Ukash Bundepolize Trojaner

ichmagkekse · 28.10.2012, 18:27

Hallo,
ich habe von einer Freundin den Laptop bekommen, weil diese sich den hier als Ukash Bundespolizei Trojaner bezeichneten Trojaner eingefangen hat.

Wie in einem anderen Post schon beschrieben habe ich die OTLPENet CD erstellt und auch schon den Scann durchgeführt.

Die Logfiles hänge ich mit an.

Wenn weitere Informationen benötigt werden liefere ich diese gerne nach, ansonsten hoffe ich das ihr mir vlt. schon helfen könnt.

Vielen Dank im Vorraus

ryder · 28.10.2012, 22:34

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld

ryder · 29.10.2012, 10:30

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Zitat:

Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort).

Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.

Bitte kein Crossposting (posten in mehreren Foren).

Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.

Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.

Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.

Wenn du das alles gelesen und verstanden hast, kannst du loslegen!

Schritt 1:
Fix mit OTLpe

Zitat:

Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.

Starte den infizierten Rechner mit der OTLpe-CD und starte OTLpe.

Falls du keine Internetverbindung hast:
Drücke Windows-Taste + R > notepad (reinschreiben) > OK

Kopiere das Fixskript in den Editor und speichere die Datei als Fix.txt

Kopiere dir die Fix.txt auf einen USB-Stick.

Schliesse den Stick an den infizierten Rechner an und kopiere dir die Datei auf den Desktop.

Füge das Skript in das Feld Custom Scans / Fixes ein:
Code:
ATTFilter
:OTL
O4 - HKU\Isy_ON_C..\Run: [qdkettigxsoewvq] C:\ProgramData\qdkettig.exe ()
[2012/10/06 08:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\tgwcfcouxpvxprt
[2012/10/06 08:04:56 | 000,076,348 | ---- | M] () -- C:\ProgramData\uuubwhqzrcceqel
         
Schliesse bitte nun alle anderen Programme.

Klicke nun bitte auf den Fix Button.

Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. (Auch zu finden unter C:\OTLpe\MovedFiles\<datum_nummer.log>)

Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTLpe scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein!

Fragen:

Kannst du jetzt wieder in den normalen Modus booten? (Wir sind dann aber noch nicht fertig.)

ichmagkekse · 29.10.2012, 21:18

Hallo und vielen dank schon einmal für die schnelle und super hilfe,

habe den fix code eingegeben und hier der Logfile:

Code:

ATTFilter

========== OTL ==========
Registry value HKEY_USERS\Isy_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\qdkettigxsoewvq deleted successfully.
C:\ProgramData\qdkettig.exe moved successfully.
C:\ProgramData\tgwcfcouxpvxprt folder moved successfully.
C:\ProgramData\uuubwhqzrcceqel moved successfully.
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 10292012_221128

habe auch den rechner neu gestartet, das ist also auch soweit machbar.

ryder · 29.10.2012, 21:56

Gut!

Wir müssen jetzt noch ein wenig weiter machen und schauen ob da noch was anderes ist.

Schritt 1:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
Starte die adwcleaner.exe mit einem Doppelklick.

Klicke auf Löschen.

Bestätige jeweils mit Ok.

Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.

Poste mir den Inhalt mit deiner nächsten Antwort.

Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2:
Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Starte bitte die OTL.exe.

Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!

Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%PROGRAMFILES(X86)%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /10
%appdata%\*. 
%appdata%\*.* 
%appdata%\*.exe /s
%localappdata%\*. 
%localappdata%\*.*
%localappdata%\*.exe /s
%allusersprofile%\*. 
%allusersprofile%\*.*
%allusersprofile%\*.exe /s
CREATERESTOREPOINT
         
Schliesse bitte nun alle Programme. (Wichtig)

Klicke nun bitte auf den Quick Scan Button.

Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)

ichmagkekse · 29.10.2012, 22:40

So, leider ist das Feld zu kurz für beide logs deswegen hier erstmal das adw Logfile

Code:

ATTFilter

# AdwCleaner v2.005 - Datei am 29/10/2012 um 23:05:37 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : Isy - ISY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Isy\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Application Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Datei Gelöscht : C:\Users\Isy\AppData\Roaming\Mozilla\Firefox\Profiles\xdbnt2my.default\searchplugins\Ask.xml
Datei Gelöscht : C:\Users\Isy\AppData\Roaming\Mozilla\Firefox\Profiles\xdbnt2my.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Isy\AppData\Roaming\Mozilla\Firefox\Profiles\xdbnt2my.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Isy\AppData\Roaming\Mozilla\Firefox\Profiles\xdbnt2my.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Isy\AppData\Roaming\Mozilla\Firefox\Profiles\xdbnt2my.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Isy\AppData\Roaming\Mozilla\Firefox\Profiles\xdbnt2my.default\searchplugins\icqplugin-3.xml
Ordner Gelöscht : C:\Program Files\Application Updater
Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Isy\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Isy\AppData\Roaming\Mozilla\Firefox\Profiles\xdbnt2my.default\Conduit
Ordner Gelöscht : C:\Users\Isy\AppData\Roaming\Mozilla\Firefox\Profiles\xdbnt2my.default\ConduitCommon
Ordner Gelöscht : C:\Users\Isy\AppData\Roaming\Mozilla\Firefox\Profiles\xdbnt2my.default\CT2269050
Ordner Gelöscht : C:\Users\Isy\AppData\Roaming\Mozilla\Firefox\Profiles\xdbnt2my.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\Isy\AppData\Roaming\Mozilla\Firefox\Profiles\xdbnt2my.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Isy\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKCU\Software\pdfforge.org
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKLM\Software\pdfforge.org
Schlüssel Gelöscht : HKLM\Software\Search Settings
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6001.18000

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v12.0 (de)

Profilname : default 
Datei : C:\Users\Isy\AppData\Roaming\Mozilla\Firefox\Profiles\xdbnt2my.default\prefs.js

C:\Users\Isy\AppData\Roaming\Mozilla\Firefox\Profiles\xdbnt2my.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2269050..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.AppTrackingLastCheckTime", "Sun Sep 02 2012 13:20:51 GMT+0200");
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129705015340022508", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "14-10-2012");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sun Oct 14 2012 14:05:29 GMT+0200");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Sun Oct 14 2012 17:17:35 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "21-8-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2269050.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Sat Aug 21 2010 14:06:49 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Sun Oct 14 2012 14:05:29 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Mon Mar 14 2011 17:32:07 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.10.0.1", "Tue Apr 24 2012 16:56:58 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Wed Apr 25 2012 21:05:08 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Sun Oct 14 2012 14:05:27 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.3.2.1", "Tue May 24 2011 19:19:16 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.3.3.2", "Mon Jun 27 2011 15:52:08 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.5.0.12", "Thu Aug 18 2011 17:46:42 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.6.0.10", "Tue Sep 27 2011 17:50:39 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.7.0.6", "Tue Nov 08 2011 17:17:21 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.8.0.8", "Tue Dec 06 2011 18:47:56 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.8.1.0", "Tue Jan 10 2012 18:56:03 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.9.0.3", "Sun Feb 12 2012 10:54:08 GMT+0100");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.12.2.3");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Sun Oct 14 2012 14:05:29 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://start.icq.com/");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchEngineBeforeUnload", "ICQ Search");
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Oct 14 2012 14:05:27 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2269050.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Sun Oct 14 2012 14:05:27 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Sun Oct 14 2012 17:02:33 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1350222207");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Oct 14 2012 14:05:21 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
Gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2269050.UserID", "UN59222072498442781");
Gelöscht : user_pref("CT2269050.ValidationData_Search", 0);
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Sun Oct 14 2012 17:13:36 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6C7271736F737373");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737278777975797979242F4B4947[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj6hddl@#mm", "247E61393F236B25736F75792A212C6E414F444D[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj6~?>lfdl%oo", "247E61393F236B256F7872772A212C6E414F44[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7;k;fnbm9&pp", "247E61393F236B256F7778712A212C6E414F4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#8qkef)til", "247E61393F236B25737476742A212C6E4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#hob'rgj", "247E61393F236B25737471732A212C6E414[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj8bi>f\"ll", "247E61393F236B2576757173792B222D6F425045[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj>6f9fnb>q&qfi", "247E61393F236B256F7371782A212C6E414F[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjb<8hb<#ncf", "247E61393F236B25717171742A212C6E414F444[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjb<@djn7njnqj)ss", "247E61393F236B25717179762A212C6E41[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjdhz k@c", "247E61393F236B25716F72792A212C6E414F444D32[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cje6:>g=ocn&qfi", "247E61393F236B256F7371762A212C6E414F[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjeik4!kk", "247E61393F236B25767177722A212C6E414F444D32[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjeik4!lad", "247E61393F236B25767179732A212C6E414F444D3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjff~im8ocnr'rgj", "247E61393F236B257172777A2A212C6E414[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjgbk>!kk", "247E61393F236B25726F74782A212C6E414F444D32[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjhj9h!kk", "247E61393F236B25717375772A212C6E414F444D32[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cji5c;m\"mbe", "247E61393F236B256F77767A2A212C6E414F444[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cji8a k@c", "247E61393F236B256F75287E2A6C3F4D424B307832[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cji;<ai\"mbe", "247E61393F236B256E7378762A212C6E414F444[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjib:ki=dhd&qfi", "247E61393F236B25717379762A212C6E414F[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjig=ki\"mbe", "247E61393F236B2574717829202B6D404E434C3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cjihi><ga=mga(shk", "247E61393F236B2574717929202B6D404E[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3D6E3E3E3F7043457A75754648207B7B7B7C257A7B7C212A52[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484778213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "683F3F3C3D4073427A70744648467B494A4B212020");
Gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C7271736F737470737978");
Gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gelöscht : user_pref("CT2269050.backendstorage.autocompletepro_enable", "31");
Gelöscht : user_pref("CT2269050.backendstorage.autocompletepro_enable_auto", "31");
Gelöscht : user_pref("CT2269050.backendstorage.cbcountry_000", "4445");
Gelöscht : user_pref("CT2269050.backendstorage.cbfirsttime", "4D6F6E2041707220313620323031322031363A35323A30332[...]
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050ads1", "25374225323261647325323225334125354225374225323[...]
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050current_term", "676D78");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050isadsdisabled", "66616C7365");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050sdate", "3231");
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "467269204F637420313920323031322031343A[...]
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Gelöscht : user_pref("CT2269050.backendstorage.url_history0001", "687474703A2F2F7777772E66616365626F6F6B2E636F6[...]
Gelöscht : user_pref("CT2269050.backendstorage.youtube_user_first_login_date", "30322F30352F32303131");
Gelöscht : user_pref("CT2269050.backendstorage.youtube_user_survey_visit", "4E4F545F56495349544544");
Gelöscht : user_pref("CT2269050.backendstorage.youtubelang", "4445");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Sun Oct 14 2012 14:05:29 GMT+0200");
Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.initDone", true);
Gelöscht : user_pref("CT2269050.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2269050.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129466585399606892,129[...]
Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.testingCtid", "");
Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Oct 14 2012 14:05:29 GMT+0200");
Gelöscht : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Thu Oct 04 2012 12:26:00 GMT+0200");
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2269050.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"0ab[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "dvdvideosofttb");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Isy\\AppData\\Roaming\\Mozilla\\Fir[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/07/dd/07caac7[...]
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "dvdvideosofttb");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Mar 16 2011 14:58:55 GMT+01[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jun 26 2011 12:25:27 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 27 2011 15:52:06 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{f03eca60-a993-4994-98d7-8858470f643d}");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Dec 29 2010 17:34:15 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "e7c1768d-8774-4360-8ebb-52c788b4f5e8");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.killedEngine", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Oct 14 2012 14:05:2[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Oct 14 2012 14:05:36 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Oct 14 2012 14:05:27 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "7f26457e-155a-41d5-883a-401c0c89ad63");
Gelöscht : user_pref("CommunityToolbar.undefined", "");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Gelöscht : user_pref("browser.startup.homepage", "hxxp://start.icq.com/");
Gelöscht : user_pref("extensions.snipit.askTbInstalled", true);
Gelöscht : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&g[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Gelöscht : user_pref("startup.homepage_override_url", "hxxp://www.ask.com/?o=13166&l=dis");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Isy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [33820 octets] - [29/10/2012 23:05:37]

########## EOF - C:\AdwCleaner[S1].txt - [33881 octets] ##########

ichmagkekse · 29.10.2012, 22:44

Und hier noch das OTL Logfile

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.10.2012 23:13:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Isy\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 43,02% Memory free
4,21 Gb Paging File | 2,98 Gb Available in Paging File | 70,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 16,17 Gb Free Space | 13,89% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 106,58 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
 
Computer Name: ISY-PC | User Name: Isy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.24 10:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Isy\Desktop\OTL.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.03.07 12:21:23 | 000,261,632 | ---- | M] () -- C:\Users\Isy\Adobe Media Player\Adobe Media Player.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.23 12:39:23 | 002,641,920 | ---- | M] (pdfforge  hxxp://www.pdfforge.org/) -- C:\Program Files\PDFCreator\PDFCreator.exe
PRC - [2008.06.26 21:50:27 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2008.01.31 13:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008.01.21 03:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.09.29 03:59:08 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2007.09.01 01:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.08.19 06:26:59 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.08.03 04:52:40 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exe
PRC - [2007.08.02 03:27:50 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.07.12 18:25:28 | 000,225,280 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007.07.11 01:33:58 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007.07.10 18:59:56 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.05.24 00:56:14 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.04.17 21:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.02.06 02:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 03:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.21 07:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.03.07 12:21:23 | 000,261,632 | ---- | M] () -- C:\Users\Isy\Adobe Media Player\Adobe Media Player.exe
MOD - [2008.06.26 21:50:27 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
MOD - [2007.11.28 17:59:42 | 003,702,784 | ---- | M] () -- C:\Program Files\PDFCreator\GS8.61\gs8.61\Bin\gsdll32.dll
MOD - [2007.08.14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.08.08 10:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
MOD - [2007.08.03 04:52:40 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exe
MOD - [2007.08.02 03:27:50 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.07.12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007.06.15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 03:01:21 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.06.02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.14 16:32:00 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.29 15:24:41 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.02.06 02:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.10.02 09:59:16 | 000,489,952 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2007.10.02 15:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.08.11 04:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.08.05 05:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.31 06:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.06.19 08:51:20 | 000,107,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007.06.19 08:51:18 | 000,099,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mgmt.sys -- (s816mgmt)
DRV - [2007.06.19 08:51:18 | 000,097,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816unic.sys -- (s816unic)
DRV - [2007.06.19 08:51:18 | 000,097,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816obex.sys -- (s816obex)
DRV - [2007.06.19 08:51:18 | 000,021,928 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816nd5.sys -- (s816nd5)
DRV - [2007.06.19 08:51:18 | 000,013,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007.06.19 08:51:16 | 000,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816bus.sys -- (s816bus)
DRV - [2007.03.22 06:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 22:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.26 19:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 00:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.17 08:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\SearchScopes\{8F7A06B7-E051-47C5-A403-59F1DFCD4CFB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.7
FF - prefs.js..extensions.enabledAddons: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.12.2.3
FF - prefs.js..extensions.enabledAddons: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.3
FF - prefs.js..extensions.enabledAddons: ytd@mybrowserbar.com:6.3
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 23:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.06 17:35:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Isy\AppData\Roaming\12004 [2012.05.04 12:30:57 | 000,000,000 | ---D | M]
 
[2008.12.08 16:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isy\AppData\Roaming\mozilla\Extensions
[2012.10.29 23:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isy\AppData\Roaming\mozilla\Firefox\Profiles\xdbnt2my.default\extensions
[2011.03.16 14:58:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Isy\AppData\Roaming\mozilla\Firefox\Profiles\xdbnt2my.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.29 13:40:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Isy\AppData\Roaming\mozilla\Firefox\Profiles\xdbnt2my.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.10.31 15:44:37 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-10.xml
[2009.12.23 13:55:23 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-11.xml
[2010.01.07 18:27:43 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-12.xml
[2010.03.02 16:57:57 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-13.xml
[2010.04.01 08:30:34 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-14.xml
[2011.03.31 16:27:03 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-15.xml
[2011.04.30 17:31:42 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-16.xml
[2011.05.24 18:34:55 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-17.xml
[2011.07.01 11:03:02 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-18.xml
[2011.09.11 13:39:07 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-19.xml
[2011.10.13 16:26:52 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-20.xml
[2011.10.29 09:59:10 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-21.xml
[2011.11.08 17:17:14 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-22.xml
[2011.11.13 17:17:55 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-23.xml
[2011.12.02 18:00:41 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-24.xml
[2011.12.22 12:01:30 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-25.xml
[2012.01.10 18:55:58 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-26.xml
[2012.01.17 13:01:26 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-27.xml
[2012.02.15 10:59:10 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-28.xml
[2012.02.16 15:00:11 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-29.xml
[2012.02.25 19:12:15 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-30.xml
[2012.04.29 15:25:31 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-31.xml
[2009.04.02 16:49:07 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-4.xml
[2009.05.05 15:43:17 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-5.xml
[2009.06.19 12:35:55 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-6.xml
[2009.07.26 15:23:10 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-7.xml
[2009.08.08 13:54:58 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-8.xml
[2009.09.13 17:14:32 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-9.xml
[2012.03.19 19:09:28 | 000,000,168 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin.gif
[2012.03.19 19:09:28 | 000,000,618 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin.src
[2008.12.12 19:23:54 | 000,002,158 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\MySpace.xml
[2012.07.06 09:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.25 14:45:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.07.06 09:38:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.09.25 10:56:15 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES\YTD TOOLBAR\FF
[2012.05.04 12:30:57 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\ISY\APPDATA\ROAMING\12004
File not found (No name found) -- C:\USERS\ISY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XDBNT2MY.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\ISY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XDBNT2MY.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
[2012.04.29 15:24:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.13 16:26:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.13 16:26:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.13 16:26:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.13 16:26:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.13 16:26:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.13 16:26:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Isy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Isy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Isy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found
O4 - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - Startup: C:\Users\Isy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Users\Isy\Adobe Media Player\Adobe Media Player.exe ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Isy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1222596421 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} hxxp://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20081022122533 (PhotoBox uploader)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95370001-69DB-49F9-B4C9-843EC11EA280}: DhcpNameServer = 192.168.2.50
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Isy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Isy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{38c7833c-7cdf-11e1-b187-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{38c7833c-7cdf-11e1-b187-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{38c78352-7cdf-11e1-b187-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{38c78352-7cdf-11e1-b187-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{38c78361-7cdf-11e1-b187-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{38c78361-7cdf-11e1-b187-001fc67f864e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{648d15b7-b9dd-11e1-bd31-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{648d15b7-b9dd-11e1-bd31-001fc67f864e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ad7f4ff1-6db6-11e0-bb5c-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{ad7f4ff1-6db6-11e0-bb5c-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dd0039a7-7810-11e0-8b6d-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{dd0039a7-7810-11e0-8b6d-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dd0039b9-7810-11e0-8b6d-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{dd0039b9-7810-11e0-8b6d-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f52bbcc9-73f6-11e0-a40d-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{f52bbcc9-73f6-11e0-a40d-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f52bbce2-73f6-11e0-a40d-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{f52bbce2-73f6-11e0-a40d-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f8ed9620-7e79-11e1-9ae7-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{f8ed9620-7e79-11e1-9ae7-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f8ed962c-7e79-11e1-9ae7-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{f8ed962c-7e79-11e1-9ae7-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.30 03:11:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.29 23:02:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Isy\Desktop\OTL.exe
[2012.10.27 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\Isy\AppData\Roaming\Malwarebytes
[2012.10.27 12:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.27 12:52:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.27 12:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.14 16:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.10.14 16:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.10.14 16:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.10.14 16:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.10.14 14:01:08 | 020,664,552 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Isy\Desktop\FreeYouTubeToMP3Converter33.exe
[2012.10.07 20:16:32 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.11.10 18:49:59 | 015,184,088 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Isy\FreeYouTubeToMP3Converter.exe
[1 C:\Users\Isy\AppData\Roaming\*.tmp files -> C:\Users\Isy\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.29 23:13:46 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.29 23:13:46 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.29 23:13:46 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.29 23:13:46 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.29 23:09:04 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{22A22202-E31B-49CA-AAA7-3D805DF235C4}.job
[2012.10.29 23:07:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.29 23:07:17 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 23:07:17 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 23:07:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.29 23:07:08 | 2136,248,320 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.29 23:06:02 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.29 23:02:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.29 22:20:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.29 22:16:35 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.10.29 21:58:24 | 000,538,941 | ---- | M] () -- C:\Users\Isy\Desktop\adwcleaner.exe
[2012.10.27 13:13:12 | 000,001,356 | ---- | M] () -- C:\Users\Isy\AppData\Local\d3d9caps.dat
[2012.10.27 13:01:36 | 000,125,952 | ---- | M] () -- C:\Users\Isy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.24 10:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Isy\Desktop\OTL.exe
[2012.10.14 16:14:06 | 000,004,303 | ---- | M] () -- C:\Users\Isy\Stellenangebote.abw
[2012.10.14 14:02:22 | 020,664,552 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Isy\Desktop\FreeYouTubeToMP3Converter33.exe
[2012.10.06 11:34:28 | 000,001,158 | ---- | M] () -- C:\Users\Isy\Desktop\Free YouTube to MP3 Converter.lnk
[2012.10.01 08:54:30 | 000,058,725 | ---- | M] () -- C:\Users\Isy\tumblr_lw0t3m5VhO1qiek4fo1_500.jpg
[1 C:\Users\Isy\AppData\Roaming\*.tmp files -> C:\Users\Isy\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.29 23:02:53 | 000,538,941 | ---- | C] () -- C:\Users\Isy\Desktop\adwcleaner.exe
[2012.10.29 22:15:34 | 2136,248,320 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.14 16:14:06 | 000,004,303 | ---- | C] () -- C:\Users\Isy\Stellenangebote.abw
[2012.10.01 08:54:30 | 000,058,725 | ---- | C] () -- C:\Users\Isy\tumblr_lw0t3m5VhO1qiek4fo1_500.jpg
[2012.09.02 12:24:58 | 000,032,367 | ---- | C] () -- C:\Users\Isy\MiYxcfdoZegyjLm4_m_b.jpg
[2012.08.10 16:57:03 | 000,899,025 | ---- | C] () -- C:\Users\Isy\IMAG0201.jpg
[2012.07.20 18:24:02 | 000,005,752 | ---- | C] () -- C:\Users\Isy\getränke party.abw
[2012.06.16 10:07:29 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.06.15 14:41:48 | 000,550,227 | ---- | C] () -- C:\Users\Isy\Bergen belsen.odp
[2012.06.04 14:58:55 | 011,678,644 | ---- | C] () -- C:\Users\Isy\Bergen Belsen Video_0001.wmv
[2012.05.29 16:05:39 | 000,019,171 | ---- | C] () -- C:\Users\Isy\300-viva-la-vida-sw.jpg
[2012.05.09 09:52:35 | 000,023,848 | ---- | C] () -- C:\Users\Isy\Vom+Eisenerz+zum+Rohstahl.odt
[2012.05.04 12:30:49 | 000,007,368 | ---- | C] () -- C:\Users\Isy\AppData\Roaming\BAcroIEHelpe114.dll
[2012.05.04 12:27:10 | 000,055,656 | ---- | C] () -- C:\Users\Isy\AppData\Roaming\loaupdt.jpg
[2012.05.01 12:54:14 | 000,218,600 | ---- | C] () -- C:\Users\Isy\AppData\Roaming\AcroIEHelpe112.dll
[2012.04.27 16:19:51 | 000,000,016 | ---- | C] () -- C:\Users\Isy\AppData\Roaming\blckdom.res
[2012.04.02 17:19:49 | 000,001,356 | ---- | C] () -- C:\Users\Isy\AppData\Local\d3d9caps.dat
[2011.03.16 17:11:45 | 000,010,238 | -HS- | C] () -- C:\Users\Isy\AlbumArt_{F7850FA3-CC97-4896-AC4A-6D80129BAC2F}_Large.jpg
[2011.03.16 17:11:45 | 000,002,517 | -HS- | C] () -- C:\Users\Isy\AlbumArt_{F7850FA3-CC97-4896-AC4A-6D80129BAC2F}_Small.jpg
[2010.12.10 17:55:58 | 000,152,224 | ---- | C] () -- C:\Users\Isy\Weihnachtsbrief.pdf
[2010.07.12 15:33:36 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2010.06.02 19:50:59 | 000,378,368 | ---- | C] () -- C:\Users\Isy\iansomberh_a2xtb4ph.thm
[2010.06.02 19:39:30 | 001,610,752 | ---- | C] () -- C:\Users\Isy\damonsalva_9tlhcpkn.thm
[2010.01.07 19:01:03 | 000,005,499 | -HS- | C] () -- C:\Users\Isy\Folder.jpg
[2010.01.07 19:01:03 | 000,001,832 | -HS- | C] () -- C:\Users\Isy\AlbumArtSmall.jpg
[2008.08.22 20:14:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.08.22 19:41:52 | 000,125,952 | ---- | C] () -- C:\Users\Isy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.04.27 16:20:04 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\11019
[2012.04.29 15:25:09 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\12002
[2012.05.04 12:30:57 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\12004
[2008.08.22 20:22:12 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\ConvertTemp
[2010.07.12 15:30:48 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Degener
[2012.10.14 14:04:37 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\DVDVideoSoft
[2011.10.27 12:47:09 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.08.23 07:33:17 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\gtk-2.0
[2011.06.22 12:20:44 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\ICQ
[2008.08.24 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\ICQ Toolbar
[2012.04.27 16:19:38 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\kock
[2009.01.04 18:51:18 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\LimeWire
[2010.05.26 16:51:16 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Lionhead Studios
[2012.06.08 14:38:12 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\OpenOffice.org
[2010.06.14 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Samsung
[2012.10.06 14:03:04 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Spotify
[2010.05.26 17:16:19 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Teleca
[2008.08.22 20:22:12 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Temporary
[2012.04.03 18:01:35 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\TerraTec
[2008.08.22 20:22:12 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\TransRender
[2008.08.23 07:29:27 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\TuxPaint
[2012.05.02 16:04:10 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\UAs
[2012.05.02 16:04:11 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2008.08.22 14:36:40 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.04.16 12:27:15 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.10.07 20:16:32 | 000,000,000 | -HSD | M] -- C:\found.000
[2008.06.26 20:51:53 | 000,000,000 | ---D | M] -- C:\Intel
[2008.06.26 20:15:33 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.29 23:05:38 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.10.30 03:11:30 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.10.29 13:46:00 | 000,000,000 | ---D | M] -- C:\SPDISK
[2012.10.29 23:16:52 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.08.22 14:28:57 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.14 16:29:04 | 000,000,000 | ---D | M] -- C:\Windows
[2012.10.30 03:11:28 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %SYSTEMDRIVE%\*.* >
[2012.10.29 23:05:47 | 000,033,951 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008.01.21 03:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008.04.16 12:27:17 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007.04.04 20:01:54 | 000,000,019 | ---- | M] () -- C:\CA20.txt
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008.06.26 21:54:38 | 000,019,980 | ---- | M] () -- C:\devlist.txt
[2008.05.19 10:52:34 | 000,000,016 | ---- | M] () -- C:\Extra.log
[2007.11.13 18:54:11 | 000,000,017 | ---- | M] () -- C:\F7E_F7L_VISTA.10
[2008.06.26 21:51:17 | 000,000,009 | ---- | M] () -- C:\Finish.log
[2012.10.29 23:07:08 | 2136,248,320 | -HS- | M] () -- C:\hiberfil.sys
[2008.09.06 10:44:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.09.06 10:44:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.04.22 10:40:32 | 000,000,031 | ---- | M] () -- C:\NERO.LOG
[2008.02.01 20:29:55 | 000,000,013 | ---- | M] () -- C:\NIS2008.TXT
[2007.03.16 00:18:45 | 000,000,025 | ---- | M] () -- C:\OFFICE2007_A.TXT
[2012.10.29 00:16:30 | 000,060,294 | ---- | M] () -- C:\OTL.Txt
[2012.10.29 23:07:07 | 2452,070,400 | -HS- | M] () -- C:\pagefile.sys
[2008.06.26 08:50:16 | 000,000,105 | ---- | M] () -- C:\Pass.txt
[2008.05.08 12:48:09 | 000,001,948 | ---- | M] () -- C:\Patch.LOG
[2008.04.29 15:30:15 | 000,000,020 | ---- | M] () -- C:\READER_A.TXT
[2007.10.06 05:59:06 | 000,000,022 | ---- | M] () -- C:\RECOVERY.DAT
[2008.06.26 21:08:31 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2008.06.26 21:25:12 | 000,000,086 | ---- | M] () -- C:\setup.log
[2006.05.16 01:22:24 | 000,000,005 | ---- | M] () -- C:\store.log
[2008.06.26 20:47:10 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt
[2008.06.26 20:46:25 | 000,000,098 | ---- | M] () -- C:\SumOS.txt
[2008.04.17 01:32:52 | 000,000,024 | ---- | M] () -- C:\V541.TXT
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: PROGRAMFILES(X86)
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /10 >
[2012.10.29 22:32:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91120000-0031-0000-0000-0000000FF1CE}
 
< %appdata%\*.  >
[2012.04.27 16:20:04 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\11019
[2012.04.29 15:25:09 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\12002
[2012.05.04 12:30:57 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\12004
[2009.03.07 12:20:10 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Adobe
[2011.12.26 11:09:44 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Apple Computer
[2008.08.22 20:22:12 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\ConvertTemp
[2010.07.12 15:30:48 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Degener
[2010.04.04 12:02:22 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\DivX
[2012.05.26 12:21:31 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\dvdcss
[2012.10.14 14:04:37 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\DVDVideoSoft
[2011.10.27 12:47:09 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.08.23 07:33:17 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\gtk-2.0
[2011.06.22 12:20:44 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\ICQ
[2008.08.24 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\ICQ Toolbar
[2008.08.22 14:36:14 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Identities
[2009.09.06 10:24:14 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\InstallShield
[2012.04.27 16:19:38 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\kock
[2009.01.04 18:51:18 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\LimeWire
[2010.05.26 16:51:16 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Lionhead Studios
[2008.08.22 14:36:45 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Macromedia
[2012.10.27 12:52:34 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Media Center Programs
[2012.10.27 13:13:16 | 000,000,000 | --SD | M] -- C:\Users\Isy\AppData\Roaming\Microsoft
[2008.12.08 16:01:49 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Mozilla
[2009.01.28 18:20:20 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\MySpace
[2012.06.08 14:38:12 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\OpenOffice.org
[2011.10.27 12:48:27 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Real
[2010.06.14 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Samsung
[2010.07.12 15:30:21 | 000,000,000 | RH-D | M] -- C:\Users\Isy\AppData\Roaming\SecuROM
[2009.06.06 09:32:53 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Sony Ericsson
[2012.10.06 14:03:04 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Spotify
[2008.08.22 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Symantec
[2008.08.23 12:42:49 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Talkback
[2010.05.26 17:16:19 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Teleca
[2008.08.22 20:22:12 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Temporary
[2012.04.03 18:01:35 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\TerraTec
[2008.08.22 20:22:12 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\TransRender
[2008.08.23 07:29:27 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\TuxPaint
[2012.06.19 08:16:37 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\U3
[2012.05.02 16:04:10 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\UAs
[2011.11.26 17:56:02 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\vlc
[2012.05.02 16:04:11 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\xmldm
 
< %appdata%\*.*  >
[2012.05.04 12:30:49 | 000,000,065 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\AcroIEHelpe.txt
[2012.05.01 12:54:15 | 000,218,600 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\AcroIEHelpe112.dll
[2012.05.04 12:30:49 | 000,007,368 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\BAcroIEHelpe114.dll
[2012.05.02 16:04:10 | 000,000,016 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\blckdom.res
[2012.05.04 12:30:46 | 000,055,656 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\loaupdt.jpg
[1 C:\Users\Isy\AppData\Roaming\*.tmp files -> C:\Users\Isy\AppData\Roaming\*.tmp -> ]
 
< %appdata%\*.exe /s >
[2012.10.14 16:31:33 | 000,053,664 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Isy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009.09.06 10:23:36 | 000,010,134 | R--- | M] () -- C:\Users\Isy\AppData\Roaming\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
[2009.07.19 09:04:41 | 000,010,134 | R--- | M] () -- C:\Users\Isy\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2009.01.28 18:20:03 | 007,049,336 | ---- | M] (MySpace Inc.) -- C:\Users\Isy\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-de-A.exe
[2012.10.06 11:07:11 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\Isy\AppData\Roaming\Spotify\spotify.exe
[2012.10.06 11:07:11 | 000,114,904 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012.10.06 11:07:03 | 001,193,176 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
[2006.12.14 09:00:02 | 000,110,592 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\U3\temp\cleanup.exe
[2007.02.12 16:46:54 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Users\Isy\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %localappdata%\*.  >
[2010.07.05 13:31:21 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\Adobe
[2008.08.22 14:28:58 | 000,000,000 | -HSD | M] -- C:\Users\Isy\AppData\Local\Anwendungsdaten
[2010.11.02 12:23:34 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\AOL
[2009.12.25 09:46:28 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\Apple
[2010.06.20 15:30:19 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\Apple Computer
[2008.08.22 19:36:35 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\ASUS
[2012.09.28 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\Google
[2012.06.24 13:25:34 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\Macromedia
[2012.06.24 13:25:34 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\Microsoft
[2009.08.23 17:45:51 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\Microsoft Games
[2011.08.24 16:59:50 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\Microsoft Help
[2012.06.08 13:27:06 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\MicrosoftStore
[2008.08.23 12:41:52 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\Mozilla
[2009.09.06 10:49:50 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\Scansoft
[2009.06.06 10:24:50 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\Sony Ericsson
[2012.10.06 14:03:04 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\Spotify
[2012.10.29 23:22:05 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\Temp
[2008.08.22 14:28:58 | 000,000,000 | -HSD | M] -- C:\Users\Isy\AppData\Local\Temporary Internet Files
[2008.08.22 14:28:58 | 000,000,000 | -HSD | M] -- C:\Users\Isy\AppData\Local\Verlauf
[2009.06.06 10:43:45 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Local\VirtualStore
 
< %localappdata%\*.* >
[2012.10.27 13:13:12 | 000,001,356 | ---- | M] () -- C:\Users\Isy\AppData\Local\d3d9caps.dat
[2012.10.27 13:01:36 | 000,125,952 | ---- | M] () -- C:\Users\Isy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.08 14:41:18 | 000,106,904 | ---- | M] () -- C:\Users\Isy\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.10.29 23:06:01 | 002,863,279 | -H-- | M] () -- C:\Users\Isy\AppData\Local\IconCache.db
 
< %localappdata%\*.exe /s >
[2010.11.02 12:22:00 | 013,542,560 | ---- | M] (ICQ) -- C:\Users\Isy\AppData\Local\Temp\02B673~1.exe
[2008.08.27 17:07:51 | 004,898,704 | ---- | M] (Lime Wire LLC) -- C:\Users\Isy\AppData\Local\Temp\5wnqkqv4.exe
[2009.07.25 14:41:03 | 016,825,216 | ---- | M] (Macrovision Corporation) -- C:\Users\Isy\AppData\Local\Temp\718631~1.exe
[2012.09.27 09:56:20 | 000,987,080 | ---- | M] (McAfee, Inc.) -- C:\Users\Isy\AppData\Local\Temp\contentDATs.exe
[2007.07.03 21:04:18 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Isy\AppData\Local\Temp\DataCard_Setup.exe
[2010.04.01 08:28:12 | 000,126,976 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD1016.exe
[2009.12.05 10:28:26 | 000,294,432 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD1045.exe
[2009.08.24 16:43:24 | 000,024,576 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD1110.exe
[2009.10.12 15:48:23 | 000,006,144 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD1296.exe
[2009.11.01 10:30:26 | 000,110,592 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD12D4.exe
[2010.06.07 15:56:53 | 000,098,304 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD1312.exe
[2009.09.19 14:14:36 | 000,069,632 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD13AE.exe
[2010.02.20 14:44:11 | 000,157,696 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD140C.exe
[2009.09.06 17:34:19 | 000,016,384 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD1515.exe
[2010.01.15 14:56:51 | 000,010,240 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD186.exe
[2009.08.29 13:41:00 | 000,059,392 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD1AEF.exe
[2009.10.12 11:19:02 | 000,006,144 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD1CF2.exe
[2009.12.11 09:13:55 | 000,047,104 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD1D5F.exe
[2009.07.31 12:18:54 | 000,036,864 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD1DFB.exe
[2010.04.04 19:35:12 | 000,202,752 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD1F23.exe
[2010.04.07 07:24:19 | 000,227,328 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD1F81.exe
[2009.07.31 16:06:45 | 000,038,912 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD1FA0.exe
[2010.03.07 13:43:04 | 000,141,312 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD20B9.exe
[2010.03.16 17:09:03 | 000,516,096 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD2164.exe
[2009.09.30 17:24:27 | 000,024,576 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD225E.exe
[2010.06.06 19:00:40 | 000,032,768 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD23F4.exe
[2009.12.23 13:53:31 | 000,069,632 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD25F6.exe
[2009.11.07 10:17:47 | 000,038,912 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD2692.exe
[2009.09.21 16:46:39 | 000,006,144 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD2960.exe
[2009.12.02 17:58:32 | 000,081,920 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD2AD6.exe
[2009.09.22 14:47:57 | 000,026,624 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD2BC0.exe
[2009.11.14 10:09:09 | 000,161,792 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD2DD.exe
[2009.09.06 10:51:19 | 006,819,160 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD2E8E.exe
[2009.11.21 12:44:45 | 000,120,832 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD2EEC.exe
[2009.08.23 13:34:15 | 000,073,728 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD2F59.exe
[2009.11.24 16:54:41 | 000,004,096 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD3033.exe
[2009.10.16 11:42:34 | 000,096,256 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD3246.exe
[2009.11.04 17:00:02 | 000,053,248 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD3294.exe
[2010.05.30 15:06:18 | 000,565,248 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD32B3.exe
[2010.05.23 14:48:04 | 008,466,432 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD34B6.exe
[2009.11.18 18:02:40 | 000,043,008 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD3504.exe
[2010.05.09 16:14:40 | 000,012,288 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD3580.exe
[2009.07.26 15:14:05 | 000,118,784 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD360D.exe
[2009.09.07 16:41:23 | 000,022,528 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD36B8.exe
[2009.10.27 16:32:22 | 000,059,392 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD3726.exe
[2009.09.20 14:48:33 | 000,020,480 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD384E.exe
[2010.02.01 10:25:12 | 010,385,408 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD389C.exe
[2010.03.14 18:11:25 | 000,028,672 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD3A22.exe
[2010.03.31 17:24:57 | 000,014,336 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD3AED.exe
[2010.01.07 18:24:37 | 000,040,960 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD3B3B.exe
[2009.08.15 17:34:27 | 000,126,976 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD3C73.exe
[2010.03.12 16:30:43 | 000,010,240 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD3CFF.exe
[2009.10.17 13:38:30 | 000,040,960 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD3E56.exe
[2010.05.12 14:34:38 | 000,010,240 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD3F6.exe
[2010.04.04 11:58:06 | 000,067,584 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD4098.exe
[2009.09.06 10:16:09 | 000,038,912 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD429A.exe
[2010.05.11 14:38:41 | 000,008,192 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD42F8.exe
[2010.04.26 15:05:50 | 000,010,240 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD452A.exe
[2009.11.27 19:05:59 | 000,022,528 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD4539.exe
[2009.09.20 18:10:38 | 000,075,776 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD45A7.exe
[2009.08.26 17:10:55 | 000,092,160 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD45E5.exe
[2010.06.04 08:26:01 | 000,227,328 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD46BF.exe
[2009.10.19 15:08:40 | 000,043,008 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD47E8.exe
[2009.12.01 15:05:46 | 000,010,240 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD4836.exe
[2010.03.04 17:54:51 | 000,014,336 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD4B22.exe
[2009.09.13 10:45:25 | 000,014,336 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD4C1C.exe
[2009.10.21 14:09:13 | 000,004,096 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD4C5A.exe
[2009.08.16 09:34:44 | 000,114,688 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD50AE.exe
[2009.11.17 17:06:31 | 000,090,112 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD50FC.exe
[2009.09.20 13:25:19 | 000,014,336 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD5244.exe
[2009.11.06 19:35:41 | 000,024,576 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD5263.exe
[2010.05.31 14:40:57 | 000,083,968 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD54E2.exe
[2009.11.15 09:54:13 | 000,051,200 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD5697.exe
[2010.02.04 17:08:18 | 002,656,256 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD57EE.exe
[2010.05.30 10:03:30 | 002,539,520 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD583D.exe
[2010.06.13 08:17:21 | 000,004,096 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD589A.exe
[2009.11.11 17:54:39 | 000,196,608 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD58D8.exe
[2010.03.02 16:55:59 | 001,943,552 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD5907.exe
[2010.02.06 11:05:47 | 000,100,352 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD5A01.exe
[2009.09.13 18:41:09 | 000,053,248 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD5A3F.exe
[2009.09.05 16:11:42 | 000,049,152 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD5BB6.exe
[2010.05.26 06:05:15 | 000,432,374 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD5DA9.exe
[2010.02.14 16:30:54 | 000,030,720 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD5E26.exe
[2009.10.29 17:35:01 | 000,038,912 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD5F00.exe
[2009.08.14 18:05:41 | 000,168,150 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD5F7D.exe
[2009.08.27 17:46:16 | 000,258,048 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD6086.exe
[2010.02.03 08:51:59 | 000,020,480 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD62B8.exe
[2009.10.28 17:10:57 | 000,010,240 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD637.exe
[2010.03.31 10:13:04 | 000,241,664 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD638.exe
[2010.01.21 15:08:46 | 001,437,696 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD6518.exe
[2010.03.20 16:09:54 | 000,026,624 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD6556.exe
[2009.12.13 17:58:28 | 000,096,256 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD6595.exe
[2010.01.17 17:45:42 | 000,016,384 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD6641.exe
[2010.02.01 16:44:35 | 000,032,768 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD6660.exe
[2009.10.31 15:09:41 | 000,047,104 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD66CD.exe
[2009.10.16 16:44:42 | 000,022,528 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD66EC.exe
[2010.05.26 16:17:59 | 000,014,336 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD670B.exe
[2010.05.13 11:59:55 | 000,163,840 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD673A.exe
[2010.01.19 16:20:00 | 008,134,656 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD6759.exe
[2010.06.08 10:21:32 | 000,106,496 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD690E.exe
[2010.01.06 13:01:30 | 000,008,192 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD6B4.exe
[2010.05.25 10:53:14 | 002,891,776 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD6B9D.exe
[2010.02.26 15:28:41 | 005,437,440 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD6C68.exe
[2010.05.16 11:14:14 | 000,004,096 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD6DCF.exe
[2009.09.13 14:11:26 | 000,096,256 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD6E0D.exe
[2010.04.29 12:28:10 | 022,103,176 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD7213.exe
[2010.04.02 15:14:36 | 000,079,872 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD73B8.exe
[2010.04.05 10:15:03 | 000,380,102 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD740.exe
[2010.05.23 13:47:22 | 000,053,248 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD7647.exe
[2010.03.24 13:49:24 | 000,008,192 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD7676.exe
[2010.02.24 15:09:00 | 000,014,336 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD7770.exe
[2009.08.26 17:24:42 | 000,010,240 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD782B.exe
[2010.06.14 15:33:22 | 000,065,536 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD7C11.exe
[2010.06.07 14:45:47 | 000,018,432 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD7EC.exe
[2010.04.18 13:32:40 | 000,034,816 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD820A.exe
[2009.12.02 14:31:26 | 000,030,720 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD8535.exe
[2009.11.08 14:37:51 | 000,143,360 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD897.exe
[2010.04.25 10:18:56 | 000,098,304 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD8B7C.exe
[2009.11.15 15:35:28 | 000,043,008 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD8BAB.exe
[2010.04.28 16:42:49 | 022,103,176 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD8D8F.exe
[2009.10.14 08:11:36 | 000,016,384 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD8DAE.exe
[2009.11.03 16:50:57 | 000,163,840 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD8F5.exe
[2009.12.19 11:14:33 | 000,006,144 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD8FC0.exe
[2009.08.12 15:14:24 | 000,004,096 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD943.exe
[2009.10.18 09:06:33 | 000,016,384 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD95D8.exe
[2009.09.27 13:55:18 | 000,057,344 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD96E1.exe
[2009.12.12 13:20:03 | 000,036,864 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD9A99.exe
[2009.10.20 16:04:18 | 000,006,144 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EAD9CBB.exe
[2009.09.20 13:35:10 | 000,147,456 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EAD9CF.exe
[2010.04.24 14:17:31 | 000,065,536 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADA275.exe
[2010.02.11 15:31:49 | 000,020,480 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADA4B7.exe
[2010.02.17 16:04:13 | 000,188,416 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADA84F.exe
[2010.01.12 15:16:18 | 006,819,160 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADAA71.exe
[2010.03.18 17:23:35 | 000,088,064 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADAAFD.exe
[2010.01.22 16:07:30 | 000,016,384 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADAB9.exe
[2010.02.02 14:52:24 | 000,014,336 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADAD6D.exe
[2009.07.26 08:59:28 | 006,674,216 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADB1FF.exe
[2010.01.23 13:52:42 | 000,024,576 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADB2BB.exe
[2010.06.10 14:25:53 | 000,038,912 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADBA1A.exe
[2009.10.18 14:58:28 | 000,022,528 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADBA3.exe
[2010.05.08 17:01:21 | 000,008,192 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADBAD5.exe
[2009.08.06 13:47:53 | 000,088,064 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADBD84.exe
[2009.12.28 14:35:21 | 000,243,712 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADBE2.exe
[2009.11.05 15:50:15 | 000,030,720 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADBE7D.exe
[2009.09.20 13:14:30 | 000,057,344 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADC39C.exe
[2009.12.25 09:30:15 | 000,061,440 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADC503.exe
[2009.12.10 17:21:28 | 000,479,232 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADC64A.exe
[2009.08.07 19:15:13 | 000,077,824 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADC669.exe
[2010.04.10 15:07:46 | 000,014,336 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADC6A8.exe
[2009.11.10 16:36:06 | 000,049,152 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADC8F9.exe
[2009.11.27 15:38:12 | 006,819,160 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADC947.exe
[2009.07.27 13:46:17 | 006,674,216 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADC9B4.exe
[2009.08.10 16:46:34 | 000,055,296 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADC9E3.exe
[2009.08.08 13:52:07 | 000,325,632 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADCA6F.exe
[2010.03.25 14:54:02 | 000,219,136 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADCB69.exe
[2009.10.15 16:09:28 | 000,065,536 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADCCCF.exe
[2009.10.15 09:37:51 | 000,329,728 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADCD1D.exe
[2009.10.15 11:17:24 | 000,069,632 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADCD2D.exe
[2009.09.23 16:33:38 | 000,139,264 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADCE75.exe
[2010.06.09 15:09:33 | 000,081,920 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADCEE2.exe
[2009.11.22 19:22:46 | 000,292,864 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADCF6E.exe
[2009.11.05 19:45:45 | 000,376,832 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADCFFB.exe
[2009.08.18 14:41:45 | 000,241,664 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADD058.exe
[2009.08.02 15:05:41 | 000,167,936 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADD068.exe
[2009.08.09 11:48:22 | 000,032,768 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADD104.exe
[2010.03.27 11:18:00 | 000,083,968 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADD113.exe
[2009.12.17 16:15:46 | 000,012,288 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADD1AF.exe
[2009.08.21 12:22:45 | 000,047,104 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADD1FD.exe
[2009.11.11 16:08:41 | 002,287,616 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADD23C.exe
[2010.02.07 10:11:41 | 000,139,264 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADD383.exe
[2009.08.03 09:17:27 | 000,020,480 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADD39.exe
[2009.09.24 15:47:39 | 000,145,408 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADD3A3.exe
[2010.04.24 12:28:04 | 008,572,928 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADD3C2.exe
[2009.08.08 08:48:58 | 000,040,960 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADD3E1.exe
[2009.08.07 11:51:52 | 000,053,248 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADD567.exe
[2009.09.12 09:18:32 | 000,069,632 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADD577.exe
[2010.04.09 14:24:56 | 000,075,776 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADD622.exe
[2010.01.22 16:04:57 | 000,032,768 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADD661.exe
[2009.08.03 16:00:28 | 000,518,144 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADD70C.exe
[2009.09.01 12:04:23 | 000,024,576 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADD70D.exe
[2009.09.22 14:45:39 | 000,131,072 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADD73B.exe
[2009.08.31 17:18:52 | 006,674,216 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADD91F.exe
[2009.09.08 16:34:15 | 000,024,576 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADD97C.exe
[2009.08.20 16:06:58 | 000,104,448 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADD9BB.exe
[2009.09.20 13:02:57 | 002,707,456 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADD9CA.exe
[2009.09.17 15:19:11 | 000,176,128 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADDB21.exe
[2009.10.14 12:19:48 | 000,014,336 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADDC1B.exe
[2010.01.20 14:59:43 | 000,182,272 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADDC59.exe
[2009.08.09 13:37:35 | 000,081,920 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADDCA7.exe
[2009.11.02 17:17:56 | 000,010,240 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADDCC7.exe
[2010.01.21 19:37:59 | 000,114,688 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADDCE6.exe
[2009.07.30 12:37:53 | 000,274,432 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADDD34.exe
[2009.10.21 12:16:13 | 000,010,240 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADDDD0.exe
[2009.07.25 14:38:09 | 006,674,216 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADDF08.exe
[2009.11.09 17:44:34 | 000,073,728 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADDF4.exe
[2009.08.31 16:04:55 | 000,051,200 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADDF46.exe
[2009.10.25 18:31:03 | 000,010,240 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADDF56.exe
[2010.03.27 15:12:04 | 000,028,672 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADDF57.exe
[2009.09.15 15:26:53 | 000,557,056 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE0DC.exe
[2009.09.21 16:31:54 | 000,051,200 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADE139.exe
[2010.01.11 14:37:23 | 006,819,160 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE178.exe
[2009.10.21 16:52:09 | 000,024,576 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADE1A7.exe
[2009.09.16 17:05:55 | 000,161,792 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE1C6.exe
[2010.01.16 21:31:01 | 000,289,474 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE2B0.exe
[2010.03.24 18:04:40 | 000,088,064 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE2BF.exe
[2009.09.03 12:51:40 | 000,188,416 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE34C.exe
[2009.12.06 16:36:30 | 000,299,008 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE34D.exe
[2009.09.20 16:06:45 | 000,200,704 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE37B.exe
[2010.03.23 19:11:03 | 000,258,048 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE3A9.exe
[2010.02.21 13:10:35 | 000,325,632 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE474.exe
[2010.03.29 13:17:21 | 000,270,336 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE4D2.exe
[2009.08.30 11:42:46 | 000,038,912 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADE55E.exe
[2010.05.18 18:49:59 | 000,498,562 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE5AC.exe
[2010.05.29 13:31:37 | 000,018,432 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADE5AD.exe
[2010.03.30 08:33:58 | 000,092,160 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE723.exe
[2009.09.09 16:32:01 | 000,020,480 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADE81C.exe
[2010.03.28 17:11:02 | 001,409,024 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADE81D.exe
[2010.03.19 17:16:13 | 000,016,384 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADE82C.exe
[2009.11.08 10:48:51 | 000,051,200 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADE889.exe
[2009.12.22 16:17:21 | 000,086,016 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADEA00.exe
[2010.04.05 13:21:58 | 000,026,624 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADEA1F.exe
[2010.01.09 12:34:02 | 006,819,160 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADEA6D.exe
[2010.01.02 10:42:46 | 000,053,248 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADEA7D.exe
[2010.04.14 15:51:13 | 000,124,928 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADEAAB.exe
[2010.04.07 16:22:00 | 000,010,240 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADEAEA.exe
[2009.10.14 10:19:42 | 000,020,480 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADEAF9.exe
[2010.04.18 09:27:23 | 000,135,168 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADEB86.exe
[2010.06.02 16:18:18 | 000,016,384 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADEBF3.exe
[2009.09.21 17:27:12 | 000,022,528 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADECED.exe
[2010.05.01 09:31:58 | 000,100,352 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADED0C.exe
[2010.02.10 16:35:35 | 000,024,576 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADEDF6.exe
[2010.02.22 13:42:20 | 018,255,872 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADEEE.exe
[2010.01.06 10:40:04 | 000,096,256 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADEFCA.exe
[2010.05.08 12:31:29 | 012,625,920 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADF037.exe
[2010.05.03 15:04:28 | 000,237,568 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADF150.exe
[2010.04.06 11:16:27 | 000,004,096 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADF22A.exe
[2010.05.25 13:53:36 | 009,631,744 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADF2B7.exe
[2009.11.25 15:32:19 | 000,004,096 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADF353.exe
[2009.08.11 14:32:13 | 000,036,864 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADF3EF.exe
[2010.02.07 15:45:21 | 000,366,592 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADF3F0.exe
[2010.05.26 11:30:05 | 000,006,144 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADF42D.exe
[2010.05.02 14:35:07 | 004,657,152 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADF594.exe
[2010.03.09 14:52:43 | 000,194,560 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADF66E.exe
[2010.04.10 08:43:46 | 000,081,920 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADF6AD.exe
[2009.12.28 17:41:55 | 000,004,096 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADF814.exe
[2009.07.28 13:07:03 | 000,043,008 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADF8A0.exe
[2010.03.26 08:20:10 | 000,133,120 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADFBAC.exe
[2010.05.25 16:57:05 | 000,004,096 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADFD32.exe
[2010.06.07 08:24:47 | 000,333,824 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Isy\AppData\Local\Temp\EADFE1C.exe
[2010.06.13 16:14:35 | 000,014,336 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\EADFE1D.exe
[2001.09.29 02:30:16 | 000,483,386 | ---- | M] (Microsoft Corporation) -- C:\Users\Isy\AppData\Local\Temp\EBUBE4F.exe
[2001.09.29 02:30:16 | 000,483,386 | ---- | M] (Microsoft Corporation) -- C:\Users\Isy\AppData\Local\Temp\EBUEC12.exe
[2001.09.29 02:30:16 | 000,483,386 | ---- | M] (Microsoft Corporation) -- C:\Users\Isy\AppData\Local\Temp\EBUF0D.exe
[2008.10.27 19:12:36 | 001,887,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Isy\AppData\Local\Temp\FlashPlayerUpdate.exe
[2009.02.27 15:14:35 | 001,878,384 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Isy\AppData\Local\Temp\FlashPlayerUpdate01.exe
[2008.10.04 19:16:40 | 001,882,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Isy\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
[2007.05.16 18:31:10 | 000,006,144 | R--- | M] () -- C:\Users\Isy\AppData\Local\Temp\ResetDevice.exe
[2011.12.14 19:09:17 | 003,598,224 | ---- | M] (McAfee, Inc.) -- C:\Users\Isy\AppData\Local\Temp\SecurityScan_Release.exe
[2007.05.23 10:26:28 | 000,455,600 | ---- | M] (Macrovision Corporation) -- C:\Users\Isy\AppData\Local\Temp\_is51CA.exe
[2006.05.25 03:10:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\Isy\AppData\Local\Temp\_is9D76.exe
[2011.06.15 17:54:47 | 000,110,353 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\{F0CE2CFC-7D06-408D-963F-7B62AFBA28EF}-GoogleUpdateSetup.exe
[1892 C:\Users\Isy\AppData\Local\Temp\*.tmp files -> C:\Users\Isy\AppData\Local\Temp\*.tmp -> ]
[2010.06.11 04:24:59 | 000,311,296 | ---- | M] (Google                                                    ) -- C:\Users\Isy\AppData\Local\Temp\._msige52\GoogleEarth.exe
[2010.06.11 03:19:33 | 000,050,176 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\._msige52\program files\Google\Google Earth\client\earthflashsol.exe
[2010.06.11 03:18:18 | 000,069,632 | ---- | M] (Google) -- C:\Users\Isy\AppData\Local\Temp\._msige52\program files\Google\Google Earth\client\googleearth.exe
[2010.06.11 03:20:45 | 000,258,048 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\._msige52\program files\Google\Google Earth\client\gpsbabel.exe
[2010.06.11 03:18:18 | 000,069,632 | ---- | M] (Google) -- C:\Users\Isy\AppData\Local\Temp\._msige52\program files\Google\Google Earth\plugin\geplugin.exe
[2012.04.14 10:43:23 | 001,207,296 | ---- | M] (Google) -- C:\Users\Isy\AppData\Local\Temp\._msige61\GoogleEarth.exe
[2012.04.05 02:01:28 | 000,050,688 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
[2012.04.14 10:22:15 | 000,071,680 | ---- | M] (Google) -- C:\Users\Isy\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
[2012.03.12 10:43:03 | 000,293,888 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
[2012.04.14 10:22:15 | 000,071,680 | ---- | M] (Google) -- C:\Users\Isy\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
[2010.09.27 02:32:10 | 001,090,360 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\{4D00A2CE-3A47-4D75-B6E6-48C576FDDF90}\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQToolbarSetup.exe
[2007.06.21 18:44:12 | 000,065,536 | ---- | M] (Brother Industries,Ltd) -- C:\Users\Isy\AppData\Local\Temp\{55894B8F-1B70-46DF-A019-06CFEC6506F8}\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}\BrC3Rgin.exe
[2008.01.31 13:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Users\Isy\AppData\Local\Temp\{55894B8F-1B70-46DF-A019-06CFEC6506F8}\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}\Brmfcmon\BrMfcMon.exe
[2007.11.05 20:34:58 | 000,741,376 | ---- | M] (Brother Industries, Ltd.) -- C:\Users\Isy\AppData\Local\Temp\{55894B8F-1B70-46DF-A019-06CFEC6506F8}\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}\Brmfcmon\BrMfcWnd.exe
[2008.01.31 13:03:42 | 000,094,208 | R--- | M] (Brother Industries, Ltd.) -- C:\Users\Isy\AppData\Local\Temp\{55894B8F-1B70-46DF-A019-06CFEC6506F8}\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}\Brmfcmon\BrMfimon.exe
[2009.07.13 14:55:26 | 001,003,768 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\{9126E50C-4B21-4591-9B36-401498A440F7}\{60DE4033-9503-48D1-A483-7846BD217CA9}\ICQToolbarSetup.exe
[2011.08.15 18:14:58 | 000,102,784 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Isy\AppData\Local\Temp\AIR8738.tmp\Adobe AIR Installer.exe
[2011.08.15 18:14:58 | 000,129,920 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Isy\AppData\Local\Temp\AIR8738.tmp\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
[2011.08.15 18:14:58 | 000,102,784 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Isy\AppData\Local\Temp\AIR8738.tmp\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
[2011.08.15 18:14:58 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Isy\AppData\Local\Temp\AIR8738.tmp\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe
[2011.08.15 18:14:58 | 000,059,904 | ---- | M] () -- C:\Users\Isy\AppData\Local\Temp\AIR8738.tmp\Adobe AIR\Versions\1.0\Resources\template.exe
[2011.06.17 11:34:47 | 000,361,128 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\avconfig.exe
[2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\avgnt.exe
[2011.04.21 06:52:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\avguard.exe
[2011.06.17 11:34:51 | 000,223,912 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\avnotify.exe
[2011.06.17 11:34:55 | 000,442,024 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\avscan.exe
[2011.04.21 06:52:38 | 000,060,072 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\avupgsvc.exe
[2011.06.17 11:34:57 | 000,214,184 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\avwebloader.exe
[2011.04.21 06:52:39 | 000,098,480 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\avwsc.exe
[2011.06.17 11:35:32 | 000,348,840 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\fact.exe
[2011.06.17 11:35:33 | 000,071,848 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\guardgui.exe
[2011.04.21 06:52:49 | 000,017,064 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\guardhlp.exe
[2011.04.21 06:52:49 | 000,045,416 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\imp64b.exe
[2011.04.21 06:52:49 | 000,041,729 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\insthlp.exe
[2011.04.21 06:52:49 | 000,132,456 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\licmgr.exe
[2011.04.21 06:52:50 | 000,588,456 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\presetup.exe
[2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\sched.exe
[2011.06.17 11:35:35 | 000,667,304 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\setup.exe
[2011.06.17 11:35:37 | 000,581,288 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\update.exe
[2009.10.08 17:04:26 | 004,485,976 | ---- | M] (Microsoft Corporation) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\vcredist_x86.exe
[2011.04.21 06:53:02 | 000,065,192 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\wsctool.exe
[2011.04.21 06:53:10 | 000,260,776 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\vista64\avshadow.exe
[2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Users\Isy\AppData\Local\Temp\RarSFX0\xp\avshadow.exe
 
< %allusersprofile%\*.  >
[2012.10.14 16:23:20 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009.03.07 12:21:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2009.12.25 09:54:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2012.10.14 16:21:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008.08.22 19:36:37 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2008.06.26 21:19:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Atheros
[2009.09.06 10:19:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Brother
[2010.07.12 15:30:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Degener
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010.06.14 15:41:21 | 000,000,000 | ---D | M] -- C:\ProgramData\DivX
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010.06.14 15:54:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.10.29 23:05:38 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009.09.06 10:22:21 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallShield
[2012.10.27 12:52:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2011.10.27 12:20:43 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2011.12.06 18:47:32 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee Security Scan
[2010.07.08 11:15:56 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012.10.29 22:32:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012.04.29 15:24:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2010.07.26 16:30:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2010.04.04 19:39:23 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
[2010.10.22 18:37:54 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2011.10.27 12:38:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Real
[2009.09.06 10:22:27 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011.05.24 18:26:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2010.07.26 16:36:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Symantec
[2006.11.02 14:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012.04.03 18:04:09 | 000,000,000 | ---D | M] -- C:\ProgramData\TerraTec
[2009.01.03 12:22:52 | 000,000,000 | ---D | M] -- C:\ProgramData\VUG
[2011.03.16 15:10:22 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2011.10.27 12:20:37 | 000,000,000 | ---D | M] -- C:\ProgramData\YouTube Downloader
[2011.01.30 15:58:41 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008.06.26 20:26:02 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2009.12.25 09:51:40 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
 
< %allusersprofile%\*.* >
[2008.12.07 15:30:22 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010.07.13 10:56:59 | 000,000,164 | ---- | M] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
 
< %allusersprofile%\*.exe /s >
[2006.11.29 21:33:08 | 002,538,535 | ---- | M] (Microsoft Corporation                                                                                                                                                                                                                                                                                       ) -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe
[2012.08.21 12:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe
[2012.08.21 12:01:22 | 000,115,672 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe
[2012.09.10 02:33:52 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe
[2007.08.03 20:27:08 | 000,100,920 | ---- | M] () -- C:\ProgramData\ASUS\NB Probe\GetUserinfo.exe
[2009.08.09 13:01:43 | 000,529,200 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
[2009.08.09 13:01:51 | 000,529,200 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
[2010.04.04 11:43:59 | 000,986,904 | ---- | M] (DivX, Inc. ) -- C:\ProgramData\DivX\Setup\DivXSetup.exe
 
<           >
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,538 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.08.22 19:24:13 | 000,000,414 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{22A22202-E31B-49CA-AAA7-3D805DF235C4}.job
[2009.08.09 13:08:07 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.08.09 13:08:08 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.03.31 10:28:50 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >

--- --- ---

Ich möchte mich an deser Stelle nochmal Herzlich für die super hilfe bedanken.

Und um euch nicht die Nacht zu steheln werde ich mich jetzt erst mal abmelden und dann morgen Nachmittag wieder reinschauen, macht euch also bitte keinen Streß.

Ihr seid ein spitzen Team, vielen Dank und angenehme Nachtruhe

ryder · 30.10.2012, 09:30

Es fehlt noch die extras.txt bevor es weiter geht.

ichmagkekse · 30.10.2012, 19:17

hallo,

tut mir sehr leid hab ich gestern wohl übersehen,
hier noch die extra.txt:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 29.10.2012 23:13:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Isy\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 43,02% Memory free
4,21 Gb Paging File | 2,98 Gb Available in Paging File | 70,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 16,17 Gb Free Space | 13,89% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 106,58 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
 
Computer Name: ISY-PC | User Name: Isy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2916934394-2920353588-1664525166-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19788179-D7D9-4698-86D1-5350BD3C40E2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{208A3A36-2168-4F0B-8EFF-3F4786101B0C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{5B48CEA2-16C8-4E0E-A1B9-6CB0AF1DF062}" = rport=139 | protocol=6 | dir=out | app=system | 
"{81027D62-6729-43FA-A164-AE2004EFE66E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A9D7F215-F91C-44FF-BDF1-EE31F19A3D29}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AA3A7FC1-3CCA-49C3-8D87-D0056CA15377}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AF885CD9-2395-4C80-B547-58211CE07B81}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E27E6A90-1C7B-4856-B268-36172D843F5C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EFA55C79-494C-4881-B915-AB12DB7F8877}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F2FA7807-0F64-4653-AC33-FD96D3316DDD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F9D4B3E2-594E-4BDB-8965-4E11B0DB5D72}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{063CFA93-4834-4183-B246-53A75A50E8BC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0E128601-DAAE-4ED0-A05C-347BA5C4BC7A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{13688591-DE71-476D-8DD5-A7B881F1A812}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{1C09D3D2-E98C-40E8-975C-D6D9B655B1BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{292C047D-26AE-4E1F-A7B8-8EA288D1BDD7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{307637E0-8CCA-4ABE-A7E8-E39DA891C473}" = protocol=17 | dir=in | app=c:\users\isy\appdata\local\temp\{6eda3007-1d24-4370-a090-8add458ac728}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{38BDDD3D-851B-498F-9923-D5895ABAC2C5}" = protocol=6 | dir=in | app=c:\users\isy\appdata\local\temp\{6eda3007-1d24-4370-a090-8add458ac728}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{3D2F31BE-05D9-482A-8B28-8A60A022FF58}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{45784253-E07D-4F5D-A4C8-A43B49429038}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4C36CD15-53EC-43E3-8FFE-CA02119EE226}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{559E7EF7-A1AD-4062-A1C5-C0F7860849D8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{73C72390-F01D-484A-B78F-5DFDECCD54A2}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{7E0DA6F0-2952-4858-84E7-67BE209CAFCC}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{94690D0D-8ABF-4928-8204-538AC596A1AB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{99D5682B-2BF7-4113-AD8A-754891992943}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{9AA8CD1B-F9F9-44C9-A43B-43DB0954150F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CB39F0D8-CB58-4833-82D6-0E79468824E8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D4563F73-4AB9-49AC-A272-6474DD6553AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DD428733-9650-4585-8FCE-308D470DD0AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E908D9D8-27DD-454D-AD55-BD5ED0A90AE9}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe | 
"{F36B8F9C-2F39-45E3-AF05-E2EB0345D241}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{F9998EBF-7985-4C22-A5DF-830BC1EF3503}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FB0ACD2D-0DEB-42B5-80FC-AABE0ACEEB78}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{1CD10F16-0795-4E0B-A504-0D0849CE4928}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{23440A9B-57CB-41E9-A99B-D73EA1DDE6CD}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{684E9A9F-8760-4A2F-BFF1-595BE87D9464}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{6850D404-0D43-40B6-9956-56F2BD967202}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{6EBD3C98-2F5B-4133-96E3-4E43117539B5}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{7FC5A509-AF31-481E-A0BD-A8FF62E54D74}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe | 
"TCP Query User{84DA70C5-406D-4444-89CC-B7ACDC7607F8}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{8B90EFC5-1AB5-4699-B4AC-74D803CBDFDB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{954313D8-C19C-4942-BC82-C524A9C5DC28}C:\users\isy\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\isy\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{A1AD5531-BED5-434C-B22D-EACAE8500D9A}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{DAD953B3-04F4-4182-8B34-BDA246943E9F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{05257A86-8A1B-4885-9BF7-4326781BABF4}C:\users\isy\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\isy\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{0D10F645-2722-4252-B64A-CCF7F482506B}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{10D97BCC-3AB3-462F-B4BA-CBCFFCECE69D}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe | 
"UDP Query User{3B32007D-4BA7-441F-95F7-888277DEF7E7}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{3F1825A8-E1D5-4EE7-B23C-DAA8EE72EB9F}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{5554942B-E13C-48E5-9AFD-90E4FC14778F}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{5BE1126E-2572-4A52-99AE-04F5E925B681}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{815E47B2-5833-4A0A-A0C8-F88E5C953183}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{86450FB8-5ED4-4B9B-95CC-6FE05B900A50}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{BA332A70-2F47-4ADA-BD17-FBFFE162DA08}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{D3425C30-B481-4135-86BD-CD9265F1BC7F}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{38E5DF74-C1D8-46E9-A887-9494FA3D67EB}" = YTD Toolbar v6.3
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7ACCA59F-72AC-4046-A5D0-48F907CA4401}" = Samsung PC Studio
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{925936AC-9C9A-4897-874B-60961AAB6D52}" = Disc2Phone
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"AbiWord2" = AbiWord 2.6.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Cinergy T Stick MKII" = Cinergy T Stick MKII V9.06.3.01
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDFCreator Toolbar" = PDFCreator Toolbar
"PROHYBRIDR" = 2007 Microsoft Office system
"RollerCoaster Tycoon Setup" = Roll
"Superstar Rivals (TM)" = Superstar Rivals (TM)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 0.9.9
"YTdetect" = Yahoo! Detect
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2916934394-2920353588-1664525166-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.05.2011 13:16:31 | Computer Name = Isy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 264424191
 
Error - 24.05.2011 13:16:31 | Computer Name = Isy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 264424191
 
Error - 24.05.2011 13:16:33 | Computer Name = Isy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 24.05.2011 13:16:34 | Computer Name = Isy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 264426453
 
Error - 24.05.2011 13:16:34 | Computer Name = Isy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 264426453
 
Error - 24.05.2011 13:16:35 | Computer Name = Isy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 24.05.2011 13:16:35 | Computer Name = Isy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 264428060
 
Error - 24.05.2011 13:16:35 | Computer Name = Isy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 264428060
 
Error - 24.05.2011 13:18:30 | Computer Name = Isy-PC | Source = Application Hang | ID = 1002
Description = Programm avnotify.exe, Version 8.0.10.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 17ac  Anfangszeit: 01cc17c2905c47fd  Zeitpunkt der Beendigung:
 3141
 
Error - 24.05.2011 13:21:03 | Computer Name = Isy-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LiveUpdt.exe, Version 2.0.0.0, Zeitstempel 0x46b06e0b,
 fehlerhaftes Modul kernel32.dll, Version 6.0.6001.18215, Zeitstempel 0x49953395,
 Ausnahmecode 0xe06d7363, Fehleroffset 0x000442eb,  Prozess-ID 0x1300, Anwendungsstartzeit
 01cc1a366837df30.
 
[ System Events ]
Error - 28.10.2012 13:22:19 | Computer Name = Isy-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 29.10.2012 17:15:41 | Computer Name = Isy-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 29.10.2012 17:16:31 | Computer Name = Isy-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 29.10.2012 17:22:26 | Computer Name = Isy-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.10.2012 um 22:21:33 unerwartet heruntergefahren.
 
Error - 29.10.2012 17:22:29 | Computer Name = Isy-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 29.10.2012 17:23:14 | Computer Name = Isy-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 29.10.2012 18:01:31 | Computer Name = Isy-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 29.10.2012 18:02:15 | Computer Name = Isy-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 29.10.2012 18:07:14 | Computer Name = Isy-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 29.10.2012 18:07:51 | Computer Name = Isy-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

--- --- ---

ryder · 30.10.2012, 20:23

OK, weiter gehts!

Schritt 1:
Deinstallation von Programmen

Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren

ggf. Neustart zulassen

Falls du die folgenden Programme nicht absichtlich installiert hast, entferne bitte:
PDFCreator Toolbar

YTD Toolbar v6.3

Yahoo! Detect

McAfee Security Scan Plus

Schritt 2:
Fix mit OTL

Zitat:

Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.

Starte bitte die OTL.exe.

Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)
O3 - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
FF - prefs.js..extensions.enabledAddons: ytd@mybrowserbar.com:6.3
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.3
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Isy\AppData\Roaming\12004 [2012.05.04 12:30:57 | 000,000,000 | ---D | M]
FF - prefs.js..extensions.enabledAddons: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..extensions.enabledAddons: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.12.2.3
FF - prefs.js..extensions.enabledAddons: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.2.1
O4 - HKLM..\Run: []  File not found
:Files
C:\PROGRAM FILES\YTD TOOLBAR
C:\Users\Isy\AppData\Roaming\11019
C:\Users\Isy\AppData\Roaming\12002
C:\Users\Isy\AppData\Roaming\12004
C:\USERS\ISY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XDBNT2MY.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
:commands
[Emptytemp]
         
Schliesse bitte nun alle Programme.

Klicke nun bitte auf den Fix Button.

OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.

Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)

Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein!

Schritt 3:Kontrollscan mit OTL

Starte bitte OTL.exe

Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!

Drücke den Quick Scan Button.

Poste die OTL.txt hier in deinen Thread.

ichmagkekse · 30.10.2012, 20:30

schritt 1 soweit ausgeführt Yahoo ist nicht in den programmen zu finden .... bin verwirrt ... soll ich dennoch schritt 2 ausführen ?

ryder · 30.10.2012, 20:31

ja, einfach weiter machen

ichmagkekse · 30.10.2012, 21:23

Sooo ich hoffe das es jetzt alles geklappt hat

hier der Fixlog

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2916934394-2920353588-1664525166-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
C:\Program Files\PDFCreator\Temp folder moved successfully.
C:\Program Files\PDFCreator\Scripts\RunProgramBeforeSaving folder moved successfully.
C:\Program Files\PDFCreator\Scripts\RunProgramAfterSaving folder moved successfully.
C:\Program Files\PDFCreator\Scripts folder moved successfully.
C:\Program Files\PDFCreator\languages folder moved successfully.
C:\Program Files\PDFCreator\GS8.61\gs8.61\Resource\Encoding folder moved successfully.
C:\Program Files\PDFCreator\GS8.61\gs8.61\Resource\Decoding folder moved successfully.
C:\Program Files\PDFCreator\GS8.61\gs8.61\Resource\ColorSpace folder moved successfully.
C:\Program Files\PDFCreator\GS8.61\gs8.61\Resource\CMap folder moved successfully.
C:\Program Files\PDFCreator\GS8.61\gs8.61\Resource folder moved successfully.
C:\Program Files\PDFCreator\GS8.61\gs8.61\Lib folder moved successfully.
C:\Program Files\PDFCreator\GS8.61\gs8.61\Bin folder moved successfully.
C:\Program Files\PDFCreator\GS8.61\gs8.61 folder moved successfully.
C:\Program Files\PDFCreator\GS8.61\Fonts folder moved successfully.
C:\Program Files\PDFCreator\GS8.61 folder moved successfully.
C:\Program Files\PDFCreator\COM\Windows Scripting Host\VBScripts folder moved successfully.
C:\Program Files\PDFCreator\COM\Windows Scripting Host\JScripts folder moved successfully.
C:\Program Files\PDFCreator\COM\Windows Scripting Host folder moved successfully.
C:\Program Files\PDFCreator\COM\WinBatch folder moved successfully.
C:\Program Files\PDFCreator\COM\VB6\Sample2 folder moved successfully.
C:\Program Files\PDFCreator\COM\VB6\Sample1 folder moved successfully.
C:\Program Files\PDFCreator\COM\VB6 folder moved successfully.
C:\Program Files\PDFCreator\COM\Ruby folder moved successfully.
C:\Program Files\PDFCreator\COM\Python folder moved successfully.
C:\Program Files\PDFCreator\COM\Perl folder moved successfully.
C:\Program Files\PDFCreator\COM\MS Office folder moved successfully.
C:\Program Files\PDFCreator\COM\DOTNET Scripting Host folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample2 folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample1 folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2005\Visual Basic folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2005\C#\Sample2 folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2005\C#\Sample1 folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2005\C# folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2005 folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2003\Visual Basic\Sample2 folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2003\Visual Basic\Sample1 folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2003\Visual Basic folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2003\C#\Sample2 folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2003\C#\Sample1 folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2003\C# folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net\VS2003 folder moved successfully.
C:\Program Files\PDFCreator\COM\Dot Net folder moved successfully.
C:\Program Files\PDFCreator\COM folder moved successfully.
C:\Program Files\PDFCreator folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ not found.
File C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
File C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found.
Prefs.js: ytd@mybrowserbar.com:6.3 removed from extensions.enabledAddons
Prefs.js: wtxpcom@mybrowserbar.com:6.3 removed from extensions.enabledAddons
Prefs.js: "Ask" removed from browser.search.order.1
Prefs.js: engine@conduit.com:3.3.2.1 removed from extensions.enabledItems
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}\ not found.
C:\Users\Isy\AppData\Roaming\12004\components folder moved successfully.
C:\Users\Isy\AppData\Roaming\12004 folder moved successfully.
Prefs.js: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 removed from extensions.enabledAddons
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.12.2.3 removed from extensions.enabledAddons
Prefs.js: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 removed from extensions.enabledAddons
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.2.1 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
========== FILES ==========
File\Folder C:\PROGRAM FILES\YTD TOOLBAR not found.
C:\Users\Isy\AppData\Roaming\11019\components folder moved successfully.
C:\Users\Isy\AppData\Roaming\11019 folder moved successfully.
C:\Users\Isy\AppData\Roaming\12002\components folder moved successfully.
C:\Users\Isy\AppData\Roaming\12002 folder moved successfully.
File\Folder C:\Users\Isy\AppData\Roaming\12004 not found.
File\Folder C:\USERS\ISY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XDBNT2MY.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
 
User: Isy
->Temp folder emptied: 2875699355 bytes
->Temporary Internet Files folder emptied: 183197531 bytes
->Java cache emptied: 7357579 bytes
->FireFox cache emptied: 312903817 bytes
->Google Chrome cache emptied: 64416575 bytes
->Flash cache emptied: 58206 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 980912811 bytes
RecycleBin emptied: 176732921 bytes
 
Total Files Cleaned = 4.388,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10302012_213502

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

und ich hoffe das es noch passt hier der End Scanlog:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 30.10.2012 21:57:44 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Isy\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,12% Memory free
4,21 Gb Paging File | 3,15 Gb Available in Paging File | 74,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 20,88 Gb Free Space | 17,93% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 106,58 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive F: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,91% Space Free | Partition Type: FAT
 
Computer Name: ISY-PC | User Name: Isy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.24 10:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Isy\Desktop\OTL.exe
PRC - [2009.03.07 12:21:23 | 000,261,632 | ---- | M] () -- C:\Users\Isy\Adobe Media Player\Adobe Media Player.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.23 12:39:23 | 002,641,920 | ---- | M] (pdfforge  hxxp://www.pdfforge.org/) -- C:\_OTL\MovedFiles\10302012_213502\C_Program Files\PDFCreator\PDFCreator.exe
PRC - [2008.06.26 21:50:27 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2008.01.31 13:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.09.29 03:59:08 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2007.09.01 01:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.08.19 06:26:59 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.08.03 04:52:40 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exe
PRC - [2007.08.02 03:27:50 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.07.12 18:25:28 | 000,225,280 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007.07.11 01:33:58 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007.07.10 18:59:56 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.05.24 00:56:14 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.04.17 21:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.02.06 02:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 03:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.21 07:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.03.07 12:21:23 | 000,261,632 | ---- | M] () -- C:\Users\Isy\Adobe Media Player\Adobe Media Player.exe
MOD - [2008.06.26 21:50:27 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
MOD - [2007.08.14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.08.08 10:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
MOD - [2007.08.03 04:52:40 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exe
MOD - [2007.08.02 03:27:50 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.07.12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007.06.15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 03:01:21 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.06.02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.14 16:32:00 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.29 15:24:41 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.02.06 02:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.10.02 09:59:16 | 000,489,952 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2007.10.02 15:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.08.11 04:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.08.05 05:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.31 06:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.06.19 08:51:20 | 000,107,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007.06.19 08:51:18 | 000,099,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mgmt.sys -- (s816mgmt)
DRV - [2007.06.19 08:51:18 | 000,097,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816unic.sys -- (s816unic)
DRV - [2007.06.19 08:51:18 | 000,097,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816obex.sys -- (s816obex)
DRV - [2007.06.19 08:51:18 | 000,021,928 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816nd5.sys -- (s816nd5)
DRV - [2007.06.19 08:51:18 | 000,013,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007.06.19 08:51:16 | 000,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816bus.sys -- (s816bus)
DRV - [2007.03.22 06:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 22:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.26 19:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 00:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.17 08:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\SearchScopes\{8F7A06B7-E051-47C5-A403-59F1DFCD4CFB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.7
FF - prefs.js..extensions.enabledAddons: 
FF - prefs.js..extensions.enabledAddons: 
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledAddons: 
FF - prefs.js..extensions.enabledAddons: 
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: 
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 23:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.06 17:35:52 | 000,000,000 | ---D | M]
 
[2008.12.08 16:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isy\AppData\Roaming\mozilla\Extensions
[2012.10.29 23:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isy\AppData\Roaming\mozilla\Firefox\Profiles\xdbnt2my.default\extensions
[2011.03.16 14:58:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Isy\AppData\Roaming\mozilla\Firefox\Profiles\xdbnt2my.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.29 13:40:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Isy\AppData\Roaming\mozilla\Firefox\Profiles\xdbnt2my.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.10.31 15:44:37 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-10.xml
[2009.12.23 13:55:23 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-11.xml
[2010.01.07 18:27:43 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-12.xml
[2010.03.02 16:57:57 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-13.xml
[2010.04.01 08:30:34 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-14.xml
[2011.03.31 16:27:03 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-15.xml
[2011.04.30 17:31:42 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-16.xml
[2011.05.24 18:34:55 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-17.xml
[2011.07.01 11:03:02 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-18.xml
[2011.09.11 13:39:07 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-19.xml
[2011.10.13 16:26:52 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-20.xml
[2011.10.29 09:59:10 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-21.xml
[2011.11.08 17:17:14 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-22.xml
[2011.11.13 17:17:55 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-23.xml
[2011.12.02 18:00:41 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-24.xml
[2011.12.22 12:01:30 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-25.xml
[2012.01.10 18:55:58 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-26.xml
[2012.01.17 13:01:26 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-27.xml
[2012.02.15 10:59:10 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-28.xml
[2012.02.16 15:00:11 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-29.xml
[2012.02.25 19:12:15 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-30.xml
[2012.04.29 15:25:31 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-31.xml
[2009.04.02 16:49:07 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-4.xml
[2009.05.05 15:43:17 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-5.xml
[2009.06.19 12:35:55 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-6.xml
[2009.07.26 15:23:10 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-7.xml
[2009.08.08 13:54:58 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-8.xml
[2009.09.13 17:14:32 | 000,000,950 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin-9.xml
[2012.03.19 19:09:28 | 000,000,168 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin.gif
[2012.03.19 19:09:28 | 000,000,618 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\icqplugin.src
[2008.12.12 19:23:54 | 000,002,158 | ---- | M] () -- C:\Users\Isy\AppData\Roaming\mozilla\firefox\profiles\xdbnt2my.default\searchplugins\MySpace.xml
[2012.07.06 09:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.25 14:45:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.07.06 09:38:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES\YTD TOOLBAR\FF
File not found (No name found) -- C:\USERS\ISY\APPDATA\ROAMING\12004
File not found (No name found) -- C:\USERS\ISY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XDBNT2MY.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\ISY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XDBNT2MY.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
[2012.04.29 15:24:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.13 16:26:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.13 16:26:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.13 16:26:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.13 16:26:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.13 16:26:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.13 16:26:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Isy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Isy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Isy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found
O4 - HKU\S-1-5-21-2916934394-2920353588-1664525166-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - Startup: C:\Users\Isy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Users\Isy\Adobe Media Player\Adobe Media Player.exe ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Isy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1222596421 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} hxxp://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20081022122533 (PhotoBox uploader)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95370001-69DB-49F9-B4C9-843EC11EA280}: DhcpNameServer = 192.168.2.50
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Isy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Isy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{38c7833c-7cdf-11e1-b187-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{38c7833c-7cdf-11e1-b187-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{38c78352-7cdf-11e1-b187-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{38c78352-7cdf-11e1-b187-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{38c78361-7cdf-11e1-b187-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{38c78361-7cdf-11e1-b187-001fc67f864e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{648d15b7-b9dd-11e1-bd31-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{648d15b7-b9dd-11e1-bd31-001fc67f864e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ad7f4ff1-6db6-11e0-bb5c-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{ad7f4ff1-6db6-11e0-bb5c-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dd0039a7-7810-11e0-8b6d-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{dd0039a7-7810-11e0-8b6d-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dd0039b9-7810-11e0-8b6d-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{dd0039b9-7810-11e0-8b6d-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f52bbcc9-73f6-11e0-a40d-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{f52bbcc9-73f6-11e0-a40d-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f52bbce2-73f6-11e0-a40d-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{f52bbce2-73f6-11e0-a40d-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f8ed9620-7e79-11e1-9ae7-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{f8ed9620-7e79-11e1-9ae7-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f8ed962c-7e79-11e1-9ae7-001fc67f864e}\Shell - "" = AutoRun
O33 - MountPoints2\{f8ed962c-7e79-11e1-9ae7-001fc67f864e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.30 03:11:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.29 23:02:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Isy\Desktop\OTL.exe
[2012.10.27 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\Isy\AppData\Roaming\Malwarebytes
[2012.10.27 12:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.27 12:52:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.27 12:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.14 16:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.10.14 16:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.10.14 16:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.10.14 16:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.10.14 14:01:08 | 020,664,552 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Isy\Desktop\FreeYouTubeToMP3Converter33.exe
[2012.10.07 20:16:32 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.11.10 18:49:59 | 015,184,088 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Isy\FreeYouTubeToMP3Converter.exe
[1 C:\Users\Isy\AppData\Roaming\*.tmp files -> C:\Users\Isy\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.30 22:02:49 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.30 21:57:00 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.30 21:57:00 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.30 21:57:00 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.30 21:57:00 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.30 21:48:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.30 21:48:04 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.30 21:48:04 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.30 21:47:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.30 21:47:54 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.30 21:46:49 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.30 21:20:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.30 20:18:21 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{22A22202-E31B-49CA-AAA7-3D805DF235C4}.job
[2012.10.30 20:13:39 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.10.29 21:58:24 | 000,538,941 | ---- | M] () -- C:\Users\Isy\Desktop\adwcleaner.exe
[2012.10.27 13:13:12 | 000,001,356 | ---- | M] () -- C:\Users\Isy\AppData\Local\d3d9caps.dat
[2012.10.27 13:01:36 | 000,125,952 | ---- | M] () -- C:\Users\Isy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.24 10:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Isy\Desktop\OTL.exe
[2012.10.14 16:14:06 | 000,004,303 | ---- | M] () -- C:\Users\Isy\Stellenangebote.abw
[2012.10.14 14:02:22 | 020,664,552 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Isy\Desktop\FreeYouTubeToMP3Converter33.exe
[2012.10.06 11:34:28 | 000,001,158 | ---- | M] () -- C:\Users\Isy\Desktop\Free YouTube to MP3 Converter.lnk
[2012.10.01 08:54:30 | 000,058,725 | ---- | M] () -- C:\Users\Isy\tumblr_lw0t3m5VhO1qiek4fo1_500.jpg
[1 C:\Users\Isy\AppData\Roaming\*.tmp files -> C:\Users\Isy\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.29 23:02:53 | 000,538,941 | ---- | C] () -- C:\Users\Isy\Desktop\adwcleaner.exe
[2012.10.29 22:15:34 | 2138,300,416 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.14 16:14:06 | 000,004,303 | ---- | C] () -- C:\Users\Isy\Stellenangebote.abw
[2012.10.01 08:54:30 | 000,058,725 | ---- | C] () -- C:\Users\Isy\tumblr_lw0t3m5VhO1qiek4fo1_500.jpg
[2012.09.02 12:24:58 | 000,032,367 | ---- | C] () -- C:\Users\Isy\MiYxcfdoZegyjLm4_m_b.jpg
[2012.08.10 16:57:03 | 000,899,025 | ---- | C] () -- C:\Users\Isy\IMAG0201.jpg
[2012.07.20 18:24:02 | 000,005,752 | ---- | C] () -- C:\Users\Isy\getränke party.abw
[2012.06.16 10:07:29 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.06.15 14:41:48 | 000,550,227 | ---- | C] () -- C:\Users\Isy\Bergen belsen.odp
[2012.06.04 14:58:55 | 011,678,644 | ---- | C] () -- C:\Users\Isy\Bergen Belsen Video_0001.wmv
[2012.05.29 16:05:39 | 000,019,171 | ---- | C] () -- C:\Users\Isy\300-viva-la-vida-sw.jpg
[2012.05.09 09:52:35 | 000,023,848 | ---- | C] () -- C:\Users\Isy\Vom+Eisenerz+zum+Rohstahl.odt
[2012.05.04 12:30:49 | 000,007,368 | ---- | C] () -- C:\Users\Isy\AppData\Roaming\BAcroIEHelpe114.dll
[2012.05.04 12:27:10 | 000,055,656 | ---- | C] () -- C:\Users\Isy\AppData\Roaming\loaupdt.jpg
[2012.05.01 12:54:14 | 000,218,600 | ---- | C] () -- C:\Users\Isy\AppData\Roaming\AcroIEHelpe112.dll
[2012.04.27 16:19:51 | 000,000,016 | ---- | C] () -- C:\Users\Isy\AppData\Roaming\blckdom.res
[2012.04.02 17:19:49 | 000,001,356 | ---- | C] () -- C:\Users\Isy\AppData\Local\d3d9caps.dat
[2011.03.16 17:11:45 | 000,010,238 | -HS- | C] () -- C:\Users\Isy\AlbumArt_{F7850FA3-CC97-4896-AC4A-6D80129BAC2F}_Large.jpg
[2011.03.16 17:11:45 | 000,002,517 | -HS- | C] () -- C:\Users\Isy\AlbumArt_{F7850FA3-CC97-4896-AC4A-6D80129BAC2F}_Small.jpg
[2010.12.10 17:55:58 | 000,152,224 | ---- | C] () -- C:\Users\Isy\Weihnachtsbrief.pdf
[2010.07.12 15:33:36 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2010.06.02 19:50:59 | 000,378,368 | ---- | C] () -- C:\Users\Isy\iansomberh_a2xtb4ph.thm
[2010.06.02 19:39:30 | 001,610,752 | ---- | C] () -- C:\Users\Isy\damonsalva_9tlhcpkn.thm
[2010.01.07 19:01:03 | 000,005,499 | -HS- | C] () -- C:\Users\Isy\Folder.jpg
[2010.01.07 19:01:03 | 000,001,832 | -HS- | C] () -- C:\Users\Isy\AlbumArtSmall.jpg
[2008.08.22 20:14:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.08.22 19:41:52 | 000,125,952 | ---- | C] () -- C:\Users\Isy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.08.22 20:22:12 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\ConvertTemp
[2010.07.12 15:30:48 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Degener
[2012.10.14 14:04:37 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\DVDVideoSoft
[2011.10.27 12:47:09 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.08.23 07:33:17 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\gtk-2.0
[2011.06.22 12:20:44 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\ICQ
[2008.08.24 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\ICQ Toolbar
[2012.04.27 16:19:38 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\kock
[2009.01.04 18:51:18 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\LimeWire
[2010.05.26 16:51:16 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Lionhead Studios
[2012.06.08 14:38:12 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\OpenOffice.org
[2010.06.14 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Samsung
[2012.10.06 14:03:04 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Spotify
[2010.05.26 17:16:19 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Teleca
[2008.08.22 20:22:12 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\Temporary
[2012.04.03 18:01:35 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\TerraTec
[2008.08.22 20:22:12 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\TransRender
[2008.08.23 07:29:27 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\TuxPaint
[2012.05.02 16:04:10 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\UAs
[2012.05.02 16:04:11 | 000,000,000 | ---D | M] -- C:\Users\Isy\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

ryder · 31.10.2012, 10:04

Das sieht gut aus! Wir müssen das noch gegenchecken ...

Schritt 1:
Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes
Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung

Wenn das Update beendet wurde, aktiviere Quickscan durchführen und drücke auf Scannen.

Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.

Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.

Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.

Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2:
ESET Online Scanner

Zitat:

Wichtig:
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten!
Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Bitte hier klicken --->
Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden, installieren und starten.

IE-User müssen das Installieren eines ActiveX Elements erlauben.

Setze den einen Haken bei Yes, i accept the Terms of Use/Ja, ich stimme ... zu und drücke den Button.

Warte bis die Komponenten herunter geladen wurden.

Setze einen Haken bei "Scan archives/Archive prüfen" und entferne den Haken bei Remove Found Threads/Entdeckte Bedrohungen entfernen.

drücken. Die Signaturen werden herunter geladen und der Scan beginnt automatisch und kann sehr lange dauern!

Wenn der Scan beendet wurde
Klicke und dann

Speichere das Logfile als ESET.txt auf dem Desktop.

Klicke Back und Finish

Bitte poste die ESET.txt hier oder teile mir mit, dass nichts gefunden wurde.

Schritt 3:
Java Update (Windows XP, Vista, 7)

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Downloade dir bitte die neueste Java-Version und speichere die jxpiinstall.exe

Schließe alle laufenden Programme. Speziell deinen Browser.

Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version (Java 7 Update 9) herunter laden.

Während der Installation entferne den Haken bei:

Wenn die Installation beendet wurde:
Start > Systemsteuerung > Programme und deinstalliere alle älteren Java Versionen, falls vorhanden, und starte deinen Rechner neu.

Nach dem Neustart:
Öffne erneut die Systemsteuerung > Programme und klicke auf das Java Symbol.

Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.

Klicke auf Dateien löschen...

Gehe sicher, dass überall ein Haken gesetzt ist und klicke zweimal OK.

Schritt 4:
Update: Firefox, Addons und Plugins

Klicke auf > Hilfe > Über Firefox

Warte bis das Update geladen ist, klicke auf Update installieren und lasse Firefox neu starten.

Prüfe bitte, ob weitere Updates vorliegen oder ob Firefox aktuell ist.

Klicke nun auf > Add-ons > > Auf Updates überprüfen

Nach einem weiteren Neustart von Firefox sollte alles aktuell sein.

Prüfe bitte auch (regelmässig), ob folgende Links fehlende Updates bei deinen Plugins zeigen:
PluginCheck-Schnelltest

Mozilla Plugin-Check

Schritt 5:
Kontrollscan mit OTL

Starte bitte OTL.exe

Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!

Drücke den Quick Scan Button.

Poste die OTL.txt hier in deinen Thread.

ichmagkekse · 01.11.2012, 20:43

Und was soll ich machen wenn eset doch noch was findet ???

soll ich die dann gleich entfernen lassen ???

30.10.2012, 20:31	#12
ryder /// TB-Ausbilder	Ukash Bundepolize Trojaner ja, einfach weiter machen __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

Ukash Bundepolize Trojaner

Plagegeister aller Art und deren Bekämpfung: Ukash Bundepolize Trojaner