Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware - Bundestrojaner ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.08.2012, 21:14   #1
.Shiraka
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



Hallo !

Mir ist aufgefallen, das mein PC irgendwie immer langsamer geworden ist. Dazu hat er dann immer mal wieder rumgespackt und ich fragte mich nur wieso. Dann bin ich durch Zufall im Taskmanager auf den Prozess "tbhcn.exe" gestoßen.
Da ich nicht wusste was das für ein Prozess ist, habe ich mal ein bisschen Google benutzt.
Das einzige was ich aber wirklich aus Google entnehmen konnte, war, dass es evtl Malware sein könnte.

Nun bin ich wie folgt vorgegangen:
CCleaner drüber laufen lassen & Cache etc. löschen lassen.
avast! Free Antivirus (mein Virenprogramm) einen Quick Scan durchführen lassen (ohne Erfolg, nix gefunden)
Malwarebytes heruntergeladen und Quick Scan gemacht.

Nun, Malwarebytes hat bei mir 39 infizierte Objekte gefunden, darunter sind einige Registry Dateien.
Da ich nun allerdings nicht weiß, wie ich weiter vorgehen sollte, wende ich mich an euch und hoffe mal auf Hilfe.

Pfad von der tbhcn.exe ist dieser:
C:\Users\****\AppData\Roaming\BrowserCompanion

Log Datei von Malwarebytes enthält das hier:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
***** :: *****-PC [Administrator]

Schutz: Aktiviert

26.08.2012 22:00:32
mbam-log-2012-08-26 (22-09-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217304
Laufzeit: 2 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 24
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 11
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.

(Ende)
         
Da ich kein wirklicher PC experte bin, würde ich mich sehr freuen wenn ihr nicht in einem Fachchinesisch antwortet

Danke im Voraus !

Mit freundlichen Grüßen,
Shiraka

Alt 27.08.2012, 02:59   #2
t'john
/// Helfer-Team
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.


Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 27.08.2012, 13:47   #3
.Shiraka
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
***** :: *****-PC [Administrator]

Schutz: Aktiviert

27.08.2012 13:51:51
mbam-log-2012-08-27 (14-40-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|I:\|J:\|K:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 401852
Laufzeit: 45 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 24
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 18
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\*****\Desktop\Eigener Server\2011er Client\metin2.bin (Backdoor.Hupigon) -> Keine Aktion durchgeführt.
C:\Users\*****\Desktop\GTASanAndreas\pztrain.exe (Malware.Gen) -> Keine Aktion durchgeführt.
C:\Users\*****\Desktop\Neuer Ordner\LOIC.exe (PUP.HackTool.LOIC) -> Keine Aktion durchgeführt.
C:\Users\*****\Desktop\RoA2\metin2client.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Users\*****\Downloads\Exen\fileextractor py downloader.exe (Adware.Solimba) -> Keine Aktion durchgeführt.
C:\Users\*****\Downloads\Switchbotv3_0_0_5\core\switchbot.dll (Malware.Gen) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.

(Ende)
         
OTL.txt:
ist als Anhang dabei, weil mein Post mehr als 120.000 Zeichen enthielt..

Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 27.08.2012 14:15:22 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,98 Gb Total Physical Memory | 8,43 Gb Available Physical Memory | 70,38% Memory free
23,96 Gb Paging File | 20,14 Gb Available in Paging File | 84,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,45 Gb Total Space | 707,92 Gb Free Space | 76,83% Space Free | Partition Type: NTFS
Drive D: | 921,47 Gb Total Space | 906,20 Gb Free Space | 98,34% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F0F0B7-F936-444E-B221-F828A1CCDFC7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{063B3CF7-A2BB-413E-B66E-72FBCC3D7DA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{073D493B-4E35-4EE2-856B-24033A741A42}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1768C322-EBA0-48C5-9699-CE9B7C62B098}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4DDE5696-ABD8-41B6-9FBA-1312D7281692}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{511F24A3-97BF-4887-9E04-0F8524D93E9D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{51BC3A08-8C95-4931-91CE-D14485AC5195}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5DF04EC7-2E03-4C97-9F53-849590037E58}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5EDDED6C-A445-4213-ADC2-0FF2B6181923}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6404343F-95CF-46F5-98CE-3323F7846492}" = lport=137 | protocol=17 | dir=in | app=system | 
"{66743F54-A7BD-45FA-BF54-F56087014832}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{6ACB750E-0F43-4581-A58B-1EA44534DA6A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{74057D59-ADD1-4886-879B-27A6C16E8364}" = rport=138 | protocol=17 | dir=out | app=system | 
"{781B37F2-FC55-4C93-AF69-126A393ABC2F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7F2C8699-A022-45C4-9E29-043154C493D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9226F23B-048E-48C2-AB67-4A80F982D200}" = lport=12000 | protocol=6 | dir=in | app=system | 
"{95B2E2B5-2946-4674-BD98-CE3E7DF3B18E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A4BB1E18-4B27-4874-841F-FA4449A0F3CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A97A360A-6617-4F08-9F6B-896FF71DF908}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB858533-380D-4D5D-8CC8-2BD4700B865C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ADAFE70B-6862-4091-852B-3CD9959F4ED5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B4F679F6-50FE-494C-B8F3-B4649387263C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D535BBA2-5EC9-40AE-A69D-ECC23516A5E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E8683A82-40F8-43D3-94CF-C44C008ED95E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F5AE5BFF-A20A-41D5-9499-87591852F92E}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0023F398-A42F-40E3-BFAD-F10B2EC89948}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{007D1173-FCC9-4AC9-999C-4E860E3D0456}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{06920DCB-FF32-47F3-9BFA-B01F48D25DC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\shiraka1\team fortress 2\hl2.exe | 
"{0A3EBAC0-D325-41EE-9960-318EB20496A9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{10151FE0-6C76-42AF-B8C9-386E535C5640}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{158757EB-912F-49AA-8B7D-23A770A78609}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{15B8134C-00F3-4B97-BF47-F107746A91E4}" = protocol=17 | dir=in | app=c:\users\*****\desktop\metin2 privat-server\azuria-client\azuria-clientstarter.exe | 
"{17534351-1252-47AB-A1CB-80E2069B2C8F}" = protocol=17 | dir=in | app=c:\users\*****\desktop\eigener server\2011er client\metin2.bin | 
"{17AFA177-7229-44B7-8CDF-CA422D2FBBFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xfasanx\team fortress 2\hl2.exe | 
"{19B5601A-C827-48C7-ABC6-17E11A7BDD36}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{19DF54BE-5E86-4184-BDED-DC8CC66A5CCB}" = protocol=6 | dir=in | app=c:\program files (x86)\premiumsoft\navicat premium 8.2\navicat.exe | 
"{1F1D39E7-5D20-4B7A-877C-6DD8EF5D0167}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{20A536A8-CCE9-4BB6-AFE4-8A9193B54B8A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\clmsservice.exe | 
"{24A0E91B-8640-4956-A2AA-9F95F2A894B7}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\reactor.exe | 
"{2935DB6B-0354-4902-9DB9-88C1659E9455}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\shiraka1\team fortress 2\hl2.exe | 
"{2CE258BD-537D-41E1-810D-7D4DE488D623}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2FEF447B-356E-43D3-B65D-6A0DD0F52762}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{305F75E2-7B67-47E5-8B6E-4B1BB384E364}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{31E16F46-570D-4D7E-B6B7-0E0337AFDFA2}" = protocol=17 | dir=in | app=c:\users\*****\downloads\azuriamt2\azuria-client\azuria-clientstarter.exe | 
"{32C6D925-6819-41CE-B4FA-25634B54A6C2}" = protocol=6 | dir=in | app=c:\users\*****\desktop\exposion2\metin2client.exe | 
"{35A5C8BF-3726-484E-AC1E-A06B6A2D6C89}" = protocol=58 | dir=in | app=system | 
"{3652598F-D799-42D4-AF08-3E578A81CF3A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{366FECC3-CE53-47E9-823C-D57F6EB37C29}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{370BAF4D-F215-4B55-88C4-94D23964F33F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the elder scrolls v skyrim - full trailer\smp.exe | 
"{3CB32603-21AF-4B25-8F00-434900F9703E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3E2B6327-950D-480E-81C2-8A2169431C2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xfasanx\team fortress 2\hl2.exe | 
"{3EB5E685-5A4C-438F-8C2A-6F369899CCF6}" = protocol=17 | dir=in | app=c:\users\*****\desktop\cythosia\cythosia-mt2.exe | 
"{410A5D2A-A17C-48D3-9CF4-1A4CBC6E620D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{424C94AE-6CAF-4536-AD30-FF508B1AB111}" = protocol=6 | dir=in | app=c:\users\*****\desktop\eigener server\2011er client\metin2.bin | 
"{4429C46B-025F-442F-94F7-A3BEB04B30F7}" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"{48D44EF3-B4A8-4A8F-81D7-545777B61355}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4ADE79A3-A669-43F8-B754-03685D72D146}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{4AEBB110-0D47-4691-BEE6-5B98216821B4}" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | 
"{4B9072C7-68A4-4B49-86F9-A8C119A9B92D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{4DCAD14B-E8E1-45A2-88B0-1C888D2EC69F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 
"{4F0CB4BE-EFFD-4441-9148-6E93F6AA0E02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the elder scrolls v skyrim - full trailer\smp.exe | 
"{5412F817-6861-4826-B4A1-F12BE0EC277E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{5C2D0BF7-1563-43AE-9571-86907EFF9F48}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{5F0D4D05-A5AA-4B6D-81BE-36208F1C8A61}" = protocol=6 | dir=in | app=c:\users\*****\desktop\anessia2 client\metin2client.bin | 
"{605FF484-962A-46E2-AAE5-4AFBDCB0E7EA}" = protocol=17 | dir=in | app=c:\users\*****\downloads\azuriaclient\azuria-client\azuria-client\azuria-clientstarter.exe | 
"{64804B58-76B0-461D-83EB-AFC91736ADDC}" = protocol=6 | dir=in | app=c:\users\*****\desktop\anessia2\metin2client.bin | 
"{650B2649-B206-4DDD-BADF-0771720E566C}" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe | 
"{67544472-1F05-4141-B584-AE471392D8EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6B34BB99-897F-4DA3-9604-BAB65E0E37B1}" = protocol=6 | dir=in | app=c:\users\*****\desktop\roa2\metin2client.exe | 
"{6BA2216C-5962-4B42-B7AD-A2FCD3CCFB67}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{6D725F65-E66E-4E3C-B1E4-35FD143EE634}" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"{6E22FCD9-A612-4D84-95FA-035C2EB6BF13}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{6FD029FC-6515-4585-BADC-D6B2B23DA136}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{71DFE4F7-37B6-4E30-B96B-FBBCF755BA61}" = protocol=6 | dir=in | app=c:\users\*****\downloads\azuriamt2\azuria-client\azuria-clientstarter.exe | 
"{73C29CA7-C97C-4B3F-B968-646F6CC45AB3}" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"{73D207F9-57B5-4388-BDA6-9F0A891DE26A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe | 
"{753480EA-CC26-413C-A5E5-08191BC0E822}" = protocol=6 | dir=in | app=c:\users\*****\downloads\azuriaclient\azuria-client\azuria-client\azuria-clientstarter.exe | 
"{78488567-5346-44F4-89D9-F59CEB10B3F9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{7DFED01A-D21A-4EB7-B986-EC354D730ED4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7ED62041-6DFA-482E-A6D1-B110B9D29F21}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7F2831E6-AD86-4896-8D94-15F5FFEE6FB5}" = protocol=6 | dir=out | app=system | 
"{7F9D19D4-AD47-40DC-BDC1-B9AFE17FAD64}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{80D6EFB6-80E1-4356-8496-B66C5DCF5ACC}" = protocol=17 | dir=in | app=c:\users\*****\desktop\roa2\metin2.bin | 
"{81B60811-1CAB-4783-AD61-A963042E6E83}" = protocol=17 | dir=in | app=c:\users\*****\desktop\cythosia3\cythosia-mt2.exe | 
"{85C1202A-83A6-4E14-8911-CF7D28EA2F2E}" = protocol=6 | dir=in | app=c:\users\*****\desktop\metin2 privat-server\azuria-client\azuria-clientstarter.exe | 
"{8657D6AC-F543-4494-8159-31348088623B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe | 
"{8BA543F3-3EB4-487C-AD38-520179F7295F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{9087108A-8A71-472D-AAB5-08D262A6493C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{90CD0285-DF65-42AB-B4FF-895C363B3519}" = protocol=6 | dir=in | app=c:\users\*****\desktop\cythosia\cythosia-mt2.exe | 
"{92DDB011-AD17-4606-ABFE-D7135FA80A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\reactor.exe | 
"{92F7C86A-A9E5-4103-8CD7-777BBC3CFF4B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{94524F17-8BBE-407D-9907-5BF4F1E03672}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{99AC5A4A-FF37-435E-83CA-9863ECF72ED5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9EC1866D-96BD-46D2-A686-7BCA1731D8DD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A418F8EF-6243-4353-B0E2-D66BB688E430}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A564DCE8-CE87-4189-B23A-15B1A421B074}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{A5B94DFE-1C1D-46DB-B653-E9B5F88C2635}" = protocol=6 | dir=in | app=c:\users\*****\desktop\azuria-client\azuria-clientstarter.exe | 
"{A6CE54B2-EA18-46D5-B90D-3F94F6D40382}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{AC620A70-2224-43EE-A376-2B37AC7963B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe | 
"{AC630C7C-E149-4847-89A8-8FD2FDA1F530}" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | 
"{AFF0465F-506E-4C0C-AE35-97645B965326}" = protocol=17 | dir=in | app=c:\program files (x86)\premiumsoft\navicat premium 8.2\navicat.exe | 
"{B070EF25-AD59-4A12-9925-F6C029D6DFB7}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{B2F89C0E-A967-4A16-B571-660079D8B4D9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{B3AC0B7B-DA27-4E03-B507-DEB235D20FAD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B8610AB7-AEBF-4885-9B90-FC6003A6205A}" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"{C0B2F2DD-61A8-4DE1-B5FD-BA0C2BB600C2}" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe | 
"{C387A2AB-7083-4CD3-838A-98145768D329}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C6FDE8C4-95D8-430E-9F2A-7A13F82F834A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{C8EFB3AB-E0AE-4D3D-A461-47CABB2667A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{CBE5EB2D-E430-43E4-8E91-1F015108282A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CC781D13-42BA-49DE-8A78-6B610CD27445}" = protocol=17 | dir=in | app=c:\users\*****\desktop\azuria-client\azuria-clientstarter.exe | 
"{D0F9204B-ADC0-4E6C-867D-094CC8B8FD0D}" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"{D7FFA102-43FF-44C1-B45F-EF12E51FEC60}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\playmovie.exe | 
"{D804C38C-A228-4981-8BFF-2141A0AB5BBD}" = protocol=17 | dir=in | app=c:\users\*****\desktop\eigener server\portmap\portmap.exe | 
"{E11DF2E6-7406-42DD-B537-9130712C8BCF}" = protocol=6 | dir=in | app=c:\users\*****\desktop\roa2\metin2.bin | 
"{E3653896-080B-415A-B460-9E1D70ED0980}" = protocol=17 | dir=in | app=c:\users\*****\desktop\anessia2 client\metin2client.bin | 
"{E5123DAA-3C93-4129-83A3-8B981C3EC1E0}" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"{E548DB7D-D73F-453A-BD87-CB7D95F8F437}" = protocol=6 | dir=in | app=c:\users\*****\desktop\cythosia3\cythosia-mt2.exe | 
"{E6659E68-28A6-406F-A091-B4AE5A964BE2}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{E6BEECF9-5273-4B7C-90C3-A799F0A25C6C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{EAC6DFD2-E99A-4CCB-989C-2A980F10FB39}" = protocol=17 | dir=in | app=c:\users\*****\desktop\anessia2\metin2client.bin | 
"{EBAD684D-B8D9-45C3-9548-3EE9579D608E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{ED1FE5AE-4C82-4EFB-BCA1-D8F0A6408C11}" = protocol=17 | dir=in | app=c:\users\*****\desktop\exposion2\metin2client.exe | 
"{EE8646B3-0F05-4E5F-9FB4-52A68750F952}" = protocol=6 | dir=in | app=c:\users\*****\desktop\eigener server\portmap\portmap.exe | 
"{F02F466A-B174-4424-AB09-E365AB56B018}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F07BFE6E-5FD5-43F0-9EE8-80A835D53A23}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{FA94A988-E5BE-4577-85B3-9E58CA5442A5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FAE5E586-8C28-4C9C-9ABE-DC56E0884D29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{FB2A86BF-AE4C-403D-B6A2-D411DCF7BE2D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FD8C1548-B747-4E01-A2AA-3D50CA2AB3C7}" = protocol=17 | dir=in | app=c:\users\*****\desktop\roa2\metin2client.exe | 
"TCP Query User{0270ED91-D0A8-4F94-BB5D-60391503F43E}C:\users\*****\desktop\exposion2\metin2client.exe" = protocol=6 | dir=in | app=c:\users\*****\desktop\exposion2\metin2client.exe | 
"TCP Query User{07DB0F6E-6FFD-4277-BB12-8C6E9D9F7D90}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"TCP Query User{0AA7558F-7325-4934-B6D6-BF2C372A6DA7}C:\users\*****\desktop\exposion2\metin2.bin" = protocol=6 | dir=in | app=c:\users\*****\desktop\exposion2\metin2.bin | 
"TCP Query User{13853C1B-E696-449A-8DB7-1BC4F1E1498E}C:\users\*****\desktop\metin2 privat-server\defconworld2 client\clientcore.bin" = protocol=6 | dir=in | app=c:\users\*****\desktop\metin2 privat-server\defconworld2 client\clientcore.bin | 
"TCP Query User{23F43540-CB12-4768-BC6A-A18BD0B3678D}C:\program files (x86)\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\reactor.exe | 
"TCP Query User{24DB8C03-8FAA-45C0-ADF7-8B918DBB33FF}C:\users\*****\desktop\metin2 privat-server\azuria-client\azuria-clientstarter.exe" = protocol=6 | dir=in | app=c:\users\*****\desktop\metin2 privat-server\azuria-client\azuria-clientstarter.exe | 
"TCP Query User{2A000798-D85E-4D34-9914-1283B70CEC4B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{35C824ED-C0EB-4C14-B902-E3D88FDFBC4F}C:\users\*****\desktop\roa2\metin2client.exe" = protocol=6 | dir=in | app=c:\users\*****\desktop\roa2\metin2client.exe | 
"TCP Query User{3F4DDEF4-B2E8-48B2-96FE-1129FA149BC9}C:\program files (x86)\steam\steamapps\xfasanx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xfasanx\team fortress 2\hl2.exe | 
"TCP Query User{458B599C-00B2-4B54-9FA1-85C5D2DD1C9C}C:\users\*****\desktop\anessia2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\*****\desktop\anessia2\metin2client.bin | 
"TCP Query User{49CD3717-6564-4217-BC6D-71B6630B6BE1}C:\users\*****\downloads\azuriaclient\azuria-client\azuria-client\azuria-clientstarter.exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\azuriaclient\azuria-client\azuria-client\azuria-clientstarter.exe | 
"TCP Query User{54F6A39C-8069-4FE5-8AFA-65A056DFB89A}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | 
"TCP Query User{5A4226BD-15AC-4A41-973B-2BAA34AC92F7}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe | 
"TCP Query User{68CBC3E2-BB84-42D5-91E3-893A1E3DA4DC}C:\users\*****\desktop\azuria-client\azuria-clientstarter.exe" = protocol=6 | dir=in | app=c:\users\*****\desktop\azuria-client\azuria-clientstarter.exe | 
"TCP Query User{713E264D-6C95-470B-BBB4-5A495B1A3169}C:\users\*****\desktop\metin2 privat-server\heaven2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\*****\desktop\metin2 privat-server\heaven2\metin2client.bin | 
"TCP Query User{79740800-81EB-4BA9-AE72-7FBCFCA00C12}C:\users\*****\desktop\metin2 privat-server\defconworld2 client\clientcore.bin" = protocol=6 | dir=in | app=c:\users\*****\desktop\metin2 privat-server\defconworld2 client\clientcore.bin | 
"TCP Query User{7C0B501E-2A89-48C5-A6FD-947FB2BA1AB9}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"TCP Query User{7F4255CE-5802-4A32-B5E4-A3B0A0E636C9}C:\users\*****\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{880A3ABE-0B74-4E00-9036-D8A224D543A7}C:\Program Files (x86)\Steam\steamapps\shiraka1\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\shiraka1\team fortress 2\hl2.exe | 
"TCP Query User{94FD0BC0-59E3-4DAF-9804-4A0A330E2CA3}C:\users\*****\desktop\metin2 privat-server\heaven2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\*****\desktop\metin2 privat-server\heaven2\metin2client.bin | 
"TCP Query User{97DC942D-F9B7-4FE4-BC49-E784433B808A}C:\users\*****\desktop\cythoisa\cythosia-mt2.exe" = protocol=6 | dir=in | app=c:\users\*****\desktop\cythoisa\cythosia-mt2.exe | 
"TCP Query User{A0CF9F35-AF9C-4C40-956A-8914A163609D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{C4217320-3F9C-4679-9848-E2BE7427FEA6}C:\users\*****\desktop\roa2\metin2.bin" = protocol=6 | dir=in | app=c:\users\*****\desktop\roa2\metin2.bin | 
"TCP Query User{C54B18AC-C87B-43B0-BA9E-9450A80CCD58}C:\users\*****\desktop\cythosia\cythosia-mt2.exe" = protocol=6 | dir=in | app=c:\users\*****\desktop\cythosia\cythosia-mt2.exe | 
"TCP Query User{CA3AD788-942C-42CD-A1C6-5E55B81F418B}C:\users\*****\desktop\anessia2 client\metin2client.bin" = protocol=6 | dir=in | app=c:\users\*****\desktop\anessia2 client\metin2client.bin | 
"TCP Query User{CF4CC4AD-E394-4D96-B2FC-1F03C12C8B5E}C:\users\*****\desktop\cythosia3\cythosia-mt2.exe" = protocol=6 | dir=in | app=c:\users\*****\desktop\cythosia3\cythosia-mt2.exe | 
"TCP Query User{D9C8D7A4-4772-4ABF-85D4-A00970ACD026}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{DB603585-A049-445C-BC6F-2DB29E4ED27F}C:\users\*****\desktop\eigener server\2011er client\metin2.bin" = protocol=6 | dir=in | app=c:\users\*****\desktop\eigener server\2011er client\metin2.bin | 
"TCP Query User{E09ED1CE-2D45-4418-8688-F6E806F6BFA1}C:\users\*****\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{EF269AFC-3988-4EA6-962F-E41C8B7A9087}C:\users\*****\desktop\eigener server\portmap\portmap.exe" = protocol=6 | dir=in | app=c:\users\*****\desktop\eigener server\portmap\portmap.exe | 
"TCP Query User{F4488A77-155E-4482-8417-28FB0072ADFA}C:\program files (x86)\premiumsoft\navicat premium 8.2\navicat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\premiumsoft\navicat premium 8.2\navicat.exe | 
"TCP Query User{FB8BBFAE-AC28-460A-A24D-FBFF079A031D}C:\users\*****\downloads\azuriamt2\azuria-client\azuria-clientstarter.exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\azuriamt2\azuria-client\azuria-clientstarter.exe | 
"UDP Query User{03F77563-E38C-4A95-B8D7-2D2884722D9C}C:\Program Files (x86)\Steam\steamapps\shiraka1\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\shiraka1\team fortress 2\hl2.exe | 
"UDP Query User{0ABBC8F4-2760-4100-AEF9-3B57E8A81C5D}C:\users\*****\desktop\cythoisa\cythosia-mt2.exe" = protocol=17 | dir=in | app=c:\users\*****\desktop\cythoisa\cythosia-mt2.exe | 
"UDP Query User{0EE9F0F8-7628-421F-BF97-BE626B8C60CF}C:\users\*****\desktop\anessia2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\*****\desktop\anessia2\metin2client.bin | 
"UDP Query User{145F0811-DAE8-4600-A1AB-AEA5D2BAA97C}C:\program files (x86)\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\reactor.exe | 
"UDP Query User{1D98FA91-8612-4BDA-8F0A-C4550B0966F8}C:\users\*****\downloads\azuriaclient\azuria-client\azuria-client\azuria-clientstarter.exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\azuriaclient\azuria-client\azuria-client\azuria-clientstarter.exe | 
"UDP Query User{245462E6-DB6D-4328-8576-AA31321EF6E3}C:\users\*****\desktop\metin2 privat-server\defconworld2 client\clientcore.bin" = protocol=17 | dir=in | app=c:\users\*****\desktop\metin2 privat-server\defconworld2 client\clientcore.bin | 
"UDP Query User{28503707-4893-4DA9-ABDF-7D3A7E2DC14B}C:\users\*****\desktop\metin2 privat-server\heaven2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\*****\desktop\metin2 privat-server\heaven2\metin2client.bin | 
"UDP Query User{31893D76-D053-4A13-A83A-AF38BDE7322C}C:\program files (x86)\premiumsoft\navicat premium 8.2\navicat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\premiumsoft\navicat premium 8.2\navicat.exe | 
"UDP Query User{3872E24E-2179-405D-9E95-F4D973D8B402}C:\users\*****\desktop\cythosia\cythosia-mt2.exe" = protocol=17 | dir=in | app=c:\users\*****\desktop\cythosia\cythosia-mt2.exe | 
"UDP Query User{42D07B8C-AC16-4020-8C25-223AD78A2319}C:\users\*****\desktop\anessia2 client\metin2client.bin" = protocol=17 | dir=in | app=c:\users\*****\desktop\anessia2 client\metin2client.bin | 
"UDP Query User{47A760ED-0963-4FB9-9A93-D43D73A1B2E2}C:\users\*****\desktop\eigener server\2011er client\metin2.bin" = protocol=17 | dir=in | app=c:\users\*****\desktop\eigener server\2011er client\metin2.bin | 
"UDP Query User{4842B046-A5F9-4AA4-A604-1B68369B7416}C:\users\*****\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{4CB8A39D-12B6-412F-81B7-EA74F7B035C1}C:\program files (x86)\steam\steamapps\xfasanx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xfasanx\team fortress 2\hl2.exe | 
"UDP Query User{79FCD37A-AEF3-4D30-97D8-5C63D7E88AE6}C:\users\*****\desktop\azuria-client\azuria-clientstarter.exe" = protocol=17 | dir=in | app=c:\users\*****\desktop\azuria-client\azuria-clientstarter.exe | 
"UDP Query User{7CBFE86A-80C4-4751-867E-A85F5B48693D}C:\users\*****\downloads\azuriamt2\azuria-client\azuria-clientstarter.exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\azuriamt2\azuria-client\azuria-clientstarter.exe | 
"UDP Query User{85E52328-9EE9-4178-BCD9-250CE7F83D76}C:\users\*****\desktop\exposion2\metin2client.exe" = protocol=17 | dir=in | app=c:\users\*****\desktop\exposion2\metin2client.exe | 
"UDP Query User{884813E4-9E56-4785-8982-E733A18F8601}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{89209DE3-BEDD-4394-83E0-D587C03E4941}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"UDP Query User{8CA80782-75B4-44BD-8250-2A87A103BC38}C:\users\*****\desktop\cythosia3\cythosia-mt2.exe" = protocol=17 | dir=in | app=c:\users\*****\desktop\cythosia3\cythosia-mt2.exe | 
"UDP Query User{8E7986D6-8B06-42C6-8C8D-4C75714CC600}C:\users\*****\desktop\roa2\metin2client.exe" = protocol=17 | dir=in | app=c:\users\*****\desktop\roa2\metin2client.exe | 
"UDP Query User{8EA8AA13-8C83-41A1-A656-08A9C1EFD8D1}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{974D1F89-FC1A-4E6E-84DF-A0594D1E90DC}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe | 
"UDP Query User{B294DD31-F95B-4364-BAF8-A71F87AEAC44}C:\users\*****\desktop\metin2 privat-server\heaven2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\*****\desktop\metin2 privat-server\heaven2\metin2client.bin | 
"UDP Query User{B8382CAC-9F94-4D88-87C4-C96DFA838A59}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{B9F96B9A-E781-4883-BFE2-A2E3F2862851}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | 
"UDP Query User{C77462BE-7A78-48CE-99D0-2E72D38BCB23}C:\users\*****\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{C933E242-23E2-4743-9A60-CDB6E9070A24}C:\users\*****\desktop\metin2 privat-server\defconworld2 client\clientcore.bin" = protocol=17 | dir=in | app=c:\users\*****\desktop\metin2 privat-server\defconworld2 client\clientcore.bin | 
"UDP Query User{CC5838F9-1F0E-4A0F-994A-CE8B09CF76B7}C:\users\*****\desktop\roa2\metin2.bin" = protocol=17 | dir=in | app=c:\users\*****\desktop\roa2\metin2.bin | 
"UDP Query User{CE0AE212-65B4-481A-9174-9BE59800661F}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{CE8F0162-D54F-49FC-9A8B-801BF28D7CE6}C:\users\*****\desktop\metin2 privat-server\azuria-client\azuria-clientstarter.exe" = protocol=17 | dir=in | app=c:\users\*****\desktop\metin2 privat-server\azuria-client\azuria-clientstarter.exe | 
"UDP Query User{CED0C199-578C-4804-826A-291EC4D5EC92}C:\users\*****\desktop\exposion2\metin2.bin" = protocol=17 | dir=in | app=c:\users\*****\desktop\exposion2\metin2.bin | 
"UDP Query User{D62FB6B8-5E43-4951-A24F-7AE148B66134}C:\users\*****\desktop\eigener server\portmap\portmap.exe" = protocol=17 | dir=in | app=c:\users\*****\desktop\eigener server\portmap\portmap.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.440
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D0102A21-5ED9-11E1-958C-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D4761C4F-5ED9-11E1-9202-F04DA23A5C58}" = MSVCRT Redists
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D9DF0B85-BEC1-439F-ABFE-76C386A69A05}" = Oracle VM VirtualBox 4.1.12
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.19
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{0844CC2A-512E-4BA1-872B-02887E7A2672}" = FILSHtray
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = ???? Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" =  clear.fi 
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{21F221E8-5997-4F37-962E-44E5B4DED7E3}" = Aeria Ignite
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37126D87-E4FD-4614-B908-A0BB7ECE3992}" = clear.fi
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = ??????????? ?? Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4C774C35-E0AF-72E1-136A-2BF666702268}" = Fooz Kids
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience)
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta uslugi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = ?????????? Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = ????? Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotograf Galerisi
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = S?????? f?t???af??? t?? Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii uslugi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = ?????? ??????? ?? Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = ???????? ?????????? Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E8E37C4F-DE01-4286-AFB6-9FBEC8265A1A}" =  clear.fi 
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live ????
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live ???
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FAF448F1-4460-440C-9280-07F66A63D6F5}" = Nero Kwik Media
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = ???? ??? Windows Live
"{FC18AB8F-9BA3-423B-91F2-622990F57978}" = Nero 11
"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.9.1511" = Aeria Ignite
"avast" = avast! Free Antivirus
"Browser Defender_is1" = Browser Guard 4.0
"BrowserCompanion" = BrowserCompanion
"FileZilla Client" = FileZilla Client 3.5.3
"FoozKids" = Fooz Kids
"Fraps" = Fraps (remove only)
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"incredibar" = Incredibar Toolbar  on IE
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}" = clear.fi
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Metin2_is1" = Metin2
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Orbit_is1" = Orbit Downloader
"PowerISO" = PowerISO
"PremiumSoft Navicat Premium 8.2_is1" = PremiumSoft Navicat Premium 8.2
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 102700" = Alliance of Valiant Arms
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"UBCD4Win_is1" = UBCD4Win 3.60
"VLC media player" = VLC media player 2.0.1
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.8.0 (64-bit)
"WolfTeam-DE" = WolfTeam-DE
"WTA-01825c2a-e41b-4f56-9dac-8d99d5b2ad06" = Torchlight
"WTA-13d50d78-eee8-42a4-b45c-de532db35f74" = Jewel Match 3
"WTA-19621073-9568-4010-b000-fff8f23138d4" = Insaniquarium Deluxe
"WTA-239ca5b9-66db-40e2-8483-6ca244d41f21" = Final Drive: Nitro
"WTA-3d3faf4d-2623-487b-8409-f504d9049cf7" = Polar Bowler
"WTA-5ea5c84b-16a4-45eb-b69e-cda787120a66" = Crazy Chicken Kart 2
"WTA-6567d0ca-fb7e-4d01-89d1-cc4ff1d08e3a" = Zuma Deluxe
"WTA-708f58b0-87e7-424d-9572-113f2c2042e8" = Wedding Dash
"WTA-726a9568-2af4-4772-a716-6241e24fb83e" = Mystery of Mortlake Mansion
"WTA-758db433-de59-4691-b939-6c76b8164b4f" = Agatha Christie - Death on the Nile
"WTA-87769a15-6d59-44cf-a558-aae638cf6217" = Penguins!
"WTA-902e2c2d-fcbb-4358-bfe0-717cb825ab05" = John Deere Drive Green
"WTA-9e7adc4f-9102-4ab9-88cb-822119acd476" = Slingo Deluxe
"WTA-9fc580e5-8702-43ec-81ba-9bbd6a64a3bc" = Virtual Villagers 4 - The Tree of Life
"WTA-d7bb18fe-4890-4101-bb6f-ca631dbb0332" = FATE
"WTA-db330f75-89a1-4d2f-a31b-40214bd996d8" = Plants vs. Zombies - Game of the Year
"WTA-eb4508b4-101e-4fd3-98a4-d8a85e62e467" = Bejeweled 2 Deluxe
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3457412842-26015573-672747881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.07.2012 00:13:42 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Acer\screensaver\run_Acer.exe".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.07.2012 00:13:42 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Acer\screensaver\VistaGetS3S4Reg.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.07.2012 13:11:00 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Screensaver\VistaGetS3S4Reg.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.07.2012 13:28:18 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Screensaver\VistaGetS3S4Reg.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.07.2012 08:40:27 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2012 09:10:09 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Screensaver\VistaGetS3S4Reg.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.07.2012 09:19:10 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Acer\screensaver\run_Acer.exe".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.07.2012 09:19:10 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\Acer\screensaver\VistaGetS3S4Reg.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.07.2012 17:01:53 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Screensaver\VistaGetS3S4Reg.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.07.2012 09:18:09 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.08.2012 15:33:03 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
 
Error - 26.08.2012 15:33:55 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
 
Error - 26.08.2012 15:33:55 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
 
Error - 26.08.2012 15:34:29 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
 
Error - 26.08.2012 15:34:29 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
 
Error - 26.08.2012 15:35:01 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
 
Error - 26.08.2012 15:35:02 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
 
Error - 26.08.2012 15:35:33 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
 
Error - 26.08.2012 15:36:31 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
 
Error - 26.08.2012 15:36:46 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
 
 
< End of report >
         

Ich habe überall meinen Namen durch Sternchen ersetzt, denke das geht wohl in Ordnung, oder ?

Und noch was, bisher habe ich noch nichts gelöscht bzw in die Quarantäne verschieben lassen, da ja unter anderem auch Registrierungsschlüssel gefunden wurden, diese möchte ich ungern löschen wenn ich nicht weiß, ob sie dem PC Schaden zufügen könnten.

MfG
__________________

Alt 27.08.2012, 18:48   #4
t'john
/// Helfer-Team
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
ATTFilter
:OTL
SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe File not found 
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3457412842-26015573-672747881-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) 
IE - HKU\S-1-5-21-3457412842-26015573-672747881-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) 
IE - HKU\S-1-5-21-3457412842-26015573-672747881-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-3457412842-26015573-672747881-1000\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = http://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} 
IE - HKU\S-1-5-21-3457412842-26015573-672747881-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb143/?search={searchTerms}&loc=IB_DS&a=6R8tdtBtZm&i=26 
IE - HKU\S-1-5-21-3457412842-26015573-672747881-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3457412842-26015573-672747881-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local; 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.05.17 22:51:59 | 000,000,000 | ---D | M] 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.05.17 22:51:59 | 000,000,000 | ---D | M] 
CHR - Extension: Web Assistant = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.440_0\ 
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () 
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) 
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () 
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) 
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () 
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () 
O3 - HKU\S-1-5-21-3457412842-26015573-672747881-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) 
O3 - HKU\S-1-5-21-3457412842-26015573-672747881-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () 
O4 - HKU\S-1-5-21-3457412842-26015573-672747881-1000..\Run: [Akamai NetSession Interface] C:\Users\*****\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-21-3457412842-26015573-672747881-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) 
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) 
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{32b368d2-8597-11e1-9d2e-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{32b368d2-8597-11e1-9d2e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\pushinst.exe 
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 
[2012.08.25 15:34:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:DFC5A2B2 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 
[2012.08.08 21:20:44 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\BrowserCompanion 
[2012.08.08 21:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowserCompanion 
[2012.08.02 03:34:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{A9DE3722-0E33-4DDA-A0C2-F008F69E08FD} 

:Files

C:\Users\*****\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\*****\AppData\Local\Temp\*.exe
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.08.2012, 19:12   #5
.Shiraka
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



Alles gemacht wie beschrieben, hier die Log-File:

Code:
ATTFilter
All processes killed
========== OTL ==========
Error: No service named avast! Firewall was found to stop!
Unable to delete service\driver key avast! Firewall.
File  C:\Program Files\AVAST Software\Avast\afwServ.exe File not found not found.
Service Web Assistant Updater stopped successfully!
Service Web Assistant Updater deleted successfully!
C:\Programme\Web Assistant\ExtensionUpdaterService.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3457412842-26015573-672747881-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3457412842-26015573-672747881-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ deleted successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll moved successfully.
HKEY_USERS\S-1-5-21-3457412842-26015573-672747881-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3457412842-26015573-672747881-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3457412842-26015573-672747881-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
HKU\S-1-5-21-3457412842-26015573-672747881-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3457412842-26015573-672747881-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
C:\Program Files\Web Assistant\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\Web Assistant\Firefox\defaults folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\skin folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\locale folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\resources folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\libraries folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome folder moved successfully.
C:\Program Files\Web Assistant\Firefox folder moved successfully.
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.440_0\resources folder moved successfully.
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.440_0\libraries folder moved successfully.
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.440_0 folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
C:\Programme\Web Assistant\Extension64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ deleted successfully.
C:\Program Files (x86)\BrowserCompanion\jsloader.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
C:\Programme\Web Assistant\Extension32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}\ deleted successfully.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ deleted successfully.
C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ deleted successfully.
C:\Program Files (x86)\Orbitdownloader\GrabPro.dll moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
File C:\Program Files (x86)\Orbitdownloader\GrabPro.dll not found.
Registry value HKEY_USERS\S-1-5-21-3457412842-26015573-672747881-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
File C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll not found.
Registry value HKEY_USERS\S-1-5-21-3457412842-26015573-672747881-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ deleted successfully.
C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3457412842-26015573-672747881-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3457412842-26015573-672747881-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\base64\ deleted successfully.
Invalid CLSID key: C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\chrome\ deleted successfully.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\prox\ deleted successfully.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32b368d2-8597-11e1-9d2e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b368d2-8597-11e1-9d2e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32b368d2-8597-11e1-9d2e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b368d2-8597-11e1-9d2e-806e6f6e6963}\ not found.
File F:\pushinst.exe not found.
C:\Windows\SysWow64\shoDC5E.tmp deleted successfully.
C:\Windows\SysWOW64\config.nt moved successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
C:\Users\Jan\AppData\Roaming\BrowserCompanion folder moved successfully.
C:\Program Files (x86)\BrowserCompanion folder moved successfully.
C:\Users\Jan\AppData\Local\{A9DE3722-0E33-4DDA-A0C2-F008F69E08FD} folder moved successfully.
========== FILES ==========
C:\Users\Jan\AppData\Local\{8F0BE507-938B-47A4-A70F-C53327C80C62} folder moved successfully.
C:\Users\Jan\AppData\Local\{D30FE551-EC0A-4DB8-8DA4-4C3C54A7431E} folder moved successfully.
C:\Users\Jan\AppData\Local\{DA81387A-1BA5-4C46-A799-03401064809E} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\Temp\{E8E37C4F-DE01-4286-AFB6-9FBEC8265A1A} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{37126D87-E4FD-4614-B908-A0BB7ECE3992} folder moved successfully.
C:\ProgramData\Temp\{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
C:\Users\Jan\AppData\Local\Temp\i4jdel0.exe moved successfully.
C:\Users\Jan\AppData\Local\Temp\nvStInst.exe moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Jan\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jan\Desktop\cmd.bat deleted successfully.
C:\Users\Jan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Jan
->Temp folder emptied: 30572083 bytes
->Temporary Internet Files folder emptied: 5647502 bytes
->FireFox cache emptied: 171910334 bytes
->Google Chrome cache emptied: 183405155 bytes
->Flash cache emptied: 89916 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42740 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67966 bytes
RecycleBin emptied: 7335456 bytes
 
Total Files Cleaned = 381,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 08272012_200343

Files\Folders moved on Reboot...
C:\Users\Jan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         


Alt 28.08.2012, 15:36   #6
t'john
/// Helfer-Team
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Malware - Bundestrojaner ?

Alt 28.08.2012, 16:36   #7
.Shiraka
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



Der Rechner läuft die meiste Zeit ganz gut, manchmal braucht er aber immernoch ziemlich lange um irgendwas zu öffnen :/
Habe bei Malwarebytes wieder nichts gelöscht, da wieder Regitsry Schlüssel dabei waren und ich mir da nie so sicher bin..

Malwarebytes Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JAN-PC [Administrator]

Schutz: Deaktiviert

28.08.2012 16:54:23
mbam-log-2012-08-28 (17-35-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|I:\|J:\|K:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 401193
Laufzeit: 38 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 8
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Users\Jan\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Jan\Desktop\Eigener Server\2011er Client\metin2.bin (Backdoor.Hupigon) -> Keine Aktion durchgeführt.
C:\Users\Jan\Desktop\GTASanAndreas\pztrain.exe (Malware.Gen) -> Keine Aktion durchgeführt.
C:\Users\Jan\Desktop\Neuer Ordner\LOIC.exe (PUP.HackTool.LOIC) -> Keine Aktion durchgeführt.
C:\Users\Jan\Desktop\RoA2\metin2client.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Users\Jan\Downloads\Exen\fileextractor py downloader.exe (Adware.Solimba) -> Keine Aktion durchgeführt.
C:\Users\Jan\Downloads\Switchbotv3_0_0_5\core\switchbot.dll (Malware.Gen) -> Keine Aktion durchgeführt.

(Ende)
         
AdwCleaner Log:

Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/28/2012 at 16:54:58
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jan - JAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Jan\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Users\Jan\AppData\LocalLow\bbrs_002.tb
Folder Found : C:\Users\Jan\AppData\LocalLow\Toolbar4
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Program Files\Web Assistant
Folder Found : C:\Program Files (x86)\IMinent toolbar
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\Users\Jan\AppData\Local\Software
File Found : C:\user.js

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar[*] Key Found : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1[*] Key Found : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620[*] Key Found : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\BrowserCompanion
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[x64] Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
[x64] Key Found : HKLM\SOFTWARE\Classes\I
[x64] Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
[x64] Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
[x64] Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
[x64] Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
[x64] Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
[x64] Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[x64] Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
[x64] Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
[x64] Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
[x64] Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
[x64] Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
[x64] Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
[x64] Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
[x64] Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Found : HKLM\SOFTWARE\Tarma Installer
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchplusnetwork.com/?sp=vit4

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\ohdinofp.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :          "urls_to_restore_on_startup": [ "hxxp://search.iminent.com/" ]
Found :       "urls_to_restore_on_startup": [ "hxxp://search.iminent.com/" ]

*************************

AdwCleaner[R1].txt - [35664 octets] - [28/08/2012 16:54:58]

########## EOF - C:\AdwCleaner[R1].txt - [35793 octets] ##########
         
MfG

Alt 29.08.2012, 01:15   #8
t'john
/// Helfer-Team
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html


----------------------------
PUP.Blabbers
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
HKCR\tdataprotocol.CTData.1
HKCR\tdataprotocol.CTData
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
C:\Users\Jan\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe
Backdoor.Hupigon
C:\Users\Jan\Desktop\Eigener Server\2011er Client\metin2.bin
Malware.Gen
C:\Users\Jan\Desktop\GTASanAndreas\pztrain.exe
C:\Users\Jan\Downloads\Switchbotv3_0_0_5\core\switchbot.dll
PUP.HackTool.LOIC
C:\Users\Jan\Desktop\Neuer Ordner\LOIC.exe
RiskWare.Tool.CK
C:\Users\Jan\Desktop\RoA2\metin2client.exe
Adware.Solimba
C:\Users\Jan\Downloads\Exen\fileextractor py downloader.exe
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.08.2012, 16:01   #9
.Shiraka
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



AdwCleaner Log:

Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/29/2012 at 16:11:25
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jan - JAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Jan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Jan\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Users\Jan\AppData\LocalLow\Toolbar4
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Program Files (x86)\IMinent toolbar
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Users\Jan\AppData\Local\Software
File Deleted : C:\user.js

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar[*] Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1[*] Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620[*] Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Deleted : HKLM\SOFTWARE\Tarma Installer
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchplusnetwork.com/?sp=vit4 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\ohdinofp.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :          "urls_to_restore_on_startup": [ "hxxp://search.iminent.com/" ]
Deleted :       "urls_to_restore_on_startup": [ "hxxp://search.iminent.com/" ]

*************************

AdwCleaner[R1].txt - [35423 octets] - [28/08/2012 16:54:58]
AdwCleaner[R2].txt - [35484 octets] - [29/08/2012 16:10:49]
AdwCleaner[S1].txt - [27894 octets] - [29/08/2012 16:11:25]

########## EOF - C:\AdwCleaner[S1].txt - [28023 octets] ##########
         
Emisoft Anti-Malware Log:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 29.08.2012 16:21:20

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, Q:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	29.08.2012 16:21:54

C:\Users\Jan\Downloads\Unpublished\PickUp-Bot (Vista & 7).dll 	gefunden: Flooder.Win32.SpamBot!E2
C:\Users\Jan\Downloads\Rar Datein\Der Gerät is back.rar -> Der Ger„t is back.exe 	gefunden: Trojan-Downloader.Win32.Agent!E2
C:\Users\Jan\Downloads\Switchbotv3_0_0_5\Switchbotv3.exe 	gefunden: Trojan.Win32.Agent.AMN!E1
C:\Users\Jan\Downloads\Switchbotv3_0_0_5\Switchbotv3 - alter Injector.exe 	gefunden: Riskware.PSWTool.Win32.PWDump.AMN!E1
C:\Users\Jan\Downloads\Rar Datein\patcher.zip -> patcher.exe 	gefunden: Trojan.Crypt!E2
C:\Users\Jan\Downloads\Rar Datein\Metin2 Multibot 1.8.8 by Slait (1).rar -> 64-Bit\Metin2 Multibot 1.8.8 by Slait.dll 	gefunden: Trojan-Dropper.Win32.Dapato!E2
C:\Users\Jan\Downloads\Rar Datein\Metin2 Multibot 1.8.8 by Slait (1).rar -> 32-Bit\Metin2 Multibot 1.8.8 by Slait.dll 	gefunden: Trojan-Dropper.Win32.Dapato!E2
C:\Users\Jan\Downloads\Rar Datein\Switchbotv3_0_0_4.rar -> Switchbotv3_0_0_4\core\core6.dll 	gefunden: Trojan.Win32.Spy!E2
C:\Users\Jan\Downloads\Exen\Tools by Unpublished.exe -> PickUp-Bot (Vista & 7).dll 	gefunden: Flooder.Win32.SpamBot!E2
C:\Users\Jan\Downloads\Exen\Tools by Unpublished.exe -> PickUp-Bot (XP).dll 	gefunden: Flooder.Win32.SpamBot!E2
C:\Users\Jan\Downloads\Exen\Tools by Unpublished.exe -> Spam-Bot (Vista & 7).dll 	gefunden: Flooder.Win32.SpamBot!E2
C:\Users\Jan\Downloads\Exen\Tools by Unpublished.exe -> Spam-Bot (XP).dll 	gefunden: Flooder.Win32.SpamBot!E2
C:\Users\Jan\Downloads\AzuriaClient\Azuria-Client\Azuria-Client\Azuria-ClientStarter.exe 	gefunden: Trojan.Offend!E2
C:\Users\Jan\Desktop\Neuer Ordner (2)\Drunkenloader.rar -> Drunkenloader\DrunkenLoader.exe 	gefunden: Virus.Win32.Heur!E2
C:\Users\Jan\Desktop\Neuer Ordner (2)\Drunkenloader\DrunkenLoader.zip -> DrunkenLoader.exe 	gefunden: Virus.Win32.Heur!E2
C:\Users\Jan\Desktop\Neuer Ordner (2)\Drunkenloader\DrunkenLoader.exe 	gefunden: Virus.Win32.Heur!E2
C:\Users\Jan\Desktop\Neuer Ordner (2)\Drunkenloader.rar -> Drunkenloader\DrunkenLoader.zip -> DrunkenLoader.exe 	gefunden: Virus.Win32.Heur!E2
C:\Users\Jan\Desktop\Neuer Ordner (2)\Drunkenloader.rar -> Drunkenloader\DrunkenLoader.zip 	gefunden: Virus.Win32.Heur!E2
C:\Users\Jan\Desktop\Neuer Ordner\LOIC.exe 	gefunden: HackTool.MSIL.Loic.AMN!E1
C:\Users\Jan\Desktop\Neuer Ordner\Hoic2.1.zip -> Hoic\hoic2.1.exe 	gefunden: not-a-virus.Hacktool.HOIC!E2
C:\Users\Jan\Desktop\GTASanAndreas\pztrain.exe 	gefunden: Adware.Win32.TrainerGTA!E1
C:\Users\Jan\Desktop\Eigener Server\Rar-Datein\Antasia2 - Client - Extract.rar -> Antasia2.exe 	gefunden: Trojan.Win32.Genome!E2
C:\Users\Jan\Desktop\Eigener Server\Rar-Datein\Portmap.rar -> Portmap\PortMap.exe 	gefunden: possible-Threat.NetTool.PortScan!E2
C:\Users\Jan\Desktop\Eigener Server\Rar-Datein\Switchbotv3_0_0_3.rar -> Switchbotv3_0_0_3\core\core6.dll 	gefunden: Virus.Win32.Heur!E2
C:\Users\Jan\Desktop\Eigener Server\Rar-Datein\Switchbotv3_0_0_3.rar -> Switchbotv3_0_0_3\core\core6.rar -> core6.dll 	gefunden: Virus.Win32.Heur!E2
C:\Users\Jan\Desktop\Eigener Server\Rar-Datein\Switchbotv3_0_0_3.rar -> Switchbotv3_0_0_3\core\core6.rar 	gefunden: Virus.Win32.Heur!E2
C:\Users\Jan\Desktop\Eigener Server\Rar-Datein\Switchbotv3_0_0_3.rar -> Switchbotv3_0_0_3\switchbotv3.dll 	gefunden: Trojan.Win32.Spy!E2
C:\Users\Jan\Desktop\Eigener Server\Rar-Datein\Switchbotv3_0_0_3.rar -> Switchbotv3_0_0_3\switchbotv3.rar -> switchbotv3.dll 	gefunden: Trojan.Win32.Spy!E2
C:\Users\Jan\Desktop\Eigener Server\Rar-Datein\Switchbotv3_0_0_3.rar -> Switchbotv3_0_0_3\switchbotv3.rar -> core\core6.dll 	gefunden: Virus.Win32.Heur!E2
C:\Users\Jan\Desktop\Eigener Server\Rar-Datein\Switchbotv3_0_0_3.rar -> Switchbotv3_0_0_3\switchbotv3.rar 	gefunden: Virus.Win32.Heur!E2
C:\Users\Jan\Desktop\Cythosia\Cythosia-Patcher.exe 	gefunden: Trojan.ATRAPS!E2
C:\Users\Jan\Desktop\Cythosia\Cythosia-MT2.exe 	gefunden: Trojan.Win32.Belanit!E2
C:\Users\Jan\Desktop\Azuria-Client\Azuria-ClientStarter.exe 	gefunden: Trojan.Offend!E2
C:\UBCD4Win\plugin\Network\VNCServer\winvnc4.exe 	gefunden: Riskware.RemoteAdmin.Win32.WinVNC.AMN!E1
C:\UBCD4Win\plugin\Network\VNCServer\vncviewer.exe 	gefunden: Riskware.RemoteAdmin.Win32.WinVNC.AMN!E1
C:\UBCD4Win\plugin\Network\VNCServer\vncconfig.exe 	gefunden: Riskware.RemoteAdmin.Win32.WinVNC.AMN!E1
C:\UBCD4Win\oem1\PEUtils\nircmd.exe 	gefunden: Riskware.Win32.NirCmd.D!E1
C:\UBCD4Win\Iso\PROGRAMS\vncserver\winvnc4.exe 	gefunden: Riskware.RemoteAdmin.Win32.WinVNC.AMN!E1
C:\UBCD4Win\Iso\PROGRAMS\vncserver\vncconfig.exe 	gefunden: Riskware.RemoteAdmin.Win32.WinVNC.AMN!E1
C:\UBCD4Win\Iso\I386\SYSTEM32\NIRCMD.EXE 	gefunden: Riskware.Win32.NirCmd.D!E1
C:\downloads\LOIC-1.0.7.42-binary.zip -> LOIC.exe 	gefunden: HackTool.Win32.Oylecann!E2
C:\downloads\patcher.zip -> patcher.exe 	gefunden: Trojan.Crypt!E2

Gescannt	678197
Gefunden	42

Scan Ende:	29.08.2012 16:58:45
Scan Zeit:	0:36:51
         
Da ich mir denke, dass Sie fragen wie der PC läuft, es geht, manchmal wirkt er mir trotzdem noch ein wenig langsam..

MfG

Alt 29.08.2012, 18:10   #10
t'john
/// Helfer-Team
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.08.2012, 21:25   #11
.Shiraka
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9bf2ca589f0f8946a07543e4ed5fcf52
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-29 08:21:57
# local_time=2012-08-29 10:21:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 97895832 0 0
# compatibility_mode=8192 67108863 100 0 64 64 0 0
# scanned=195936
# found=3
# cleaned=3
# scan_time=5735
C:\Users\Jan\Downloads\Exen\fileextractor py downloader.exe	a variant of MSIL/Solimba.C application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Jan\Downloads\Exen\SoftonicDownloader_fuer_windows-xp-mode.exe	a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\08272012_200343\C_Users\Jan\AppData\Roaming\BrowserCompanion\tbhcn.exe	Win32/BrowserCompanion application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         

Alt 29.08.2012, 23:24   #12
t'john
/// Helfer-Team
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 6 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck


Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.08.2012, 10:03   #13
.Shiraka
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



Vor dem Deaktivieren:

Code:
ATTFilter
PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Chrome 21.0.1180.83 ist aktuell
Flash 11,3,31,230 ist veraltet! 
Aktualisieren Sie bitte auf die neueste Version!

Java (1,7,0,6) ist aktuell.
undefined
         
Nach dem Deaktivieren:

Code:
ATTFilter
PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Chrome 21.0.1180.83 ist aktuell
Flash 11,3,31,230 ist veraltet! 
Aktualisieren Sie bitte auf die neueste Version!

Java ist nicht Installiert oder nicht aktiviert.
undefined
         
Habe das Plugin sowohl in Firefox als auch in Chrome deaktiviert, da ich beide Browser benutze, meistens zwar Chrome aber ich denke mal das sollte ich machen
Ansonsten alles wie beschrieben gemacht.

MfG

Alt 30.08.2012, 19:33   #14
t'john
/// Helfer-Team
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.08.2012, 20:28   #15
.Shiraka
 
Malware - Bundestrojaner ? - Standard

Malware - Bundestrojaner ?



Erstmal ein ganz ganz ganz großes Dankeschön !

Habe auch die letzten Schritte durchgearbeitet.

Nun, 1 Frage hätte ich da aber noch:

Wenn ich bei CCleaner in der Registry nun auf Fehler suchen klicke, spuckt er mir immer wieder den gleichen Schlüssel aus, habs nun rund 20x gemacht & er bleibt da...
Hier mal ein Screenshot:



Ansonsten wie gesagt ein großes Danke an dich, super Hilfe !

Antwort

Themen zu Malware - Bundestrojaner ?
administrator, anti-malware, antivirus, appdata, autostart, bundestrojaner, cache, code, explorer, free, google, helper, infizierte, install.exe, langsamer, löschen, malware, microsoft, programm, prozess, registry, roaming, scan, software, speicher, taskmanager, tbhcn, tbhcn.exe, uninstall.exe



Ähnliche Themen: Malware - Bundestrojaner ?


  1. Unistall-Vo-package (Malware/Virus?) bei Win7 64 bit /Malware-Adware gelöscht -Danke!
    Lob, Kritik und Wünsche - 06.07.2014 (1)
  2. GDATA und Malware Bytes Anti Malware Premium sinnvoll
    Antiviren-, Firewall- und andere Schutzprogramme - 20.06.2014 (1)
  3. Win7, firefox startet nicht, Malware laut Malwarebytes Anti-Malware, Security.Hijack
    Log-Analyse und Auswertung - 30.03.2014 (9)
  4. Trojaner und Malware auf meinem Laptop! Malwarebytes Anti-Malware hat 733 aufgespuert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (19)
  5. malware: antivirus security pro -anty-malware lässt sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 03.10.2013 (15)
  6. Malware trotz OS X Internet Reccovery - VM Malware? Ubuntu in EFI ? Win7 im gleichen Netz infiziert
    Alles rund um Mac OSX & Linux - 26.06.2013 (5)
  7. Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (14)
  8. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  9. Bundestrojaner(Trojan.Agent)explorer.exe in C/HKCU Software wird gefunden von Malware, aber kann nicht beseitigt werden
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (13)
  10. OpenCandy [Malware] auf dem Rechner, aber Anti-Malware Programme finden keine Bedrohung.
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (5)
  11. Bundestrojaner Clone - Windows blockiert / 50 Euro Malware
    Log-Analyse und Auswertung - 06.04.2012 (22)
  12. Virus/Malware verhindert Installation/Start jeglicher Anti-Malware/Virusprogramme
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (17)
  13. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  14. Malware Spyware.passwords.xgen durch Malwarebyte Anti-Malware erkannt.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (50)
  15. Rätselhafter Mailversand - Malware.Packer.Gen, Trojan.Patched und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (25)
  16. Kann Malware nicht löschen! Trojan.Agent und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 18.06.2010 (19)
  17. werde Malware nicht los z.B. HEUR/HTML.Malware [heuristic
    Log-Analyse und Auswertung - 31.03.2010 (10)

Zum Thema Malware - Bundestrojaner ? - Hallo ! Mir ist aufgefallen, das mein PC irgendwie immer langsamer geworden ist. Dazu hat er dann immer mal wieder rumgespackt und ich fragte mich nur wieso. Dann bin ich - Malware - Bundestrojaner ?...
Archiv
Du betrachtest: Malware - Bundestrojaner ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.