| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ADWARE/Adware.Gen7 gefunden Was soll ich machen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.06.2013, 13:08
| #1 |
 |  ADWARE/Adware.Gen7 gefunden Was soll ich machen? Hallo, ich habe mir heute ein Programm heruntergeladen (Seite ist mir nicht mehr bekannt) und dabei kam von Avira die Meldung von einem Fund von ADWARE/Adware.Gen7. Ich habe dann ausgewählt das der Zugriff verweigert werden soll. Ich bin mir jetzt unsicher ob ich die adware noch auf dem PC habe bzw. wie ich sie entfernen kann. Ich habe noch einen vollständigen Systemscan mit Avira gemacht aber es wurde nichts gefunden. Als ich meinen PC heruntergefahren haben hat es länger als sonst gedauert bis er aus war. Logfiles sind im Anhang. Ich hoffe Ihr könnt mir helfen. Vielen Dank im Voraus. Mit freundlichen Grüßen Liongamer1 |
|
01.06.2013, 13:18
| #2 |
| /// the machine /// TB-Ausbilder    | ADWARE/Adware.Gen7 gefunden Was soll ich machen? Hi,
__________________Logfiles bitte in den Thread posten.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches OTL Logfile.
__________________ |
|
01.06.2013, 13:28
| #3 |
| | ADWARE/Adware.Gen7 gefunden Was soll ich machen? Hallo,
__________________ich werde die files in 3 Antworten tun da sie zusammen zu lang sind. OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.06.2013 12:44:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 29,67% Memory free 7,98 Gb Paging File | 2,57 Gb Available in Paging File | 32,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,45 Gb Total Space | 50,14 Gb Free Space | 10,98% Space Free | Partition Type: NTFS Drive D: | 456,96 Gb Total Space | 50,80 Gb Free Space | 11,12% Space Free | Partition Type: NTFS Drive E: | 3,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.01 12:16:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Downloads\OTL.exe PRC - [2013.05.29 16:33:51 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.07 22:24:46 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.05.07 22:24:45 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.05.04 01:35:30 | 001,635,752 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013.04.12 20:18:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.12 20:17:56 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.23 19:16:58 | 001,297,728 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2013.02.23 16:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2010.02.01 20:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.12.25 03:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2009.12.25 03:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe ========== Modules (No Company Name) ========== MOD - [2013.05.04 01:35:30 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013.04.24 04:30:08 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll MOD - [2013.03.28 22:04:04 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_32.dll MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2009.08.11 15:19:04 | 000,797,184 | ---- | M] () -- C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ac3filter.ax ========== Services (SafeList) ========== SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.05.15 18:12:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.07 22:24:46 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.12 20:18:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.12 20:17:56 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.23 16:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.12.04 10:54:14 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.01 20:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.12 20:18:18 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.04.12 20:18:17 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.12 20:18:17 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013.02.05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.10.02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360413c806pe435v165w5761u87s IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=hp&fr=linkury-tb&installDate=08/05/2013&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000 IE - HKCU\..\URLSearchHook: {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files (x86)\SearchMe Toolbar\IE\7.0\searchmeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {2F0FF6C9-9919-412C-BADB-D07FB4735AE9} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119518&babsrc=SP_ss&mntrId=C8D24487FCD117E3 IE - HKCU\..\SearchScopes\{2F0FF6C9-9919-412C-BADB-D07FB4735AE9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms} IE - HKCU\..\SearchScopes\{58B8EBE9-4F09-4F33-B1E1-F8E6E9773FE1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=230ff68c-ddf4-4c0d-b61d-95edcfaa7efc&apn_sauid=F6FC3C6A-EDB7-4A95-8AB9-C7C1483F6E80 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE531 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=888596" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=hp&fr=linkury-tb&installDate=08/05/2013&type=hp1000" FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=888596&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.04.16 13:53:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.29 19:43:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.20 11:01:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.20 11:01:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.04.12 20:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Extensions [2013.05.12 19:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Firefox\Profiles\ri8t50b8.default\Extensions [2013.05.11 17:07:56 | 000,002,507 | ---- | M] () -- C:\Users\Leon\AppData\Roaming\mozilla\firefox\profiles\ri8t50b8.default\searchplugins\Web Search.xml [2013.04.12 20:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.16 13:53:02 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll CHR - homepage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=hp&fr=linkury-tb&installDate=08/05/2013&type=hp1000 CHR - Extension: SiteAdvisor = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (SearchMe Toolbar) - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files (x86)\SearchMe Toolbar\IE\7.0\searchmeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (SearchMe Toolbar) - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files (x86)\SearchMe Toolbar\IE\7.0\searchmeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F037E7A1-FD3B-4EFF-A644-019C59AA830E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.09.30 10:03:16 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF ] O32 - AutoRun File - [2005.07.27 14:06:02 | 000,643,072 | R--- | M] (Blue Byte Software, Inc.) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2005.01.13 13:36:06 | 000,000,083 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{341fa3d6-a39a-11e2-957f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{341fa3d6-a39a-11e2-957f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2005.07.27 14:06:02 | 000,643,072 | R--- | M] (Blue Byte Software, Inc.) O33 - MountPoints2\{65480a97-b7d1-11e2-bfa4-4487fcd117e3}\Shell - "" = AutoRun O33 - MountPoints2\{65480a97-b7d1-11e2-bfa4-4487fcd117e3}\Shell\AutoRun\command - "" = K:\cdstart.exe O33 - MountPoints2\{9e40a028-c211-11e2-94d8-4487fcd117e3}\Shell - "" = AutoRun O33 - MountPoints2\{9e40a028-c211-11e2-94d8-4487fcd117e3}\Shell\AutoRun\command - "" = L:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.29 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\DIE SIEDLER - DEdK [2013.05.29 19:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013.05.29 19:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013.05.29 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Spotify [2013.05.29 16:33:36 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Spotify [2013.05.21 14:55:09 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\com.amazon.music.uploader [2013.05.21 14:55:05 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\Amazon Music Importer [2013.05.21 14:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2013.05.21 14:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.05.21 14:40:00 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\DVDVideoSoft [2013.05.21 14:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.05.21 14:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.05.20 11:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.18 10:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.18 10:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.05.18 10:34:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.05.18 10:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.18 10:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.14 14:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.05.14 14:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.05.14 14:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.05.14 14:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.05.14 14:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.05.14 14:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.05.14 14:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013.05.14 14:16:13 | 000,000,000 | ---D | C] -- C:\AMD [2013.05.14 14:10:15 | 000,000,000 | ---D | C] -- C:\Users\Leon\Tracing [2013.05.14 14:09:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2013.05.14 14:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2013.05.14 14:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2013.05.14 14:08:02 | 000,000,000 | R--D | C] -- C:\Users\Leon\SkyDrive [2013.05.14 14:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013.05.14 13:27:26 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.05.13 18:47:46 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\ProtectDISC [2013.05.13 18:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Synetic [2013.05.13 18:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alarm für Cobra 11 - Undercover [2013.05.13 18:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alarm für Cobra 11 - Undercover [2013.05.12 09:49:29 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{E875C875-EF32-4A4F-95F2-05442440A2CB} [2013.05.11 21:48:50 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{F516BFAB-9A09-4E8E-A7DA-9F6544E5018B} [2013.05.11 17:11:24 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.05.11 17:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.05.11 17:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.11 17:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.05.11 09:48:11 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{154EE1E2-8ED7-4AC4-A5CA-B5F935DF9F73} [2013.05.10 21:47:36 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{8105502C-7172-4F34-8CF1-554A7AA2A376} [2013.05.10 09:46:52 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{A7EB54BE-8DB8-4E59-90D2-2CB275FC498E} [2013.05.09 20:54:50 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{84CEA951-BB27-477B-B059-4DA7D3FBC74D} [2013.05.09 08:54:20 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{39E4CB2F-3A4E-4EB2-B9C7-B23B75E4CA0F} [2013.05.08 16:36:59 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\DAEMON Tools Lite [2013.05.08 16:36:58 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\OpenCandy [2013.05.08 16:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.05.08 13:25:54 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{D3C881C5-F345-4ADF-9535-6BAC6A84266D} [2013.05.07 22:27:49 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{959DFDCF-B4FB-4818-AA1A-4449359EE446} [2013.05.07 22:25:38 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.07 16:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2013.05.07 16:40:08 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Canneverbe Limited [2013.05.07 16:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO [2013.05.07 15:06:02 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\WinRAR [2013.05.07 15:06:02 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.07 15:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.07 15:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.05.06 19:36:36 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{E338FB42-BD56-46EE-8075-D08095671CDB} [2013.05.06 17:05:14 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.05.06 16:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.05.06 16:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.05.06 16:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.05.06 15:42:47 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{31C78B42-19A7-439C-9B81-CC945F9FC6D1} [2013.05.05 17:06:13 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{38862A18-76A4-4C81-8B30-4DAB64699047} [2013.05.04 17:46:10 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{9E1CF677-1C19-438F-A588-368A48CF4600} [2013.05.03 19:37:50 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{43840F3C-EFB1-4923-A92F-3822C19DAD64} ========== Files - Modified Within 30 Days ========== [2013.06.01 12:42:31 | 000,000,000 | ---- | M] () -- C:\Users\Leon\defogger_reenable [2013.06.01 12:35:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.01 12:12:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.01 10:55:37 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 10:55:37 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 10:48:15 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.01 10:48:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.01 10:48:04 | 3214,204,928 | -HS- | M] () -- C:\hiberfil.sys [2013.05.30 18:31:15 | 000,018,882 | ---- | M] () -- C:\Users\Leon\Documents\Physik Strom Kraftwerk.odt [2013.05.28 15:06:17 | 000,013,312 | ---- | M] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.27 18:16:20 | 000,042,701 | ---- | M] () -- C:\Users\Leon\Documents\StPauls.odt [2013.05.25 17:35:38 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.24 18:22:25 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.24 18:22:25 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.24 18:22:25 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.24 18:22:25 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.24 18:22:25 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 15:03:12 | 000,452,588 | ---- | M] () -- C:\Users\Leon\Documents\WF3.02-app.bin [2013.05.22 15:03:06 | 039,251,968 | ---- | M] () -- C:\Users\Leon\Documents\HD3.02-firmware.bin [2013.05.22 15:03:06 | 000,000,128 | ---- | M] () -- C:\Users\Leon\Documents\settings.in [2013.05.22 15:03:06 | 000,000,078 | ---- | M] () -- C:\Users\Leon\Documents\update.cmd [2013.05.21 15:37:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.21 09:41:59 | 000,014,961 | ---- | M] () -- C:\Users\Leon\Documents\123.wlmp [2013.05.18 10:35:19 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.17 14:29:37 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\0000322A.LCS [2013.05.15 17:39:17 | 000,300,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.13 18:55:36 | 000,001,163 | ---- | M] () -- C:\Users\Leon\Documents\LicenseRequest.html [2013.05.13 18:44:33 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Alarm für Cobra 11 - Undercover.lnk [2013.05.10 22:48:29 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI [2013.05.10 18:49:11 | 000,127,794 | ---- | M] () -- C:\Users\Leon\AppData\Local\recently-used.xbel [2013.05.07 22:24:52 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.07 16:51:34 | 000,001,696 | ---- | M] () -- C:\Users\Leon\Documents\Landwirtschauftssimulato - Verknüpfung.lnk [2013.05.07 16:50:34 | 1456,562,176 | ---- | M] () -- C:\Users\Leon\Documents\Landwirtschauftssimulato.iso [2013.05.07 16:32:36 | 916,979,708 | ---- | M] () -- C:\Users\Leon\Documents\LS ISO.ima [2013.05.06 17:09:01 | 000,132,119 | ---- | M] () -- C:\Users\Leon\Documents\Beleg.xps [2013.05.06 17:05:14 | 000,000,222 | ---- | M] () -- C:\Users\Leon\Desktop\Cities in Motion 2.url ========== Files Created - No Company Name ========== [2013.06.01 12:42:31 | 000,000,000 | ---- | C] () -- C:\Users\Leon\defogger_reenable [2013.05.29 16:33:51 | 000,001,789 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2013.05.27 18:15:14 | 000,042,701 | ---- | C] () -- C:\Users\Leon\Documents\StPauls.odt [2013.05.22 17:04:51 | 000,452,588 | ---- | C] () -- C:\Users\Leon\Documents\WF3.02-app.bin [2013.05.22 17:04:50 | 039,251,968 | ---- | C] () -- C:\Users\Leon\Documents\HD3.02-firmware.bin [2013.05.22 17:04:50 | 000,000,128 | ---- | C] () -- C:\Users\Leon\Documents\settings.in [2013.05.22 17:04:50 | 000,000,078 | ---- | C] () -- C:\Users\Leon\Documents\update.cmd [2013.05.21 15:37:16 | 000,013,312 | ---- | C] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.21 15:37:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.21 14:55:02 | 000,001,236 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Music Importer.lnk [2013.05.21 12:46:48 | 000,018,882 | ---- | C] () -- C:\Users\Leon\Documents\Physik Strom Kraftwerk.odt [2013.05.21 09:41:59 | 000,014,961 | ---- | C] () -- C:\Users\Leon\Documents\123.wlmp [2013.05.18 10:35:19 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.14 14:09:36 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2013.05.14 14:09:32 | 000,002,176 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2013.05.14 13:48:43 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.05.14 13:27:20 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2013.05.14 13:27:11 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2013.05.13 18:55:36 | 000,001,163 | ---- | C] () -- C:\Users\Leon\Documents\LicenseRequest.html [2013.05.13 18:47:49 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\0000322A.LCS [2013.05.13 18:44:33 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\Alarm für Cobra 11 - Undercover.lnk [2013.05.10 18:49:11 | 000,127,794 | ---- | C] () -- C:\Users\Leon\AppData\Local\recently-used.xbel [2013.05.07 16:51:34 | 000,001,696 | ---- | C] () -- C:\Users\Leon\Documents\Landwirtschauftssimulato - Verknüpfung.lnk [2013.05.07 16:48:24 | 1456,562,176 | ---- | C] () -- C:\Users\Leon\Documents\Landwirtschauftssimulato.iso [2013.05.07 16:24:31 | 916,979,708 | ---- | C] () -- C:\Users\Leon\Documents\LS ISO.ima [2013.05.06 17:09:00 | 000,132,119 | ---- | C] () -- C:\Users\Leon\Documents\Beleg.xps [2013.05.06 17:05:14 | 000,000,222 | ---- | C] () -- C:\Users\Leon\Desktop\Cities in Motion 2.url [2013.04.26 22:02:21 | 000,007,604 | ---- | C] () -- C:\Users\Leon\AppData\Local\Resmon.ResmonCfg [2013.04.14 17:43:55 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2013.04.12 20:06:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.04.12 20:01:41 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\Rezip.exe [2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013.03.29 03:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013.03.29 03:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013.02.10 16:15:02 | 000,247,920 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll [2013.02.10 16:15:02 | 000,165,160 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll [2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.05.04 09:48:54 | 000,430,080 | ---- | C] ( ) -- C:\Windows\SysWow64\LMADLQ32comc.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.05.12 14:08:18 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.12 20:51:13 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Babylon [2013.05.07 16:40:08 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Canneverbe Limited [2013.05.21 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\com.amazon.music.uploader [2013.05.23 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\DAEMON Tools Lite [2013.05.21 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\DVDVideoSoft [2013.04.12 20:14:05 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\OEM [2013.05.08 16:36:58 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\OpenCandy [2013.04.21 12:20:28 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\OpenOffice.org [2013.05.13 18:47:46 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\ProtectDISC [2013.05.30 14:01:41 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Spotify [2013.04.12 22:35:18 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Thunderbird [2013.04.13 23:44:09 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Wise Auto Shutdown [2013.04.13 14:03:47 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.06.2013 12:44:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 29,67% Memory free
7,98 Gb Paging File | 2,57 Gb Available in Paging File | 32,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,45 Gb Total Space | 50,14 Gb Free Space | 10,98% Space Free | Partition Type: NTFS
Drive D: | 456,96 Gb Total Space | 50,80 Gb Free Space | 11,12% Space Free | Partition Type: NTFS
Drive E: | 3,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12A43C3D-D9D6-45B5-9EAE-797884957227}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C827770-D827-4D8E-B8F1-1ED1ADDEEF12}" = rport=138 | protocol=17 | dir=out | app=system |
"{331EDC02-3718-4E18-860B-1E72C4E64C48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3694EFE5-778C-457F-A1C4-D06B7A129338}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F981B14-4758-4826-A5A5-D88170B1053B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{406DCC85-EAE4-42A9-BC1C-628B86D0C7F5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4477384F-8741-46F1-8B51-59313A18E33D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{486F523D-0DA5-4390-BBA5-CCBE0D653E6D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5743BDAC-B77A-455D-80FD-52D75317FAA7}" = rport=445 | protocol=6 | dir=out | app=system |
"{651CE8AF-B010-481D-B8CC-7768E6E28C16}" = lport=10243 | protocol=6 | dir=in | app=system |
"{78137F1B-4F4F-464C-985F-BE50EC73C049}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E534D99-BF0E-415C-B04E-33A4B6E8CCCE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{92B20452-91CE-462D-A685-98C867B96586}" = lport=2869 | protocol=6 | dir=in | app=system |
"{983133BC-48BD-4055-A04D-CA33505ED484}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A39084DE-E4D2-45C7-95F1-361DF6A9F2C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AAC1B168-32F5-4AF5-98B9-7EDD7AC1916C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF6D972E-2C05-4499-9487-708AA36B7363}" = rport=139 | protocol=6 | dir=out | app=system |
"{BFDF6FA9-7427-4DC4-A593-0144D57AF621}" = lport=139 | protocol=6 | dir=in | app=system |
"{C07276C3-19C5-4EA4-9501-9C473849274E}" = lport=138 | protocol=17 | dir=in | app=system |
"{D017A08F-5E5E-4F30-864A-917928215AD3}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9EA4DBE-0C91-47DD-B701-E1309E9EECD2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6CCB6F1-BBEC-4A70-A91F-7C48442EEAAC}" = lport=445 | protocol=6 | dir=in | app=system |
"{E83CE910-E7DD-49A0-8885-429EC4F8F294}" = rport=137 | protocol=17 | dir=out | app=system |
"{ECB83F7E-EB4A-4FCA-A53B-450EADC258E3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F8B904A1-B2F6-49E3-B112-123D14E376C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0144CCD1-74A2-4504-A31B-2ADD36A074BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{04B61C71-05EB-4C94-A1B2-7F0DC79FD9C7}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{0CCC9789-3137-4C42-B1F1-182354FE4E49}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{19DB9F1A-AB97-449E-9980-2760713EB3EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1BB9214A-CC85-46A9-A668-DE86CDA19B84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cities in motion 2\cim2.exe |
"{1CAC3219-805A-4890-9B7D-2B53F7A5DAC2}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{2731D2AB-9F50-410D-82BD-28BFA2DA3EBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2C768A6D-A115-40AD-AC78-193B73DB7D1F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2E796372-0606-4D51-ADAA-A3B5BC2FDC32}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{35868F45-66F0-4169-8817-295BE6087BB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{393A2676-55DB-455F-8374-AC9AD30AE028}" = protocol=6 | dir=out | app=system |
"{39654033-0A39-4917-9C69-60F651FC3D44}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3AB2EBAD-0A9D-451F-86B2-8EF6792BE38E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cities in motion 2\cim2.exe |
"{3ABC4475-FDF2-4DC5-B6F3-AB909C569D55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{429717E1-C099-4C8A-AFC1-7FB29B2FBCC3}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{432454F8-BC0F-42C7-987F-DCE8AFD274EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53AD0756-1CB7-4509-977E-E93048201187}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{560AA234-1719-4D04-9618-36E6129442AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6000398A-D1CA-4828-8517-D24E7AA897C2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6842D035-94FB-44CB-8DB2-096B197ABB25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{699810AB-B04F-4232-AE0A-222BE1BE641C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{71093636-3B95-4AEA-93FD-7F5FE0A08541}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7ACC1559-7698-4C79-A179-1FFB590ACE79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C2236E8-6185-4F8A-B2F9-CD68EA30F5A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2DF0BD7-8555-47E6-849D-7CA8F3812FD8}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{AFEA0972-DE76-4165-B88F-4C21D2A74FDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B392007A-B5DF-4C1D-80D0-8CC121C6AF26}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B959410A-2B9D-46EC-8CF1-3F7688963AB0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BBCA19BD-38CA-4FCF-A4BC-04024D6F84A5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BCC5BB90-989E-4D01-98AE-93D095E477B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C10C524D-FF46-4B30-A380-C981CC275230}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C6DE2B67-1025-444B-9DAB-8BC3537F7917}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C746CFF9-E7E9-4EF9-8ABE-A7F2C2F2C3AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D081D6D6-90F9-458F-82A4-A9C55A5B5E00}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DCE36F54-00C3-45FD-9AAF-C6C9EE5BBBB6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E96CB1D3-1D2E-4BFE-853A-6C19A8F9826F}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{F5F98185-4856-473A-B4DD-CC7A638C5A0A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA0ECFA9-A8C9-4E02-B60E-3ADE08AFE955}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{070C37FA-C7B7-4066-B4F7-EE5D9EAA0D9C}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |
"TCP Query User{38895B09-FD5B-45C1-9FB2-581245185774}C:\users\leon\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\leon\appdata\roaming\spotify\spotify.exe |
"TCP Query User{49DEF350-E966-401E-B131-FC8B51B782FB}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe |
"TCP Query User{6E2570D3-2D0F-4E76-9B75-D6A7D4CC775D}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"TCP Query User{829272F5-59BD-488D-946B-3B39A4D9D2A1}C:\users\leon\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\leon\appdata\roaming\spotify\spotify.exe |
"TCP Query User{B3385DE7-54BD-4837-8642-6F2D7C7E02E1}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe |
"UDP Query User{6856FA83-0EBB-418A-AAC7-0709A2B610E4}C:\users\leon\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\leon\appdata\roaming\spotify\spotify.exe |
"UDP Query User{867F5C66-7349-4A21-9A88-723A635B62A2}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe |
"UDP Query User{943F78F2-147A-4BAC-9AFA-63DBD46D782C}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |
"UDP Query User{AF435DC4-5EC7-424D-9535-CAD12C07704A}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"UDP Query User{B6CD264A-6B1E-47D0-B4E5-C63CD043C16F}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe |
"UDP Query User{C538EB5E-134E-476E-95A1-9FFF06B1F6CB}C:\users\leon\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\leon\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98BA2F7A-DCC7-C939-9A77-ABAFA55E0AF6}" = ATI AVIVO64 Codecs
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}" = Fotogalerie
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch
"{153AAB30-B5C5-4B51-8EC7-7B6F0115BE6E}" = SearchMe Toolbar v7.0
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1EFB835F-DD75-48EC-BB3D-1A71CF604457}" = Windows Live Writer
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{22C58DA3-FA02-4DD3-8C5B-23570411E95B}" = Windows Live Writer Resources
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian
"{46710AEB-ACE9-4386-9DFB-8B65153BFA74}" = REALTEK Wireless LAN Driver
"{46BADE08-F9BE-4365-8B91-11FDCE73FF9D}" = Windows Live Family Safety
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian
"{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}" = Movie Maker
"{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai
"{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8f9d5e25-6d54-4b98-a0fd-c0e10f922788}" = Nero 9 Essentials
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese
"{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D994879-5A05-2E8A-6D21-321221AFFF32}" = Amazon Music Importer
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D29B0575-C3DE-4746-A893-4FDF0F7D68B2}" = Windows Live Mail
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish
"{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German
"{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F5FE4F51-9998-BC38-E32C-6C056ACA0BC1}" = Catalyst Control Center InstallProxy
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC5F20C5-C44E-40DE-927C-4C7D7994912F}" = Windows Live Messenger
"{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian
"{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alarm für Cobra 11 - Undercover_is1" = Alarm für Cobra 11 - Undercover
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.amazon.music.uploader" = Amazon Music Importer
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 2013
"FSX - Airbus A340-600 Airbus House Colour_is1" = FSX - Airbus A340-600 Airbus House Colour
"FSX - Airbus A340-600 Basepack_is1" = FSX - Airbus A340-600 Basepack
"FSX - Airbus A340-600 EgyptAir_is1" = FSX - Airbus A340-600 EgyptAir
"FSX - Airbus A340-600 FedEx_is1" = FSX - Airbus A340-600 FedEx
"FSX - Airbus A340-600 Iberia_is1" = FSX - Airbus A340-600 Iberia
"FSX - Antonov AN-124_is1" = FSX - Antonov AN-124
"FSX - Antonov AN-225_is1" = FSX - Antonov AN-225
"FSX - Boeing 737-900 Basepack_is1" = FSX - Boeing 737-900 Basepack
"FSX - Boeing 737-900 Continental Airlines_is1" = FSX - Boeing 737-900 Continental Airlines
"FSX - Boeing 747-400LCF Dreamlifter_is1" = FSX - Boeing 747-400LCF Dreamlifter
"FSX - Boeing 767-200 Basepack_is1" = FSX - Boeing 767-200 Basepack
"FSX - Boeing 767-200 US Airways_is1" = FSX - Boeing 767-200 US Airways
"FSX - Boeing 777-300 Basepack_is1" = FSX - Boeing 777-300 Basepack
"FSX - Boeing 777-300 Singapore Airlines_is1" = FSX - Boeing 777-300 Singapore Airlines
"FSX - British Aerospace BAe 146-200 Basepack_is1" = FSX - British Aerospace BAe 146-200 Basepack
"FSX - British Aerospace BAe 146-200 Lufthansa Regional_is1" = FSX - British Aerospace BAe 146-200 Lufthansa Regional
"FSX - British Aerospace BAe 146-200 South African AirLink_is1" = FSX - British Aerospace BAe 146-200 South African AirLink
"FSX - Concorde_is1" = FSX - Concorde
"FSX - de Havilland Dash 8-Q300 Basepack_is1" = FSX - de Havilland Dash 8-Q300 Basepack
"FSX - de Havilland Dash 8-Q300 Lufthansa Regional_is1" = FSX - de Havilland Dash 8-Q300 Lufthansa Regional
"FSX - Embraer ERJ-190 Basepack_is1" = FSX - Embraer ERJ-190 Basepack
"FSX - Embraer ERJ-190 KLM_is1" = FSX - Embraer ERJ-190 KLM
"FSX - McDonnell Douglas MD-11 Basepack_is1" = FSX - McDonnell Douglas MD-11 Basepack
"FSX - McDonnell Douglas MD-11 KLM_is1" = FSX - McDonnell Douglas MD-11 KLM
"Google Chrome" = Google Chrome
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Steam App 225420" = Cities in Motion 2
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"Wise Auto Shutdown_is1" = Wise Auto Shutdown 1.13
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.05.2013 03:48:57 | Computer Name = Leon-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 20.05.2013 04:39:06 | Computer Name = Leon-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 21.05.2013 09:40:38 | Computer Name = Leon-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1358 Startzeit: 01ce5621bfd85235 Endzeit: 20 Anwendungspfad:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID: 027159ba-c21c-11e2-94d8-4487fcd117e3
Error - 22.05.2013 10:29:51 | Computer Name = Leon-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 22.05.2013 11:18:13 | Computer Name = Leon-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 23.05.2013 08:16:56 | Computer Name = Leon-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 24.05.2013 10:30:38 | Computer Name = Leon-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 25.05.2013 07:05:46 | Computer Name = Leon-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 25.05.2013 15:32:08 | Computer Name = Leon-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 25.05.2013 16:45:30 | Computer Name = Leon-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 27.05.2013 11:25:11 | Computer Name = Leon-PC | Source = DCOM | ID = 10016
Description =
Error - 28.05.2013 08:46:46 | Computer Name = Leon-PC | Source = DCOM | ID = 10016
Description =
Error - 28.05.2013 14:20:03 | Computer Name = Leon-PC | Source = DCOM | ID = 10016
Description =
Error - 29.05.2013 02:51:20 | Computer Name = Leon-PC | Source = DCOM | ID = 10016
Description =
Error - 29.05.2013 12:57:29 | Computer Name = Leon-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht vergrößert werden kann.
Error - 29.05.2013 18:03:48 | Computer Name = Leon-PC | Source = DCOM | ID = 10010
Description =
Error - 29.05.2013 18:04:07 | Computer Name = Leon-PC | Source = DCOM | ID = 10016
Description =
Error - 30.05.2013 07:42:31 | Computer Name = Leon-PC | Source = DCOM | ID = 10016
Description =
Error - 30.05.2013 12:23:26 | Computer Name = Leon-PC | Source = DCOM | ID = 10016
Description =
Error - 30.05.2013 15:15:49 | Computer Name = Leon-PC | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
01.06.2013, 13:30
| #4 |
| | ADWARE/Adware.Gen7 gefunden Was soll ich machen?Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-01 13:31:53
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ST6O 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Leon\AppData\Local\Temp\kwldapog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033f2000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800033f202f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Steam\Steam.exe[2516] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000074dc549c 5 bytes JMP 0000000100080800
---- Threads - GMER 2.1 ----
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5324] 0000000077032e25
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2484] 00000000770bd692
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4520] 0000000062cfa4bd
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4932] 000000006422dab5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3668] 000000006422dab5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2316] 0000000061114439
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2620] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6120] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3604] 00000000690337b4
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1052] 00000000690337b4
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5856] 00000000690337b4
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5508] 00000000690337b4
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4032] 00000000690337b4
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4828] 0000000077033e45
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2752] 000000006422dab5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1844] 000000007544d864
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5744] 000000006422dab5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3768] 0000000073f027e1
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1784] 000000006422dab5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:688] 0000000061dab9f0
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2232] 0000000061dac360
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1796] 0000000061dac360
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4856] 0000000061dac360
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5636] 0000000061dac360
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1848] 0000000061dac360
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5732] 0000000061dac360
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2880] 0000000061dac360
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3828] 0000000061dac360
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:260] 0000000061dac360
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2608] 0000000061dac360
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4804] 0000000061dac360
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4044] 0000000061dac360
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5320] 0000000061dab9f0
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4232] 000000006422dab5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4224] 000000006250e640
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3452] 000000006422dab5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2984] 000000007660fff8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5572] 00000000769a42ed
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3968] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4744] 0000000067f50d93
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1580] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5228] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3876] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4752] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5340] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1620] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1256] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5336] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2500] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1252] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5492] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3064] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4832] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3836] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4228] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3140] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5564] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6012] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4160] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2368] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5200] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3984] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1404] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5608] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4400] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5548] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5388] 00000000609e1d3f
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1392] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2832] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5468] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5852] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2952] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5400] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3344] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1824] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2672] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5580] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5396] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5620] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5512] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4356] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1248] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4696] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4612] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5816] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2912] 000000005eee78e9
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3912] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1780] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2284] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3672] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2636] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5348] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3664] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5900] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4572] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5532] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4472] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3600] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4476] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4684] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:616] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3744] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5032] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5540] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5972] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1300] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5536] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5928] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5192] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4084] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2268] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2196] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:676] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5660] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1948] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6128] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3360] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:124] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:904] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3952] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3960] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5180] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4944] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3988] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3964] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:372] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:264] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1944] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4024] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:712] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5556] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5360] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4036] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3556] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1232] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6100] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1684] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:948] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4008] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3056] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3904] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5976] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4972] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1468] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4672] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5868] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3852] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5168] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2228] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1056] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3916] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4320] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5480] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4416] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6064] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5524] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3332] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4884] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5664] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5964] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:820] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5500] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4088] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3708] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3736] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5992] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5552] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3336] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:960] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3612] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3812] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4860] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4800] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5220] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3856] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4852] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3292] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3560] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2556] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3928] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:708] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5144] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5208] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3760] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4204] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5420] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1532] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2092] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4644] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3312] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2916] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5676] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6020] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3740] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5568] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4536] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3924] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3324] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2272] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1028] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5784] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1348] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3004] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5980] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3816] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5768] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5280] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5316] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5260] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3776] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2848] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:600] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4152] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5688] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5308] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2920] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5504] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4424] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1140] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2244] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1284] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4136] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4948] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4660] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1104] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5380] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4844] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5872] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2944] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4488] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5448] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5148] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:744] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4516] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3484] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3212] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5804] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6112] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5588] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5656] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5404] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5700] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5720] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5808] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5456] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2988] 0000000077032e25
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5244] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4560] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2824] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5376] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3288] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:752] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3068] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2928] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2800] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4704] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5516] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3956] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4908] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5988] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5596] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5776] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5848] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2188] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2788] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2480] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4888] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:564] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5268] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2160] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4616] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5428] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5176] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2892] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4564] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5048] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4260] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4336] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5780] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5460] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5692] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5284] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4456] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3764] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2236] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:840] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6272] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6320] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6324] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6328] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6332] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6336] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6344] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6396] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6440] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6444] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6448] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6452] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6456] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6464] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6492] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6532] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6564] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6568] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6572] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6576] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6580] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6588] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6632] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6636] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6640] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6644] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6648] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6656] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6684] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6776] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6780] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6784] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6788] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6792] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6800] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6848] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6912] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6916] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6920] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6924] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6928] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6936] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6972] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7012] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7044] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7048] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7052] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7056] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7060] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7068] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7112] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7116] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7120] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7124] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7128] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7140] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6300] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1168] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2184] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6560] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6460] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6424] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6428] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6432] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6480] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6540] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3552] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2132] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5272] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5104] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4480] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4256] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6220] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6600] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6604] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6528] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6620] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5908] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6852] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6872] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6808] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6976] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6932] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6960] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6964] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7016] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3648] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4808] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6904] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6948] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6956] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6968] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6816] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6828] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7032] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7100] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6752] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6748] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4148] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6732] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6736] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6744] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6184] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6364] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6368] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6372] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6180] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6212] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3548] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7156] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2440] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5704] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1716] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:192] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5128] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3572] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7092] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6296] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3684] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6204] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6200] 0000000067f4f007
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6404] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6192] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6172] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6536] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6512] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6468] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6472] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6496] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6500] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5416] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6628] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6552] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6556] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6944] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6764] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6760] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6768] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6236] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7136] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6940] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7000] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5408] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3752] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4004] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4300] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7088] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2300] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6412] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6616] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6992] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6520] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4340] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5736] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3416] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4512] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6516] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6984] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3564] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6156] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4328] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3432] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5040] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3544] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3012] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6252] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6276] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7160] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5796] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3464] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6232] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2860] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6896] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5684] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3208] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:560] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6664] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6692] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6844] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6256] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5952] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1280] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5464] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6176] 000000006b4b3990
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2588] 000000006b4b3b30
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3840] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5632] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:2924] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5748] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6676] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6756] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5024] 000000005eef582c
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6720] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5344] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5612] 0000000068bbbcb8
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6376] 000000005ef9cbbe
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4000] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6864] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6772] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:3052] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5364] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6408] 00000000752412e5
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:1644] 0000000068b05aa3
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6228] 0000000077033e45
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5772] 0000000077033e45
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7868] 0000000077033e45
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:6508] 0000000077033e45
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:4312] 0000000077033e45
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5452] 0000000077033e45
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7264] 0000000077033e45
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:8028] 0000000077033e45
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:5788] 0000000077033e45
Thread C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [4132:7132] 000000007544d864
---- EOF - GMER 2.1 ----
|
|
01.06.2013, 13:37
| #5 |
| /// the machine /// TB-Ausbilder | ADWARE/Adware.Gen7 gefunden Was soll ich machen? Dann jetzt bitte meine Anleitung 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 15:50
| #6 |
| | ADWARE/Adware.Gen7 gefunden Was soll ich machen? Hi, ich habe alle Schritte aus der Anleitung ausgeführt und hier sind die Ergebnisse. Code:
ATTFilter # AdwCleaner v2.301 - Datei am 01/06/2013 um 16:28:53 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Leon - LEON-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Leon\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Application Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Profiles\ri8t50b8.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Program Files (x86)\SearchMe Toolbar
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Leon\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Leon\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Leon\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Leon\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Leon\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\8e8adbe73ee449
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B9C767DD-F66A-40B4-8F12-4199A9A4393C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B9C767DD-F66A-40B4-8F12-4199A9A4393C}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=hp&fr=linkury-tb&installDate=08/05/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-96fb-43af-b600-8a906f84188a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/05/2013&type=hp1000 --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Profiles\ri8t50b8.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=[...]
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", true);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.2334] : homepage = "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ab5c490b-9[...]
Gelöscht [l.2339] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&[...]
*************************
AdwCleaner[S1].txt - [22965 octets] - [01/06/2013 16:28:53]
########## EOF - C:\AdwCleaner[S1].txt - [23026 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Leon on 01.06.2013 at 16:32:51,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{58B8EBE9-4F09-4F33-B1E1-F8E6E9773FE1}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{1115C50B-B185-4268-B75D-66066A693142}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{154EE1E2-8ED7-4AC4-A5CA-B5F935DF9F73}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{1DF6902F-1C10-48EB-8718-12CAC1530F24}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{25BA61CA-3CBA-46F7-898C-BB4023CA23E5}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{2D820F0F-76D6-4955-8A3C-C6C1E6E6EA6B}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{31C78B42-19A7-439C-9B81-CC945F9FC6D1}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{38862A18-76A4-4C81-8B30-4DAB64699047}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{39E4CB2F-3A4E-4EB2-B9C7-B23B75E4CA0F}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{43840F3C-EFB1-4923-A92F-3822C19DAD64}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{551374DB-5BF5-4C3C-987F-ECA57AAE0FD9}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{5C9D70D0-FF0A-4415-B3BA-66B2E04409B6}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{6557C9AD-04BE-4318-AFE3-1B21C02BB026}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{6FB776DD-7CDE-4CE7-B5B7-AFD2600E560F}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{7C39C71A-F49E-4CDC-A6D7-04A513EAC834}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{8105502C-7172-4F34-8CF1-554A7AA2A376}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{84CEA951-BB27-477B-B059-4DA7D3FBC74D}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{85CC2746-0EED-4541-A944-C687B0E4E438}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{959DFDCF-B4FB-4818-AA1A-4449359EE446}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{9E1CF677-1C19-438F-A588-368A48CF4600}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{A0B8F3DA-A1DA-408C-B95A-7F20EEA39F67}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{A7EB54BE-8DB8-4E59-90D2-2CB275FC498E}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{C0690D84-EB1B-4A9F-9C6D-5FC5FA43FDCE}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{D3C881C5-F345-4ADF-9535-6BAC6A84266D}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{DA0581B0-CAED-48C4-AB76-2BBCB5F81C85}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{E1954782-59E1-4D0A-83E4-C3A429F4A703}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{E338FB42-BD56-46EE-8075-D08095671CDB}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{E35B1838-87F8-4300-AC42-BCC7AF30A84E}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{E6AA14D3-9C72-4D0C-8F55-1F958BF497E5}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{E7DE1CD9-1353-49E9-ABD9-E0423AABC5A8}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{E875C875-EF32-4A4F-95F2-05442440A2CB}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{E9B50D94-88BE-464D-B0D2-3D6F91943E5F}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{F12678C7-D04A-440F-8D7B-9D0F420B6449}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{F516BFAB-9A09-4E8E-A7DA-9F6544E5018B}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{F9EF7070-BE51-494E-89F4-C4CFD35DA30F}
Successfully deleted: [Empty Folder] C:\Users\Leon\appdata\local\{FB5D3A13-448A-4A3C-ABB5-F285FCEB6CD7}
~~~ FireFox
Successfully deleted: [File] C:\Users\Leon\AppData\Roaming\mozilla\firefox\profiles\ri8t50b8.default\invalidprefs.js
Emptied folder: C:\Users\Leon\AppData\Roaming\mozilla\firefox\profiles\ri8t50b8.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.06.2013 at 16:35:45,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter OTL logfile created on: 01.06.2013 16:38:32 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,77% Memory free 7,98 Gb Paging File | 6,41 Gb Available in Paging File | 80,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,45 Gb Total Space | 51,59 Gb Free Space | 11,30% Space Free | Partition Type: NTFS Drive D: | 456,96 Gb Total Space | 57,26 Gb Free Space | 12,53% Space Free | Partition Type: NTFS Drive E: | 3,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.01 12:16:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Downloads\OTL.exe PRC - [2013.05.29 16:33:51 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.05.23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.07 22:24:46 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.05.07 22:24:45 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.12 20:18:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.12 20:17:56 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.02.01 20:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2009.12.25 03:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2009.12.25 03:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe ========== Modules (No Company Name) ========== MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.05.15 18:12:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.07 22:24:46 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.12 20:18:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.12 20:17:56 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.04 10:54:14 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.01 20:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.12 20:18:18 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.04.12 20:18:17 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.12 20:18:17 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013.02.05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.10.02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360413c806pe435v165w5761u87s IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{2F0FF6C9-9919-412C-BADB-D07FB4735AE9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=888596" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=888596&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.04.16 13:53:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.29 19:43:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.20 11:01:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.20 11:01:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.04.12 20:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Extensions [2013.05.12 19:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Firefox\Profiles\ri8t50b8.default\Extensions [2013.04.12 20:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.16 13:53:02 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - Extension: SiteAdvisor = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F037E7A1-FD3B-4EFF-A644-019C59AA830E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.09.30 10:03:16 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF ] O32 - AutoRun File - [2005.07.27 14:06:02 | 000,643,072 | R--- | M] (Blue Byte Software, Inc.) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2005.01.13 13:36:06 | 000,000,083 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{341fa3d6-a39a-11e2-957f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{341fa3d6-a39a-11e2-957f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2005.07.27 14:06:02 | 000,643,072 | R--- | M] (Blue Byte Software, Inc.) O33 - MountPoints2\{65480a97-b7d1-11e2-bfa4-4487fcd117e3}\Shell - "" = AutoRun O33 - MountPoints2\{65480a97-b7d1-11e2-bfa4-4487fcd117e3}\Shell\AutoRun\command - "" = K:\cdstart.exe O33 - MountPoints2\{9e40a028-c211-11e2-94d8-4487fcd117e3}\Shell - "" = AutoRun O33 - MountPoints2\{9e40a028-c211-11e2-94d8-4487fcd117e3}\Shell\AutoRun\command - "" = L:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.01 16:32:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.01 16:32:41 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.01 14:32:03 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Leon\Desktop\JRT.exe [2013.06.01 13:45:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.05.29 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\DIE SIEDLER - DEdK [2013.05.29 19:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013.05.29 19:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013.05.29 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Spotify [2013.05.29 16:33:36 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Spotify [2013.05.21 14:55:09 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\com.amazon.music.uploader [2013.05.21 14:55:05 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\Amazon Music Importer [2013.05.21 14:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2013.05.21 14:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.05.21 14:40:00 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\DVDVideoSoft [2013.05.21 14:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.05.21 14:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.05.20 11:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.18 10:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.18 10:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.05.18 10:34:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.05.18 10:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.18 10:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.14 14:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.05.14 14:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.05.14 14:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.05.14 14:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.05.14 14:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.05.14 14:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.05.14 14:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013.05.14 14:16:13 | 000,000,000 | ---D | C] -- C:\AMD [2013.05.14 14:10:15 | 000,000,000 | ---D | C] -- C:\Users\Leon\Tracing [2013.05.14 14:09:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2013.05.14 14:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2013.05.14 14:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2013.05.14 14:08:02 | 000,000,000 | R--D | C] -- C:\Users\Leon\SkyDrive [2013.05.14 14:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013.05.14 13:27:26 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.05.13 18:47:46 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\ProtectDISC [2013.05.13 18:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Synetic [2013.05.13 18:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alarm für Cobra 11 - Undercover [2013.05.13 18:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alarm für Cobra 11 - Undercover [2013.05.11 17:11:24 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.05.11 17:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.05.11 17:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.11 17:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.05.08 16:36:59 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\DAEMON Tools Lite [2013.05.08 16:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.05.07 22:25:38 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.07 16:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2013.05.07 16:40:08 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Canneverbe Limited [2013.05.07 16:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO [2013.05.07 15:06:02 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\WinRAR [2013.05.07 15:06:02 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.07 15:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.07 15:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.05.06 17:05:14 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.05.06 16:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.05.06 16:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.05.06 16:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam ========== Files - Modified Within 30 Days ========== [2013.06.01 16:38:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 16:38:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 16:35:10 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.01 16:30:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.01 16:30:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.01 16:30:23 | 3214,204,928 | -HS- | M] () -- C:\hiberfil.sys [2013.06.01 16:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.01 14:32:31 | 000,632,031 | ---- | M] () -- C:\Users\Leon\Desktop\adwcleaner.exe [2013.06.01 14:32:23 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Leon\Desktop\JRT.exe [2013.06.01 14:03:36 | 000,029,032 | ---- | M] () -- C:\Users\Leon\Desktop\Logfiles.rar [2013.06.01 13:45:10 | 926,160,612 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.01 12:55:56 | 000,377,856 | ---- | M] () -- C:\Users\Leon\Desktop\gmer_2.1.19163.exe [2013.06.01 12:42:31 | 000,000,000 | ---- | M] () -- C:\Users\Leon\defogger_reenable [2013.05.30 18:31:15 | 000,018,882 | ---- | M] () -- C:\Users\Leon\Documents\Physik Strom Kraftwerk.odt [2013.05.28 15:06:17 | 000,013,312 | ---- | M] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.27 18:16:20 | 000,042,701 | ---- | M] () -- C:\Users\Leon\Documents\StPauls.odt [2013.05.25 17:35:38 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.24 18:22:25 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.24 18:22:25 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.24 18:22:25 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.24 18:22:25 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.24 18:22:25 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 15:03:12 | 000,452,588 | ---- | M] () -- C:\Users\Leon\Documents\WF3.02-app.bin [2013.05.22 15:03:06 | 039,251,968 | ---- | M] () -- C:\Users\Leon\Documents\HD3.02-firmware.bin [2013.05.22 15:03:06 | 000,000,128 | ---- | M] () -- C:\Users\Leon\Documents\settings.in [2013.05.22 15:03:06 | 000,000,078 | ---- | M] () -- C:\Users\Leon\Documents\update.cmd [2013.05.21 15:37:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.21 09:41:59 | 000,014,961 | ---- | M] () -- C:\Users\Leon\Documents\123.wlmp [2013.05.18 10:35:19 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.17 14:29:37 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\0000322A.LCS [2013.05.15 17:39:17 | 000,300,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.13 18:55:36 | 000,001,163 | ---- | M] () -- C:\Users\Leon\Documents\LicenseRequest.html [2013.05.13 18:44:33 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Alarm für Cobra 11 - Undercover.lnk [2013.05.10 22:48:29 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI [2013.05.10 18:49:11 | 000,127,794 | ---- | M] () -- C:\Users\Leon\AppData\Local\recently-used.xbel [2013.05.07 22:24:52 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.07 16:51:34 | 000,001,696 | ---- | M] () -- C:\Users\Leon\Documents\Landwirtschauftssimulato - Verknüpfung.lnk [2013.05.07 16:50:34 | 1456,562,176 | ---- | M] () -- C:\Users\Leon\Documents\Landwirtschauftssimulato.iso [2013.05.07 16:32:36 | 916,979,708 | ---- | M] () -- C:\Users\Leon\Documents\LS ISO.ima [2013.05.06 17:09:01 | 000,132,119 | ---- | M] () -- C:\Users\Leon\Documents\Beleg.xps [2013.05.06 17:05:14 | 000,000,222 | ---- | M] () -- C:\Users\Leon\Desktop\Cities in Motion 2.url ========== Files Created - No Company Name ========== [2013.06.01 14:32:23 | 000,632,031 | ---- | C] () -- C:\Users\Leon\Desktop\adwcleaner.exe [2013.06.01 14:03:36 | 000,029,032 | ---- | C] () -- C:\Users\Leon\Desktop\Logfiles.rar [2013.06.01 13:45:10 | 926,160,612 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.06.01 12:55:53 | 000,377,856 | ---- | C] () -- C:\Users\Leon\Desktop\gmer_2.1.19163.exe [2013.06.01 12:42:31 | 000,000,000 | ---- | C] () -- C:\Users\Leon\defogger_reenable [2013.05.29 16:33:51 | 000,001,789 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2013.05.27 18:15:14 | 000,042,701 | ---- | C] () -- C:\Users\Leon\Documents\StPauls.odt [2013.05.22 17:04:51 | 000,452,588 | ---- | C] () -- C:\Users\Leon\Documents\WF3.02-app.bin [2013.05.22 17:04:50 | 039,251,968 | ---- | C] () -- C:\Users\Leon\Documents\HD3.02-firmware.bin [2013.05.22 17:04:50 | 000,000,128 | ---- | C] () -- C:\Users\Leon\Documents\settings.in [2013.05.22 17:04:50 | 000,000,078 | ---- | C] () -- C:\Users\Leon\Documents\update.cmd [2013.05.21 15:37:16 | 000,013,312 | ---- | C] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.21 15:37:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.21 14:55:02 | 000,001,236 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Music Importer.lnk [2013.05.21 12:46:48 | 000,018,882 | ---- | C] () -- C:\Users\Leon\Documents\Physik Strom Kraftwerk.odt [2013.05.21 09:41:59 | 000,014,961 | ---- | C] () -- C:\Users\Leon\Documents\123.wlmp [2013.05.18 10:35:19 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.14 14:09:36 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2013.05.14 14:09:32 | 000,002,176 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2013.05.14 13:48:43 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.05.14 13:27:20 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2013.05.14 13:27:11 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2013.05.13 18:55:36 | 000,001,163 | ---- | C] () -- C:\Users\Leon\Documents\LicenseRequest.html [2013.05.13 18:47:49 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\0000322A.LCS [2013.05.13 18:44:33 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\Alarm für Cobra 11 - Undercover.lnk [2013.05.10 18:49:11 | 000,127,794 | ---- | C] () -- C:\Users\Leon\AppData\Local\recently-used.xbel [2013.05.07 16:51:34 | 000,001,696 | ---- | C] () -- C:\Users\Leon\Documents\Landwirtschauftssimulato - Verknüpfung.lnk [2013.05.07 16:48:24 | 1456,562,176 | ---- | C] () -- C:\Users\Leon\Documents\Landwirtschauftssimulato.iso [2013.05.07 16:24:31 | 916,979,708 | ---- | C] () -- C:\Users\Leon\Documents\LS ISO.ima [2013.05.06 17:09:00 | 000,132,119 | ---- | C] () -- C:\Users\Leon\Documents\Beleg.xps [2013.05.06 17:05:14 | 000,000,222 | ---- | C] () -- C:\Users\Leon\Desktop\Cities in Motion 2.url [2013.04.26 22:02:21 | 000,007,604 | ---- | C] () -- C:\Users\Leon\AppData\Local\Resmon.ResmonCfg [2013.04.14 17:43:55 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2013.04.12 20:06:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.04.12 20:01:41 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\Rezip.exe [2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013.03.29 03:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013.03.29 03:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013.02.10 16:15:02 | 000,247,920 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll [2013.02.10 16:15:02 | 000,165,160 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll [2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.05.04 09:48:54 | 000,430,080 | ---- | C] ( ) -- C:\Windows\SysWow64\LMADLQ32comc.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.05.12 14:08:18 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.07 16:40:08 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Canneverbe Limited [2013.05.21 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\com.amazon.music.uploader [2013.05.23 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\DAEMON Tools Lite [2013.05.21 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\DVDVideoSoft [2013.04.12 20:14:05 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\OEM [2013.04.21 12:20:28 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\OpenOffice.org [2013.05.13 18:47:46 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\ProtectDISC [2013.05.30 14:01:41 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Spotify [2013.04.12 22:35:18 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Thunderbird [2013.04.13 23:44:09 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Wise Auto Shutdown [2013.04.13 14:03:47 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > |
|
01.06.2013, 15:52
| #7 |
| /// the machine /// TB-Ausbilder | ADWARE/Adware.Gen7 gefunden Was soll ich machen?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 17:27
| #8 |
| | ADWARE/Adware.Gen7 gefunden Was soll ich machen? Hi, hier ist das Logfile vom ESET Online Scanner. SecurityCheck folgt. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=213b5c74b7f3e24cb4b4be422fc92a9a
# engine=13969
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-01 04:22:33
# local_time=2013-06-01 06:22:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 5358 4313123 0 0
# compatibility_mode=5893 16776573 100 94 5958 121733603 0 0
# scanned=233299
# found=1
# cleaned=0
# scan_time=5096
sh=1B718976416A10716064C62A169DD67C9917B3BF ft=1 fh=cce52a77058ea345 vn="a variant of Win32/Adware.iBryte.H application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4088192312-551125036-4071077776-1001\$R9PAUQI.exe"
das kam beim Security Check heraus. Ich weiß nicht ob da was falsch ist. Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
|
|
01.06.2013, 17:44
| #9 |
| /// the machine /// TB-Ausbilder | ADWARE/Adware.Gen7 gefunden Was soll ich machen?Fixen mit OTL
Code:
ATTFilter :files
C:\$Recycle.Bin
Und ein frisches OTL logfile bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 17:46
| #10 |
| | ADWARE/Adware.Gen7 gefunden Was soll ich machen? Hi, an welcher Stelle soll ich den Benutzernamen nicht unkentlich machen? Gruß Liongamer1 |
|
01.06.2013, 17:50
| #11 |
| /// the machine /// TB-Ausbilder | ADWARE/Adware.Gen7 gefunden Was soll ich machen? Das sind allgemeine Anweisungen, falls im Fix eine Zeile steht wo Du das gemacht hast. Hier kannste das ignorieren
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 17:55
| #12 |
| | ADWARE/Adware.Gen7 gefunden Was soll ich machen? Hi, hier sind die Logfiles. Code:
ATTFilter ========== FILES ==========
C:\$Recycle.Bin\S-1-5-21-4088192312-551125036-4071077776-1001 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-3420001990-3890712676-3236286940-500 folder moved successfully.
C:\$Recycle.Bin\S-1-5-20 folder moved successfully.
C:\$Recycle.Bin folder moved successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 06012013_184827
Code:
ATTFilter OTL logfile created on: 01.06.2013 18:49:02 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 71,64% Memory free 7,98 Gb Paging File | 6,55 Gb Available in Paging File | 82,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,45 Gb Total Space | 62,04 Gb Free Space | 13,59% Space Free | Partition Type: NTFS Drive D: | 456,96 Gb Total Space | 81,72 Gb Free Space | 17,88% Space Free | Partition Type: NTFS Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.01 12:16:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Downloads\OTL.exe PRC - [2013.05.29 16:33:51 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.07 22:24:46 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.05.07 22:24:45 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.12 20:18:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.12 20:17:56 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.02.01 20:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.12.25 03:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2009.12.25 03:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe ========== Modules (No Company Name) ========== MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.05.15 18:12:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.07 22:24:46 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.12 20:18:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.12 20:17:56 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.04 10:54:14 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.01 20:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.12 20:18:18 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.04.12 20:18:17 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.12 20:18:17 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013.02.05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.10.02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360413c806pe435v165w5761u87s IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{2F0FF6C9-9919-412C-BADB-D07FB4735AE9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=888596" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=888596&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.04.16 13:53:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.29 19:43:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.20 11:01:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.20 11:01:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.04.12 20:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Extensions [2013.05.12 19:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Firefox\Profiles\ri8t50b8.default\Extensions [2013.04.12 20:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.16 13:53:02 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: SiteAdvisor = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F037E7A1-FD3B-4EFF-A644-019C59AA830E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{65480a97-b7d1-11e2-bfa4-4487fcd117e3}\Shell - "" = AutoRun O33 - MountPoints2\{65480a97-b7d1-11e2-bfa4-4487fcd117e3}\Shell\AutoRun\command - "" = K:\cdstart.exe O33 - MountPoints2\{9e40a028-c211-11e2-94d8-4487fcd117e3}\Shell - "" = AutoRun O33 - MountPoints2\{9e40a028-c211-11e2-94d8-4487fcd117e3}\Shell\AutoRun\command - "" = L:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.01 18:48:27 | 000,000,000 | ---D | C] -- C:\_OTL [2013.06.01 17:37:28 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\ADware Problem [2013.06.01 16:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.06.01 16:32:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.01 16:32:41 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.01 13:45:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.05.29 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\DIE SIEDLER - DEdK [2013.05.29 19:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013.05.29 19:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013.05.29 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Spotify [2013.05.29 16:33:36 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Spotify [2013.05.21 14:55:09 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\com.amazon.music.uploader [2013.05.21 14:55:05 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\Amazon Music Importer [2013.05.21 14:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2013.05.21 14:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.05.21 14:40:00 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\DVDVideoSoft [2013.05.21 14:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.05.21 14:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.05.20 11:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.18 10:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.18 10:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.05.18 10:34:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.05.18 10:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.18 10:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.14 14:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.05.14 14:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.05.14 14:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.05.14 14:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.05.14 14:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.05.14 14:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.05.14 14:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013.05.14 14:16:13 | 000,000,000 | ---D | C] -- C:\AMD [2013.05.14 14:10:15 | 000,000,000 | ---D | C] -- C:\Users\Leon\Tracing [2013.05.14 14:09:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2013.05.14 14:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2013.05.14 14:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2013.05.14 14:08:02 | 000,000,000 | R--D | C] -- C:\Users\Leon\SkyDrive [2013.05.14 14:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013.05.14 13:27:26 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.05.13 18:47:46 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\ProtectDISC [2013.05.13 18:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Synetic [2013.05.13 18:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alarm für Cobra 11 - Undercover [2013.05.13 18:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alarm für Cobra 11 - Undercover [2013.05.11 17:11:24 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.05.11 17:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.05.11 17:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.11 17:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.05.08 16:36:59 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\DAEMON Tools Lite [2013.05.08 16:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.05.07 22:25:38 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.07 16:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2013.05.07 16:40:08 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Canneverbe Limited [2013.05.07 16:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO [2013.05.07 15:06:02 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\WinRAR [2013.05.07 15:06:02 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.07 15:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.07 15:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.05.06 17:05:14 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.05.06 16:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.05.06 16:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.05.06 16:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam ========== Files - Modified Within 30 Days ========== [2013.06.01 18:48:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 18:48:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 18:41:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.01 18:41:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.01 18:40:56 | 3214,204,928 | -HS- | M] () -- C:\hiberfil.sys [2013.06.01 18:35:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.01 18:12:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.01 13:45:10 | 926,160,612 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.01 12:42:31 | 000,000,000 | ---- | M] () -- C:\Users\Leon\defogger_reenable [2013.05.30 18:31:15 | 000,018,882 | ---- | M] () -- C:\Users\Leon\Documents\Physik Strom Kraftwerk.odt [2013.05.28 15:06:17 | 000,013,312 | ---- | M] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.27 18:16:20 | 000,042,701 | ---- | M] () -- C:\Users\Leon\Documents\StPauls.odt [2013.05.25 17:35:38 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.24 18:22:25 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.24 18:22:25 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.24 18:22:25 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.24 18:22:25 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.24 18:22:25 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 15:03:12 | 000,452,588 | ---- | M] () -- C:\Users\Leon\Documents\WF3.02-app.bin [2013.05.22 15:03:06 | 039,251,968 | ---- | M] () -- C:\Users\Leon\Documents\HD3.02-firmware.bin [2013.05.22 15:03:06 | 000,000,128 | ---- | M] () -- C:\Users\Leon\Documents\settings.in [2013.05.22 15:03:06 | 000,000,078 | ---- | M] () -- C:\Users\Leon\Documents\update.cmd [2013.05.21 15:37:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.21 09:41:59 | 000,014,961 | ---- | M] () -- C:\Users\Leon\Documents\123.wlmp [2013.05.18 10:35:19 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.17 14:29:37 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\0000322A.LCS [2013.05.15 17:39:17 | 000,300,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.13 18:55:36 | 000,001,163 | ---- | M] () -- C:\Users\Leon\Documents\LicenseRequest.html [2013.05.13 18:44:33 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Alarm für Cobra 11 - Undercover.lnk [2013.05.10 22:48:29 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI [2013.05.10 18:49:11 | 000,127,794 | ---- | M] () -- C:\Users\Leon\AppData\Local\recently-used.xbel [2013.05.07 22:24:52 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.07 16:51:34 | 000,001,696 | ---- | M] () -- C:\Users\Leon\Documents\Landwirtschauftssimulato - Verknüpfung.lnk [2013.05.07 16:50:34 | 1456,562,176 | ---- | M] () -- C:\Users\Leon\Documents\Landwirtschauftssimulato.iso [2013.05.07 16:32:36 | 916,979,708 | ---- | M] () -- C:\Users\Leon\Documents\LS ISO.ima [2013.05.06 17:09:01 | 000,132,119 | ---- | M] () -- C:\Users\Leon\Documents\Beleg.xps [2013.05.06 17:05:14 | 000,000,222 | ---- | M] () -- C:\Users\Leon\Desktop\Cities in Motion 2.url ========== Files Created - No Company Name ========== [2013.06.01 13:45:10 | 926,160,612 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.06.01 12:42:31 | 000,000,000 | ---- | C] () -- C:\Users\Leon\defogger_reenable [2013.05.29 16:33:51 | 000,001,789 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2013.05.27 18:15:14 | 000,042,701 | ---- | C] () -- C:\Users\Leon\Documents\StPauls.odt [2013.05.22 17:04:51 | 000,452,588 | ---- | C] () -- C:\Users\Leon\Documents\WF3.02-app.bin [2013.05.22 17:04:50 | 039,251,968 | ---- | C] () -- C:\Users\Leon\Documents\HD3.02-firmware.bin [2013.05.22 17:04:50 | 000,000,128 | ---- | C] () -- C:\Users\Leon\Documents\settings.in [2013.05.22 17:04:50 | 000,000,078 | ---- | C] () -- C:\Users\Leon\Documents\update.cmd [2013.05.21 15:37:16 | 000,013,312 | ---- | C] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.21 15:37:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.21 14:55:02 | 000,001,236 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Music Importer.lnk [2013.05.21 12:46:48 | 000,018,882 | ---- | C] () -- C:\Users\Leon\Documents\Physik Strom Kraftwerk.odt [2013.05.21 09:41:59 | 000,014,961 | ---- | C] () -- C:\Users\Leon\Documents\123.wlmp [2013.05.18 10:35:19 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.14 14:09:36 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2013.05.14 14:09:32 | 000,002,176 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2013.05.14 13:48:43 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.05.14 13:27:20 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2013.05.14 13:27:11 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2013.05.13 18:55:36 | 000,001,163 | ---- | C] () -- C:\Users\Leon\Documents\LicenseRequest.html [2013.05.13 18:47:49 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\0000322A.LCS [2013.05.13 18:44:33 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\Alarm für Cobra 11 - Undercover.lnk [2013.05.10 18:49:11 | 000,127,794 | ---- | C] () -- C:\Users\Leon\AppData\Local\recently-used.xbel [2013.05.07 16:51:34 | 000,001,696 | ---- | C] () -- C:\Users\Leon\Documents\Landwirtschauftssimulato - Verknüpfung.lnk [2013.05.07 16:48:24 | 1456,562,176 | ---- | C] () -- C:\Users\Leon\Documents\Landwirtschauftssimulato.iso [2013.05.07 16:24:31 | 916,979,708 | ---- | C] () -- C:\Users\Leon\Documents\LS ISO.ima [2013.05.06 17:09:00 | 000,132,119 | ---- | C] () -- C:\Users\Leon\Documents\Beleg.xps [2013.05.06 17:05:14 | 000,000,222 | ---- | C] () -- C:\Users\Leon\Desktop\Cities in Motion 2.url [2013.04.26 22:02:21 | 000,007,604 | ---- | C] () -- C:\Users\Leon\AppData\Local\Resmon.ResmonCfg [2013.04.14 17:43:55 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2013.04.12 20:06:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.04.12 20:01:41 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\Rezip.exe [2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013.03.29 03:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013.03.29 03:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013.02.10 16:15:02 | 000,247,920 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll [2013.02.10 16:15:02 | 000,165,160 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll [2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.05.04 09:48:54 | 000,430,080 | ---- | C] ( ) -- C:\Windows\SysWow64\LMADLQ32comc.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.05.12 14:08:18 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.07 16:40:08 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Canneverbe Limited [2013.05.21 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\com.amazon.music.uploader [2013.05.23 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\DAEMON Tools Lite [2013.05.21 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\DVDVideoSoft [2013.04.12 20:14:05 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\OEM [2013.04.21 12:20:28 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\OpenOffice.org [2013.05.13 18:47:46 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\ProtectDISC [2013.05.30 14:01:41 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Spotify [2013.04.12 22:35:18 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Thunderbird [2013.04.13 23:44:09 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Wise Auto Shutdown [2013.04.13 14:03:47 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Liongamer1 |
|
01.06.2013, 18:11
| #13 |
| /// the machine /// TB-Ausbilder | ADWARE/Adware.Gen7 gefunden Was soll ich machen? Wie läuft die Kiste?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 18:17
| #14 |
| | ADWARE/Adware.Gen7 gefunden Was soll ich machen? eigentlich ganz normal. Ist jetzt alles beseitigt? Gruß Liongamer1 |
|
01.06.2013, 18:26
| #15 |
| /// the machine /// TB-Ausbilder | ADWARE/Adware.Gen7 gefunden Was soll ich machen? Ist es Die Reihenfolge ist hier entscheidend.
Falls Du Lob/Kritik loswerden möchtest: http://www.trojaner-board.de/lob-kritik-wuensche/ Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu ADWARE/Adware.Gen7 gefunden Was soll ich machen? |
| adware, adware/adware.gen, adware/adware.gen7, avira, entferne, entfernen, fund, gamer, gefunde, heute, hilfe benötigt, hoffe, länger, löschen, malware / spyware, meldung, nicht mehr, nichts, programm, seite, systemscan, unsicher, verweigert, vollständige, was soll ich machen, zugriff, zugriff verweigert |
Textbox. 
Linear-Darstellung
