Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Wahrscheinlich "wieder" Deltasearch

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.05.2013, 19:27   #1
Av4lon
 
Wahrscheinlich "wieder" Deltasearch - Unglücklich

Wahrscheinlich "wieder" Deltasearch



Hallo liebes Trojaner-Board Forum. Dies ist mein erster Post eines Problemes zu dem ich selber nicht in der Lage bin es aus eigener Hand zu lösen. Ich hoffe ich erreiche hier den einen oder Anderen der es kann

Folgendes : Vor nicht allzu langer Zeit wollte ich mir einen Game-booster downloaden und habe nicht darauf geachtet das ich in Wirklichkeit ein ganz anderes Programm gedownloaded und installiert habe.

Nun habe ich das gute entfernbare Delta-search in meinem Firefox. Meine Anti-Spyware kann das Problem nicht lösen. Ich habe dabei auch verschiedene Softwareprodukte ausprobiert. Dann habe ich es versucht zu deinstallieren und bekahm folgende Meldung :


Also defogger konnte nix finden

OTL :
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.05.2013 20:37:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tim\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,74 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 59,59% Memory free
7,49 Gb Paging File | 6,16 Gb Available in Paging File | 82,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,90 Gb Total Space | 4,42 Gb Free Space | 7,92% Space Free | Partition Type: NTFS
Drive E: | 233,76 Gb Total Space | 197,23 Gb Free Space | 84,37% Space Free | Partition Type: NTFS
Drive F: | 233,76 Gb Total Space | 233,07 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive G: | 994,70 Mb Total Space | 30,47 Mb Free Space | 3,06% Space Free | Partition Type: FAT
 
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.10 20:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2013.04.17 03:17:26 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\Tim\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013.03.28 16:12:36 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.02.26 14:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.12.11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.22 14:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2006.11.03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.10 17:27:36 | 000,013,600 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013.02.14 22:50:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.09 18:43:05 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 18:42:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 18:42:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 18:42:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 18:42:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.05 03:58:10 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.02.10 22:05:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.12 13:20:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.28 16:12:36 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.03.15 15:40:15 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.26 14:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2011.12.14 12:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.12 05:40:54 | 000,136,544 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 16:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.03.04 16:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.01.30 13:58:40 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.12 06:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.11.12 06:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.08.24 17:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.06.11 14:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2010.02.10 22:24:06 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.02.10 21:11:14 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006.12.05 12:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2013.05.10 20:21:48 | 000,056,496 | ---- | M] (GMER) [Kernel | On_Demand | Unknown] -- C:\Users\Tim\AppData\Local\Temp\uwldipow.sys -- (uwldipow)
DRV - [2011.12.12 19:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.03.02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010.11.01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=9683BC5FF40A6837
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 4D C1 34 C6 A6 CD 01  [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=9683BC5FF40A6837
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/watch?v=K9MrdsuQfNE&list=LL8l0WIN10FrIOKroNuK6GTQ|hxxp://www.facebook.com/home.php"
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 13:20:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:20:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.03.28 16:12:36 | 000,037,909 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 13:20:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:20:46 | 000,000,000 | ---D | M]
 
[2012.10.14 11:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions
[2013.05.09 00:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\4kvrmurp.default\extensions
[2012.12.04 20:01:50 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\4kvrmurp.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.02.22 15:04:08 | 000,000,000 | ---D | M] (British English Dictionary (Updated)) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\4kvrmurp.default\extensions\en-gb@flyingtophat.co.uk
[2013.05.01 17:21:50 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\4kvrmurp.default\extensions\ffxtlbr@delta.com
[2013.05.01 17:21:46 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\4kvrmurp.default\extensions\plugin@yontoo.com
[2012.12.10 01:19:21 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\4kvrmurp.default\extensions\youtube2mp3@mondayx.de.xpi
[2013.05.09 00:53:50 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\4kvrmurp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.01 17:21:58 | 000,006,473 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\4kvrmurp.default\searchplugins\babylon.xml
[2013.05.01 17:21:58 | 000,006,473 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\4kvrmurp.default\searchplugins\BrowserProtect.xml
[2013.05.01 17:21:52 | 000,001,294 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\4kvrmurp.default\searchplugins\delta.xml
[2013.04.12 13:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 13:20:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.11.05 01:05:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.05.01 17:21:44 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.11.05 01:05:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.05 01:05:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.05 01:05:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.05 01:05:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.05 01:05:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Facebook Update] "C:\Users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\Tim\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B600747C-A174-4E7F-A648-83FB8D725DA7}: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3A30591-98D7-45C1-88CB-0FCE58EA5CE6}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.05.10 19:04:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.10 20:20:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2013.05.10 19:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.05.10 19:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.05.10 19:40:14 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.05.10 19:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.05.10 19:40:00 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Programs
[2013.05.10 19:02:04 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.05.10 19:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.10 19:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.05.01 17:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2013.05.01 17:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.05.01 17:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013.05.01 17:22:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\Qtrax
[2013.05.01 17:22:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTRAX
[2013.05.01 17:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.05.01 17:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.05.01 17:21:57 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Mipony Download Manager Packages
[2013.05.01 17:21:56 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.05.01 17:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.05.01 17:21:51 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\BabSolution
[2013.05.01 17:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.05.01 17:21:47 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2013.05.01 17:21:46 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Yontoo
[2013.05.01 17:21:44 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DSite
[2013.05.01 17:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2013.05.01 17:21:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
[2013.05.01 17:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony
[2013.05.01 17:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiPony
[2013.05.01 17:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.04.28 13:28:54 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Beatels
[2013.04.27 17:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.12 13:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.10 20:34:59 | 000,000,000 | ---- | M] () -- C:\Users\Tim\defogger_reenable
[2013.05.10 20:23:25 | 000,050,477 | ---- | M] () -- C:\Users\Tim\Desktop\Defogger.exe
[2013.05.10 20:21:33 | 000,377,856 | ---- | M] () -- C:\Users\Tim\Desktop\gmer_2.1.19163.exe
[2013.05.10 20:21:03 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.05.10 20:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2013.05.10 19:40:17 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.05.10 19:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.10 19:18:04 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2447946031-2368864411-1565229735-1001UA.job
[2013.05.10 19:04:00 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.05.10 19:03:41 | 000,002,254 | ---- | M] () -- C:\Users\Tim\Desktop\SpyHunter.lnk
[2013.05.10 17:34:33 | 000,018,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.10 17:34:33 | 000,018,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.10 17:31:37 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.10 17:31:37 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.10 17:31:37 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.10 17:31:37 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.10 17:31:37 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.10 17:27:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.10 00:31:20 | 000,000,000 | ---- | M] () -- C:\end
[2013.05.09 01:18:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2447946031-2368864411-1565229735-1001Core.job
[2013.05.01 17:23:12 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2013.05.01 17:23:12 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2013.04.12 13:07:52 | 000,296,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.10 20:34:59 | 000,000,000 | ---- | C] () -- C:\Users\Tim\defogger_reenable
[2013.05.10 20:23:24 | 000,050,477 | ---- | C] () -- C:\Users\Tim\Desktop\Defogger.exe
[2013.05.10 20:21:33 | 000,377,856 | ---- | C] () -- C:\Users\Tim\Desktop\gmer_2.1.19163.exe
[2013.05.10 19:40:17 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.05.10 19:40:17 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.05.10 19:04:00 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.05.10 19:02:04 | 000,002,254 | ---- | C] () -- C:\Users\Tim\Desktop\SpyHunter.lnk
[2013.05.07 23:01:56 | 000,114,176 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\BabMaint.exe
[2013.05.01 17:23:12 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2013.05.01 17:23:12 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2013.05.01 17:22:36 | 000,002,377 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
[2013.05.01 17:21:45 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013.05.01 17:21:43 | 000,000,000 | ---- | C] () -- C:\end
[2012.10.10 11:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.13 13:47:38 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.15 15:40:59 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AniTuner
[2012.10.14 11:31:51 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AVG2013
[2013.05.01 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\BabSolution
[2013.05.01 17:21:44 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\DSite
[2012.10.14 16:43:05 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Foxit Software
[2012.10.10 14:10:48 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\FreePDF
[2013.03.26 14:27:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ImgBurn
[2012.12.09 21:37:02 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\LolClient
[2013.05.01 17:21:57 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Mipony Download Manager Packages
[2012.10.14 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\OpenOffice.org
[2012.10.14 11:43:06 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Opera
[2013.02.07 00:29:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PingPlotter Freeware
[2012.12.15 16:04:08 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Stardock
[2013.05.10 01:00:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TS3Client
[2012.11.06 01:14:47 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ts3overlay
[2012.10.14 11:30:05 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TuneUp Software
[2013.05.10 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Yontoo
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extra:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.05.2013 20:37:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tim\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,74 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 59,59% Memory free
7,49 Gb Paging File | 6,16 Gb Available in Paging File | 82,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,90 Gb Total Space | 4,42 Gb Free Space | 7,92% Space Free | Partition Type: NTFS
Drive E: | 233,76 Gb Total Space | 197,23 Gb Free Space | 84,37% Space Free | Partition Type: NTFS
Drive F: | 233,76 Gb Total Space | 233,07 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive G: | 994,70 Mb Total Space | 30,47 Mb Free Space | 3,06% Space Free | Partition Type: FAT
 
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EE13D4-568C-4FE5-A303-E5B9B5798D88}" = rport=137 | protocol=17 | dir=out | app=system | 
"{067AE95C-68E4-4B48-9EE5-6315C5DFF64A}" = lport=56659 | protocol=6 | dir=in | name=pando media booster | 
"{09921933-5C76-4C58-890D-F96B94316D35}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0ED1C5CF-A5EF-4159-8DF5-7D7DE20766CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{209E20D0-F15D-4E6F-ABA0-3DFEA9807BF4}" = lport=56659 | protocol=17 | dir=in | name=pando media booster | 
"{2168AFE4-6691-4537-8B70-19E7C11C345A}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{2CBCE8A1-A278-4905-BA82-47292B8A4D6B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{37900106-5372-46E3-827D-542AE3A68DB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{48CD82E9-4BDE-4758-A2F4-EEC30E6A167D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{51A98A28-26B7-44B9-B81D-DEB9DCFC1FD7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5207284A-11CF-4B63-91CB-00177823A812}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5A26AAAE-2224-424C-BE6D-E7A2F92371A0}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{5B99E615-D603-492D-B90D-7D359B1F6C61}" = lport=56659 | protocol=6 | dir=in | name=pando media booster | 
"{64C7A86C-ECCB-4910-B365-511764FAC3B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{696A0DCB-FD23-4E4A-B4A4-38ACD3251B2F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6BB1F169-4F66-4C81-926F-53ADD6AE186D}" = lport=56659 | protocol=17 | dir=in | name=pando media booster | 
"{7ACE586E-3388-4769-A827-C544385BF019}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{80306D7B-EBFD-4B97-9907-7423ADE011E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C62EB7C-E433-4E4B-886C-159EE9532B71}" = rport=139 | protocol=6 | dir=out | app=system | 
"{92083802-461F-4121-A43B-CCE41D3CD755}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A9350B35-E78F-467B-81AB-213625FAC3F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AD132D11-C158-4AB0-8400-6DDFCD900119}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D93A9950-DECB-44C8-8E26-C48A4FD3A9AA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DA7506E7-D108-47D4-BA64-DB8772252B32}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DE9B6E57-4B1A-4737-9F86-F6A0F4FBBCDD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E4DE47F9-BB55-44B8-BBB1-170ED220C8CE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E5EF3EFD-93E0-48A5-AD19-D896E63065DE}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{F4FFB1EA-9CEC-4336-8506-AD83655D0450}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007A8797-B896-4D8D-988D-5BB09756EB20}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{0339CD89-B746-46E2-A58F-B3B5D35EFEA2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{03D22C5D-EDFB-480B-B5AE-B86020975F0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{05164230-3804-4B83-B3C8-64A185A23219}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{06967BD1-3DDF-4E1C-9A48-ACCBE4A729EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{09B44613-03CC-4D83-8DBA-34A67B4BBD57}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{0A8C317A-C2FA-4FF6-A0CC-81028B23CD3B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1425021B-CC44-4BAD-9BC7-8F4DB2664837}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{166FCFAE-FC94-4942-A7A0-FC46A5D2BAA7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1A7B331F-91E8-4293-A4D1-E47AD327FCB8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{1D0C6FE7-3010-4F42-9D40-D49FA3BFC591}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{247029E2-EB00-40B2-8D51-72D94ABB57F8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{2BD6754D-BABD-4EF6-8325-2066A2620ED9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2E4183A6-8048-4033-BB4A-D12AB48B549B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{31F21205-2443-4F15-A2A7-80F72EB49D67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{36CDAC30-B6C9-4CE3-95D1-1FCD486CC8D3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{44E83EA5-D1F9-4C89-8297-F33EBDEEEC5A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{45455B64-28E2-4911-A69B-96AA16642C97}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4C7872EB-4E3E-423A-B747-0F0F1CE026C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4CD0FA41-22C4-4F22-8A22-CBE3F67660DB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4DD40752-6D59-43D7-BC8B-7B407D97F5A1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{53C6CEF1-3D58-405F-9C8E-76FD7DA83EF1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{59EC0391-A505-4D5C-A5B6-D041D2AE4551}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61BEF429-00CF-42BE-8E26-21919FA665A4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{6CF01D5F-171A-4F43-A3D9-13F9151C090E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{6D30AA85-81D0-4A77-95FC-296E423ACADD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6DA3C557-3F64-4937-9EE2-6968E9BC0FFD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{73357209-BEC1-400C-8C53-E25C9485C985}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{73B1D629-D06E-414C-9667-E74A43EE4BB6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{83CD9E36-1FDB-4F94-B7F1-DFFC9D23A8A2}" = dir=in | app=c:\users\tim\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{99972A89-D9E3-4A23-9D76-E86A4B2C7EAA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{9DC2BFAA-AAFF-4758-BC40-E15B12CF7295}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{A0A09876-B0D5-488B-96D6-8FC6F4E02DDD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AA9A83D3-DDA8-483B-895A-C16D5234E29F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AA9EA6A7-D5B2-4943-8C7E-F22D3A2F72AB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B5AD6C2D-170B-426A-982C-7B54B2DDC179}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{B72D1998-7ABF-45F8-8C11-C86B0BBE6193}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{BDD7DAA3-E75B-49D1-A3F3-DC466FA0A68D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{C09280B5-5CBA-4B59-B8CA-95197332608F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{C0DB7DE8-6BEF-45D7-AB9C-9E83097C5DC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{C1E3E7E4-8F3A-4674-AE55-E980CF8D13E5}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{C5364F64-14E4-492C-9656-FB9412F776DA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{C712ACE8-53B8-4AB7-A72E-DCFDC708C235}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCC03358-081A-4C36-9A1B-ABF7B9E4DF42}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CF637516-08DB-4077-AFFE-9ECA82768B05}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{D134D1C1-B125-42B0-BC24-D32564DC70A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D1EF9D1D-2CAA-4029-A2BC-20A3C5F87726}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{D379608F-2AFA-4CB6-9E28-F1D9BC3FFE1E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{D831551D-DB21-4A53-8977-0F355AFC06BB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{D8AF80D2-26A3-47A2-81A3-4B682314D64C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D8D6AF9D-9862-4B68-849B-5A51BCB4C174}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD6B6D2C-592B-474D-92B2-D4A3E17A89E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F22431B0-F836-4DD0-8321-1AF618AD6ADF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB618C8B-238A-4181-A6EE-6C0050A27489}" = protocol=6 | dir=out | app=system | 
"TCP Query User{315C700F-846B-478A-A0AC-66AC12BCED0D}F:\croteam\serious sam - the second encounter\bin\serioussam.exe" = protocol=6 | dir=in | app=f:\croteam\serious sam - the second encounter\bin\serioussam.exe | 
"TCP Query User{399D8B8E-EEFE-42ED-B9F5-DEE92732F7B4}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{399E7A82-D386-45D0-9D49-02AA5DA1FD6C}E:\serious sam - the second encounter\bin\serioussam.exe" = protocol=6 | dir=in | app=e:\serious sam - the second encounter\bin\serioussam.exe | 
"TCP Query User{4030D5DE-7A4B-431F-8EA6-2F84E92D71F3}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{54E65DCA-19DE-4AF5-9827-A228A8283FA2}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{58B31D63-BF3B-4848-A071-1BFF2154B9BD}C:\users\tim\desktop\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\tim\desktop\age of empires ii\age2_x1.exe | 
"TCP Query User{B4823361-79F8-44B6-B7FA-F66F2C7913D4}E:\serious sam - the second encounter\bin\serioussam.exe" = protocol=6 | dir=in | app=e:\serious sam - the second encounter\bin\serioussam.exe | 
"UDP Query User{299ADE28-1377-4E56-AFB3-B95879F14503}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{358CC118-E916-46D8-BDF3-AF0761AF3CD4}F:\croteam\serious sam - the second encounter\bin\serioussam.exe" = protocol=17 | dir=in | app=f:\croteam\serious sam - the second encounter\bin\serioussam.exe | 
"UDP Query User{503A0C07-291A-44AA-98B4-E0B2EFB3E275}C:\users\tim\desktop\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\tim\desktop\age of empires ii\age2_x1.exe | 
"UDP Query User{51877EB4-6ECB-42A0-9AA4-31EE472BF4BE}E:\serious sam - the second encounter\bin\serioussam.exe" = protocol=17 | dir=in | app=e:\serious sam - the second encounter\bin\serioussam.exe | 
"UDP Query User{9D6909AA-FC21-469B-AE15-05EF62EAE7F8}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{B707568D-F3BD-4F9A-B8BB-CE7A8D3FB567}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{DA637345-D517-4751-BCD0-D2FC5DB03787}E:\serious sam - the second encounter\bin\serioussam.exe" = protocol=17 | dir=in | app=e:\serious sam - the second encounter\bin\serioussam.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C798FBB-2BA6-D113-C055-936965550F33}" = ATI Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{56BFB765-EC27-4BBE-4562-7D524A4E6876}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}" = SpyHunter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.052
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"AVG" = AVG 2013
"CCleaner" = CCleaner
"GPL Ghostscript 9.05" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{179C9DAD-8A7E-E177-A099-9881BA6DB7E1}" = CCC Help Korean
"{1CA97896-6527-EFF2-15AF-F754A8345DB3}" = CCC Help Polish
"{1DE16DAD-6C8C-CE4B-6D0A-3B9C826EA7DF}" = Catalyst Control Center InstallProxy
"{207FE8B9-976B-8106-B8D8-75FD538B21AE}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2CA12532-C407-66B7-7872-998E86EB078A}" = CCC Help Thai
"{2F51311F-8A4B-4D17-9CB8-AAEACBBA9A92}" = AMD OverDrive
"{30646370-6577-DA44-F956-5179BD4FC81F}" = CCC Help Norwegian
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{36D8DF3D-B1E1-D8CA-C0F7-5FECF2ADB431}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E990010-3CFC-3451-1F07-ABD632895DED}" = Catalyst Control Center Localization All
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{653771EC-5AA7-9E1D-EBF9-BF6E9BDC0649}" = CCC Help Greek
"{69A05CAD-B0AA-4586-8FDD-D4827B2652DC}" = AniTuner
"{704985E4-596B-B30C-1B01-49A4E6386DF7}" = CCC Help Italian
"{7388AE07-F4E0-503F-6ADD-4FB9BED4C47E}" = CCC Help Czech
"{84178AE8-C22D-48CB-A6BA-D116FD3FE469}" = Qtrax Player
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE34925-34D7-4E53-FE56-B38C003FCE59}" = CCC Help Chinese Traditional
"{8C99C3CB-763F-4D87-8ACA-81B6899207B1}" = PingPlotter Freeware
"{913694EF-D62F-B372-7778-7C0DFD287EED}" = Catalyst Control Center Graphics Previews Common
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93F8D79A-EEC2-11F6-DE59-70EA8E50CAE2}" = CCC Help German
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98FBED7A-E9E1-5578-F5FD-391D51799524}" = CCC Help French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A259C1B6-7C3F-6827-657B-D6EDE5BF3CAE}" = CCC Help Finnish
"{A6D87A37-8620-FE7B-54C2-E654F4F92B95}" = Catalyst Control Center Graphics Full New
"{A96174C8-BB27-8E86-2AA8-22486DDF7B4B}" = Catalyst Control Center Core Implementation
"{AE9C87B3-0BF3-6FE1-404C-FA0EA33B4EC3}" = CCC Help Japanese
"{B1A1ACA0-54BF-6279-CD75-D4772DD16197}" = CCC Help Danish
"{B2C78D7A-D4D2-A1EF-DFAA-48A4152A5771}" = ccc-core-static
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BBD363AA-3F9E-4569-8A52-D1DEECCF5121}" = SoundPackager
"{C7A9BAF2-DA72-8503-F27F-44C6C2FF9F49}" = CCC Help Swedish
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D5348885-EB52-4355-C21B-27BD0E4CBA31}" = CCC Help Hungarian
"{D780486E-4F96-B025-4BBB-30D56E3C9418}" = CCC Help Portuguese
"{DE30220D-B7A6-EB8F-13E0-2521880E2F49}" = Catalyst Control Center Graphics Full Existing
"{E32BC396-8E51-BA3F-7001-EE463BB4EA75}" = CCC Help English
"{E481A482-A6A2-D3ED-0980-C741A9AAA96B}" = CCC Help Chinese Standard
"{E4AA1490-A0AE-5693-2C0B-4FF21C3721D8}" = CCC Help Dutch
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EBF0AA20-D891-1908-10CB-010E289C36CD}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9B431CB-5ACF-A7C1-5B96-9DF33AA25290}" = CCC Help Spanish
"{FFE7F452-F093-5859-C96E-E75310248A10}" = CCC Help Turkish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ant Renamer 2_is1" = Ant Renamer
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.57
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Foxit Reader_is1" = Foxit Reader
"FreePDF_XP" = FreePDF (Remove only)
"Game Booster_is1" = Game Booster 3
"GameSpy Arcade" = GameSpy Arcade
"ImgBurn" = ImgBurn
"MiPony" = MiPony 2.0.2
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.02.1578" = Opera 12.02
"SoundPackager" = SoundPackager
"Steam App 230410" = Warframe
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Wajam" = Wajam
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"822393099.portal.qtrax.com" = Qtrax Player
"DSite" = Update for Mipony Download Manager
"Mipony Download Manager Packages" = Mipony Download Manager Packages
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.04.2013 10:59:49 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 14.04.2013 11:29:06 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 17.04.2013 08:09:43 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 19.04.2013 14:32:07 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 25.04.2013 20:19:21 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 28.04.2013 15:59:31 | Computer Name = Tim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
 Prozesses: 0x1784  Startzeit der fehlerhaften Anwendung: 0x01ce444a7b8bcef4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 234a5eb6-b03e-11e2-9675-bc5ff40a6837
 
Error - 01.05.2013 14:34:35 | Computer Name = Tim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
 Prozesses: 0x1518  Startzeit der fehlerhaften Anwendung: 0x01ce46885db5298a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 c5684b10-b28d-11e2-b735-bc5ff40a6837
 
Error - 03.05.2013 12:03:55 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 04.05.2013 06:21:03 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 08.05.2013 12:12:36 | Computer Name = Tim-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 10.05.2013 13:02:27 | Computer Name = Tim-PC | Source = MsiInstaller | ID = 11721
Description = 
 
Error - 10.05.2013 13:44:02 | Computer Name = Tim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
 Prozesses: 0x9d8  Startzeit der fehlerhaften Anwendung: 0x01ce4da42909f926  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 3352ea62-b999-11e2-95e6-bc5ff40a6837
 
[ System Events ]
Error - 10.05.2013 11:32:56 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 10.05.2013 11:32:56 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 10.05.2013 11:32:56 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 10.05.2013 13:05:31 | Computer Name = Tim-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden.
 
Error - 10.05.2013 13:05:31 | Computer Name = Tim-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden.
 
Error - 10.05.2013 13:05:31 | Computer Name = Tim-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden.
 
Error - 10.05.2013 13:59:18 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Yontoo Desktop Updater" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 10.05.2013 14:33:12 | Computer Name = Tim-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 10.05.2013 14:33:12 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 10.05.2013 14:33:12 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         
--- --- ---


GMER :
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-10 21:02:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-5 Corsair_Force_3_SSD rev.1.3 55,90GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Tim\AppData\Local\Temp\uwldipow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                   fffff80002db2000 45 bytes [00, 00, 19, 02, 41, 76, 67, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                                   fffff80002db202f 16 bytes [00, 48, 0C, 00, 00, 14, 0E, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\PixArt\Pac207\Monitor.exe[1796] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                            00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\Windows\PixArt\Pac207\Monitor.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                   00000000755a1465 2 bytes [5A, 75]
.text     C:\Windows\PixArt\Pac207\Monitor.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                  00000000755a14bb 2 bytes [5A, 75]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1156] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                 00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        00000000755a1465 2 bytes [5A, 75]
.text     C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                       00000000755a14bb 2 bytes [5A, 75]
.text     ...                                                                                                                                                                  * 2
.text     C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2152] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000755a1465 2 bytes [5A, 75]
.text     C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000755a14bb 2 bytes [5A, 75]
.text     ...                                                                                                                                                                  * 2
.text     C:\Users\Tim\AppData\Roaming\Yontoo\YontooDesktop.exe[2160] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                           00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\Users\Tim\AppData\Roaming\Yontoo\YontooDesktop.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  00000000755a1465 2 bytes [5A, 75]
.text     C:\Users\Tim\AppData\Roaming\Yontoo\YontooDesktop.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                 00000000755a14bb 2 bytes [5A, 75]
.text     ...                                                                                                                                                                  * 2
.text     C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2444] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000755a1465 2 bytes [5A, 75]
.text     C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000755a14bb 2 bytes [5A, 75]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2636] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                  00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         00000000755a1465 2 bytes [5A, 75]
.text     C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        00000000755a14bb 2 bytes [5A, 75]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2656] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                               00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      00000000755a1465 2 bytes [5A, 75]
.text     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     00000000755a14bb 2 bytes [5A, 75]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\AVG\AVG2013\avgui.exe[2696] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                    00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[2932] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                           00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  00000000755a1465 2 bytes [5A, 75]
.text     C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                 00000000755a14bb 2 bytes [5A, 75]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3144] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                  00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                         00000000755a1465 2 bytes [5A, 75]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        00000000755a14bb 2 bytes [5A, 75]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3236] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                 00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        00000000755a1465 2 bytes [5A, 75]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000755a14bb 2 bytes [5A, 75]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3340] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                 00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        00000000755a1465 2 bytes [5A, 75]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000755a14bb 2 bytes [5A, 75]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5728] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                 00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        00000000755a1465 2 bytes [5A, 75]
.text     C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                       00000000755a14bb 2 bytes [5A, 75]
.text     ...                                                                                                                                                                  * 2
.text     C:\Users\Tim\Desktop\gmer_2.1.19163.exe[584] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                          00000000771fcfca 5 bytes JMP 0000000173634720
.text     C:\Users\Tim\Desktop\gmer_2.1.19163.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                 00000000755a1465 2 bytes [5A, 75]
.text     C:\Users\Tim\Desktop\gmer_2.1.19163.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                00000000755a14bb 2 bytes [5A, 75]
.text     ...                                                                                                                                                                  * 2

---- EOF - GMER 2.1 ----
         
--- --- ---

Geändert von Av4lon (10.05.2013 um 20:02 Uhr) Grund: Informationen fehlten

Alt 10.05.2013, 21:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wahrscheinlich "wieder" Deltasearch - Standard

Wahrscheinlich "wieder" Deltasearch



Hallo und

Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Warum hast du eine Professional-Edition von Windows
, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 10.05.2013, 23:20   #3
Av4lon
 
Wahrscheinlich "wieder" Deltasearch - Standard

Wahrscheinlich "wieder" Deltasearch



Sorry ich hab nicht so viel Ahnung von Software. Ich weiß nicht wo ich neue loggs herkriegen soll. Habs einfach nach anleitung gemacht. Aber kannst du mir vieleicht mal sagen warum ich nicht genug Rechte habe dieses Programm zu deinstallieren? Oo
__________________

Alt 12.05.2013, 19:36   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wahrscheinlich "wieder" Deltasearch - Standard

Wahrscheinlich "wieder" Deltasearch



Wer hat dir diesen Rechner installiert, war die Pro-Edititon vllt schon beim Rechner dabei?
Und mit weiteren Logs meine ich die von Virenscannern. Aber nru wenn der mal fündig geworden ist. Hat dein Virenscanner jemals einen Fund gemeldet?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.05.2013, 20:29   #5
Av4lon
 
Wahrscheinlich "wieder" Deltasearch - Standard

Wahrscheinlich "wieder" Deltasearch



Ja hat er.. entfehrnt und trotzdem hab ich den Mist noch im Browser. Ich habe den PC so geschenkt bekommen. Entweder haben die Leutchen von dem Laden den so gemacht oder mein Vater.


Alt 12.05.2013, 21:16   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wahrscheinlich "wieder" Deltasearch - Standard

Wahrscheinlich "wieder" Deltasearch



Zitat:
Ja hat er.. entfehrnt und trotzdem hab ich den Mist noch im Browser.
Und wo sind jetzt bitteschön die Logs dazu?
Ohne diese Infos kann dir nicht geholfen werden!
__________________
--> Wahrscheinlich "wieder" Deltasearch

Antwort

Themen zu Wahrscheinlich "wieder" Deltasearch
7-zip, andere, anderen, anderes, application/pdf:, defogger, deinstalliere, deinstallieren, delta, delta chrome toolbar, delta-search, deltasearch, downloaden, eigener, enigma, erreiche, hoffe, install.exe, installier, installiert, langer, meldung, mipony, msiinstaller, pando media booster, plug-in, programm, richtlinie, safer networking, spyware, tarma, troja, verschiedene, versuch, versucht, visual studio, wahrscheinlich, wajam



Ähnliche Themen: Wahrscheinlich "wieder" Deltasearch


  1. Windows 8.1: Nach wahrscheinlich nicht echtem "Windows Movie Maker" installation ist das System langsam.
    Log-Analyse und Auswertung - 18.06.2015 (11)
  2. win 7 firefox langsam "keine Rückmeldung" immer wieder Meldung "ein skript auf dieser Seite ist eventuell beschädigt...."
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (11)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. RegSvr32 "Fehler beim Laden des Moduls """ (mal wieder...)
    Log-Analyse und Auswertung - 21.08.2014 (6)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. Meldung bei "SuperAntiSpyware" : Trojan.Dropper/Storm und PUP.DeltaSearch
    Log-Analyse und Auswertung - 13.09.2013 (17)
  7. "Deltasearch" geht nicht zu beseitigen
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (7)
  8. Wahrscheinlich was eingefangen. wssetup.exe erscheint beim booten; "freezed" bildschirm
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (33)
  9. Startseite "deltasearch.com", wenn Mozilla geöffnet wird
    Log-Analyse und Auswertung - 20.03.2013 (18)
  10. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  11. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  12. "Polizei-Trojaner - österr. Variante" - Ist mein PC wieder "sauber"?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  13. Nicht sicher, ob PC nach "System Fix" Entfernung wieder "sauber"
    Log-Analyse und Auswertung - 07.01.2012 (18)
  14. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  15. Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Alles rund um Windows - 16.04.2011 (0)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema Wahrscheinlich "wieder" Deltasearch - Hallo liebes Trojaner-Board Forum. Dies ist mein erster Post eines Problemes zu dem ich selber nicht in der Lage bin es aus eigener Hand zu lösen. Ich hoffe ich erreiche - Wahrscheinlich "wieder" Deltasearch...
Archiv
Du betrachtest: Wahrscheinlich "wieder" Deltasearch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.