\mozilla\Extensions
[2012.09.26 16:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions
[2009.10.01 12:35:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.09.13 16:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.19 14:23:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.08.29 09:11:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.13 16:27:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.06.11 11:09:23 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2012.05.10 12:58:19 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2012.03.19 14:23:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\ZANKIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M914852J.DEFAULT\EXTENSIONS\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
File not found (No name found) -- C:\USERS\ZANKIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M914852J.DEFAULT\EXTENSIONS\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
[2011.08.12 08:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.06 11:26:55 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Google Mail = C:\Users\zankit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\zankit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3B7C135-B02D-4EA3-A6BB-EAB071E7C218}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA4F6B54-CC46-486E-83FC-323E81F62EA8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\zankit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\zankit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.12.07 12:08:34 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2007.02.08 05:09:56 | 000,000,235 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\Shell\AutoRun\command - "" = I:\DVD-WRITER.exe
O33 - MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.27 12:52:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\zankit\Desktop\OTL.exe
[2012.09.26 18:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2012.09.24 11:01:31 | 007,493,256 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\zankit\Desktop\mbam-rules.exe
[2012.09.20 10:13:11 | 000,000,000 | ---D | C] -- C:\Users\zankit\AppData\Roaming\Malwarebytes
[2012.09.20 10:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.20 10:13:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.20 10:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.20 10:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.20 10:10:57 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\zankit\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.18 18:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\deahgmifjhzytbh
[2012.09.07 11:07:30 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012.09.03 19:32:37 | 000,000,000 | ---D | C] -- C:\Users\zankit\Documents\Ahnenblatt
[2012.09.03 19:32:37 | 000,000,000 | ---D | C] -- C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
[2012.09.03 19:32:36 | 000,000,000 | ---D | C] -- C:\Users\zankit\AppData\Roaming\Ahnenblatt
[2012.09.03 19:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\Ahnenblatt
[2012.09.03 19:32:13 | 004,697,808 | ---- | C] (Dirk Boettcher                                              ) -- C:\Users\zankit\Desktop\absetup.exe
[2012.09.03 19:29:48 | 000,000,000 | ---D | C] -- C:\Users\zankit\Documents\MyHeritage
[2012.09.03 19:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\MyHeritage
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\zankit\Desktop\*.tmp files -> C:\Users\zankit\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.27 12:54:25 | 000,628,508 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.27 12:54:25 | 000,595,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.27 12:54:25 | 000,126,252 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.27 12:54:25 | 000,103,876 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.27 12:51:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 12:51:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 12:42:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\zankit\Desktop\OTL.exe
[2012.09.27 12:42:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.27 12:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.27 09:42:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.27 09:24:50 | 000,110,669 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.09.27 09:24:50 | 000,110,669 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.27 09:24:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.26 18:11:08 | 000,001,024 | ---- | M] () -- C:\Users\zankit\.rnd
[2012.09.26 16:30:39 | 000,513,501 | ---- | M] () -- C:\Users\zankit\Desktop\adwcleaner.exe
[2012.09.20 13:00:54 | 000,000,000 | ---- | M] () -- C:\Users\zankit\defogger_reenable
[2012.09.20 11:08:44 | 007,493,256 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\zankit\Desktop\mbam-rules.exe
[2012.09.20 10:49:12 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.19 11:44:10 | 000,302,592 | ---- | M] () -- C:\Users\zankit\Desktop\0u8mvzqu.exe
[2012.09.19 11:20:12 | 000,050,477 | ---- | M] () -- C:\Users\zankit\Desktop\Defogger.exe
[2012.09.19 10:39:12 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\zankit\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.18 18:22:08 | 000,076,348 | ---- | M] () -- C:\ProgramData\eqqivvaivoarqqp
[2012.09.17 17:23:08 | 000,005,603 | ---- | M] () -- C:\Users\zankit\Desktop\Rückmeldung Grillfest 2012.pdf
[2012.09.12 18:34:53 | 000,009,322 | ---- | M] () -- C:\Users\zankit\Desktop\cooltext762715016.jpg
[2012.09.12 18:16:05 | 000,029,160 | ---- | M] () -- C:\Users\zankit\Desktop\gregsotherhand.zip
[2012.09.12 11:10:04 | 000,180,783 | ---- | M] () -- C:\Users\zankit\Desktop\001.jpg
[2012.09.12 10:45:26 | 000,039,565 | ---- | M] () -- C:\Users\zankit\Desktop\id-156493_f2ea3e8260baf1f427afc46534301b4c.jpg
[2012.09.12 10:24:02 | 001,561,037 | ---- | M] () -- C:\Users\zankit\Desktop\Mainz_Museumsnacht_Plakat_abgerissen_rot.jpg
[2012.09.12 10:23:40 | 000,307,214 | ---- | M] () -- C:\Users\zankit\Desktop\abgerissene-plakate.jpg
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.07 11:07:30 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012.09.06 09:45:00 | 000,220,711 | ---- | M] () -- C:\Users\zankit\Desktop\gretschhouse5.jpg
[2012.09.04 11:57:51 | 000,002,509 | ---- | M] () -- C:\Users\zankit\Desktop\se femilie.csv
[2012.09.03 19:32:38 | 000,001,714 | ---- | M] () -- C:\Users\zankit\Desktop\Ahnenblatt.lnk
[2012.09.03 19:32:16 | 004,697,808 | ---- | M] (Dirk Boettcher                                              ) -- C:\Users\zankit\Desktop\absetup.exe
[2012.09.03 19:27:07 | 029,083,344 | ---- | M] () -- C:\Users\zankit\Desktop\family_tree_builder_5634i.exe
[2012.08.28 15:50:54 | 000,048,508 | ---- | M] () -- C:\Users\zankit\Desktop\akustische-gitarre-t10447.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\zankit\Desktop\*.tmp files -> C:\Users\zankit\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.26 18:11:31 | 000,774,144 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB
[2012.09.26 18:11:07 | 000,001,024 | ---- | C] () -- C:\Users\zankit\.rnd
[2012.09.26 16:30:39 | 000,513,501 | ---- | C] () -- C:\Users\zankit\Desktop\adwcleaner.exe
[2012.09.20 13:00:54 | 000,000,000 | ---- | C] () -- C:\Users\zankit\defogger_reenable
[2012.09.20 10:13:03 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.20 10:12:29 | 000,050,477 | ---- | C] () -- C:\Users\zankit\Desktop\Defogger.exe
[2012.09.20 10:11:24 | 000,302,592 | ---- | C] () -- C:\Users\zankit\Desktop\0u8mvzqu.exe
[2012.09.18 18:19:58 | 000,076,348 | ---- | C] () -- C:\ProgramData\eqqivvaivoarqqp
[2012.09.17 17:23:06 | 000,005,603 | ---- | C] () -- C:\Users\zankit\Desktop\Rückmeldung Grillfest 2012.pdf
[2012.09.12 18:34:53 | 000,009,322 | ---- | C] () -- C:\Users\zankit\Desktop\cooltext762715016.jpg
[2012.09.12 18:16:05 | 000,029,160 | ---- | C] () -- C:\Users\zankit\Desktop\gregsotherhand.zip
[2012.09.12 11:10:04 | 000,180,783 | ---- | C] () -- C:\Users\zankit\Desktop\001.jpg
[2012.09.12 10:45:26 | 000,039,565 | ---- | C] () -- C:\Users\zankit\Desktop\id-156493_f2ea3e8260baf1f427afc46534301b4c.jpg
[2012.09.12 10:24:02 | 001,561,037 | ---- | C] () -- C:\Users\zankit\Desktop\Mainz_Museumsnacht_Plakat_abgerissen_rot.jpg
[2012.09.12 10:23:40 | 000,307,214 | ---- | C] () -- C:\Users\zankit\Desktop\abgerissene-plakate.jpg
[2012.09.06 09:45:00 | 000,220,711 | ---- | C] () -- C:\Users\zankit\Desktop\gretschhouse5.jpg
[2012.09.04 11:57:51 | 000,002,509 | ---- | C] () -- C:\Users\zankit\Desktop\se femilie.csv
[2012.09.03 19:32:38 | 000,001,714 | ---- | C] () -- C:\Users\zankit\Desktop\Ahnenblatt.lnk
[2012.09.03 19:26:32 | 029,083,344 | ---- | C] () -- C:\Users\zankit\Desktop\family_tree_builder_5634i.exe
[2012.08.28 15:50:54 | 000,048,508 | ---- | C] () -- C:\Users\zankit\Desktop\akustische-gitarre-t10447.jpg
[2012.01.27 14:24:41 | 003,445,337 | ---- | C] () -- C:\Users\zankit\ROUGH_Shake_01.mp3
[2012.01.27 14:24:41 | 002,811,497 | ---- | C] () -- C:\Users\zankit\roughmix fight_01.mp3
[2011.06.25 08:42:02 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.06.25 08:42:02 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.04.19 08:43:00 | 000,998,677 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.04.05 14:17:18 | 000,120,075 | ---- | C] () -- C:\Users\zankit\Interessenbogen_WJ.pdf
[2010.11.11 16:09:50 | 000,389,302 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - Lebenslauf +.pdf
[2010.10.25 13:14:44 | 000,000,076 | ---- | C] () -- C:\Users\zankit\AppData\Roaming\Default.PLS
[2010.10.07 09:48:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Space Choir
[2010.10.07 09:48:02 | 000,000,268 | RH-- | C] () -- C:\Users\zankit\AppData\Roaming\Solid Colors
[2010.10.07 09:48:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.10.07 09:48:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Automatic Filter
[2010.10.07 09:46:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\Jazz
[2010.10.07 09:46:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Spacious
[2010.10.07 09:46:06 | 000,000,012 | RH-- | C] () -- C:\ProgramData\BSD
[2010.10.07 09:33:45 | 000,000,268 | RH-- | C] () -- C:\Users\zankit\AppData\Roaming\Sound Effects
[2010.10.07 09:29:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.07.08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010.06.20 11:42:42 | 000,110,669 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.06.20 11:36:10 | 000,110,669 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.04.28 08:54:57 | 000,000,760 | ---- | C] () -- C:\Users\zankit\AppData\Roaming\setup_ldm.iss
[2010.03.10 16:30:22 | 000,389,715 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - CV+.pdf
[2010.03.08 19:42:41 | 000,384,593 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - Lebenslauf.pdf
[2010.02.23 10:17:38 | 000,000,025 | ---- | C] () -- C:\Users\zankit\AppData\Roaming\bdfvconp.ini
[2009.09.09 11:27:39 | 000,326,518 | ---- | C] () -- C:\Users\zankit\Thomas Eduard Zanki - CV.pdf
[2009.05.05 20:26:04 | 000,008,879 | ---- | C] () -- C:\Users\zankit\ztet_03.jpg
[2009.05.05 20:25:58 | 000,006,362 | ---- | C] () -- C:\Users\zankit\ztet_02.jpg
[2009.05.05 20:25:53 | 000,011,644 | ---- | C] () -- C:\Users\zankit\ztet_08.jpg
[2009.05.05 20:25:37 | 000,048,612 | ---- | C] () -- C:\Users\zankit\ztet_01.jpg
[2009.05.05 20:25:32 | 000,005,686 | ---- | C] () -- C:\Users\zankit\ztet_07.jpg
[2009.05.05 20:23:11 | 000,005,500 | ---- | C] () -- C:\Users\zankit\ztet_04.gif
[2009.04.04 12:31:19 | 000,047,994 | ---- | C] () -- C:\Users\zankit\sylvia logo.pdf
[2008.08.17 13:16:05 | 290,538,496 | ---- | C] () -- C:\Users\zankit\postein17808.pst
[2008.08.17 13:11:31 | 001,033,216 | ---- | C] () -- C:\Users\zankit\kal17808.pst
[2008.08.17 13:02:57 | 542,458,880 | ---- | C] () -- C:\Users\zankit\backup.pst
[2008.07.18 09:59:29 | 000,007,916 | ---- | C] () -- C:\Users\zankit\AppData\Local\d3d9caps.dat
[2008.07.17 22:49:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.07.17 14:41:28 | 000,060,928 | ---- | C] () -- C:\Users\zankit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.03.26 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\kaba\AppData\Roaming\BullGuard
[2011.02.27 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\4Media
[2012.09.04 14:50:59 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Ahnenblatt
[2011.11.15 10:52:25 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Bitcoin
[2011.04.19 09:20:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\BitDefender
[2012.07.18 17:09:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Blender Foundation
[2012.09.27 08:53:21 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Dropbox
[2012.04.25 13:11:58 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FileZilla
[2011.04.11 10:03:59 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FreeAudioPack
[2011.04.11 10:05:21 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FreeCDRipper
[2011.08.12 10:49:39 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\go
[2010.05.29 09:48:54 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Leadertech
[2012.05.10 12:57:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\MusicNet
[2012.07.27 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Need for Speed World
[2010.10.07 09:48:06 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nikon
[2010.06.23 13:55:22 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nokia
[2011.04.19 08:01:08 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Opera
[2010.06.22 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\PC Suite
[2009.10.22 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Peace Craft
[2011.04.19 09:14:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\QuickScan
[2008.12.05 17:45:57 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Spellborn Downloader
[2008.07.20 17:15:50 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Ulead Systems
[2011.11.14 12:19:01 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.27 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\4Media
[2008.07.18 10:24:55 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Adobe
[2012.09.04 14:50:59 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Ahnenblatt
[2012.05.22 11:00:09 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Apple Computer
[2011.11.15 10:52:25 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Bitcoin
[2011.04.19 09:20:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\BitDefender
[2012.07.18 17:09:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Blender Foundation
[2008.10.01 12:32:47 | 000,000,000 | R--D | M] -- C:\Users\zankit\AppData\Roaming\Brother
[2010.10.25 13:14:46 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\CyberLink
[2012.09.27 08:53:21 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Dropbox
[2012.04.25 13:11:58 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FileZilla
[2011.04.11 10:03:59 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FreeAudioPack
[2011.04.11 10:05:21 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\FreeCDRipper
[2011.08.12 10:49:39 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\go
[2010.12.18 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Google
[2008.07.17 14:09:29 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Identities
[2010.05.29 09:48:54 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Leadertech
[2008.07.17 15:07:29 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Macromedia
[2012.09.20 10:13:11 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Media Center Programs
[2012.04.27 13:16:50 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Media Player Classic
[2012.08.07 15:00:51 | 000,000,000 | --SD | M] -- C:\Users\zankit\AppData\Roaming\Microsoft
[2009.10.01 08:59:42 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Mozilla
[2012.05.10 12:57:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\MusicNet
[2012.07.27 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Need for Speed World
[2009.04.11 20:33:04 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nero
[2010.10.07 09:48:06 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nikon
[2010.06.23 13:55:22 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Nokia
[2011.04.19 08:01:08 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Opera
[2010.06.22 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\PC Suite
[2009.10.22 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Peace Craft
[2011.04.19 09:14:52 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\QuickScan
[2012.09.04 18:47:27 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Skype
[2011.05.29 16:36:44 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\skypePM
[2008.12.05 17:45:57 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Spellborn Downloader
[2008.08.02 20:48:18 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\teamspeak2
[2008.07.20 17:15:50 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Ulead Systems
[2011.11.14 12:19:01 | 000,000,000 | ---D | M] -- C:\Users\zankit\AppData\Roaming\Unity
 
< %APPDATA%\*.exe /s >
[2012.09.03 19:32:29 | 000,717,665 | ---- | M] () -- C:\Users\zankit\AppData\Roaming\Ahnenblatt\unins000.exe
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\zankit\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\zankit\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\zankit\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2009.12.02 11:23:42 | 001,924,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\zankit\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.10.07 09:31:39 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\zankit\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2010.10.07 09:32:23 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\zankit\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.11.30 07:19:06 | 000,008,376 | ---- | M] () MD5=68F9AD291B0C16F6B4AAEBFC26960EFA -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.11.29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\system32\drivers\avc3.sys
[2010.11.29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\system32\drivers\avckf.sys
[2010.05.13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\Windows\system32\drivers\bdfm.sys
[2011.03.24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\system32\drivers\bdfsfltr.sys
[2010.05.13 16:52:30 | 000,105,808 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\Windows\system32\drivers\bdhv.sys
[2011.06.02 18:10:47 | 000,306,320 | ---- | M] (BitDefender S.R.L.) Unable to obtain MD5 -- C:\Windows\system32\drivers\trufos.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---

Antwort

Themen zu Computer gesperrt durch Bundespolizei
abgesicherten, ahnung, bereit, bundestrojaner, computer, datei, eingefangen, freunde, gefangen, gen, gesperrt, gmer, hoffe, interne, kein update, kopieren, laptop, malware update, modus, rechner, rules.ref, schlecht, schonmal, stick, trojaner, update, vista, wirklich, zwecks



Ähnliche Themen: Computer gesperrt durch Bundespolizei


  1. PC durch Bundespolizei gesperrt
    Log-Analyse und Auswertung - 20.11.2013 (1)
  2. Computer gesperrt, Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (9)
  3. Bundespolizei Computer gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (12)
  4. computer gesperrt durch bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (2)
  5. Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld
    Log-Analyse und Auswertung - 25.01.2013 (34)
  6. computer gesperrt bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (21)
  7. Computer gesperrt durch Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (19)
  8. Computer gesperrt, Bundespolizei
    Log-Analyse und Auswertung - 01.10.2012 (36)
  9. Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (22)
  10. Computer gesperrt durch Bundespolizei
    Log-Analyse und Auswertung - 06.09.2012 (8)
  11. Computer gesperrt - Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (6)
  12. Ihr Computer ist gesperrt - Bundespolizei
    Log-Analyse und Auswertung - 14.08.2012 (4)
  13. Bundespolizei-Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (40)
  14. Ihr Computer ist gesperrt- Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (2)
  15. Computer gesperrt / Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (8)
  16. Bundespolizei- Ihr Computer ist gesperrt
    Log-Analyse und Auswertung - 25.07.2012 (2)
  17. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt - Bundespolizei
    Log-Analyse und Auswertung - 15.06.2012 (1)

Zum Thema Computer gesperrt durch Bundespolizei - Hallo Freunde, ich habe mir den Trojaner eingefangen der mir mit dem formschönen aber ärgerlichen "Die Bundespolizei hat Ihren Rechner gesperrt" Bildchen den ganzen Rechner blockiert. Rechner: Desktop-Rechner IntelCore2 Quad - Computer gesperrt durch Bundespolizei...
Archiv
Du betrachtest: Computer gesperrt durch Bundespolizei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.