Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: AKM Trojaner auf Vista

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 06.09.2012, 06:30   #16
schrauber
/// the machine
/// TB-Ausbilder
 

AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



Sehr schön . MUss kurz was checken, melde mich wieder.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.09.2012, 17:52   #17
schrauber
/// the machine
/// TB-Ausbilder
 

AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



Downloade dir bitte srep.exe und speichere diese auf einen USB Stick.
Wichtig: Nicht in einen Ordner speichern.
  • Starte den infizierten Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste. Danach solltest Du einige Optionen zur Auswahl haben. Navigiere mit den Pfeiltasten zu Abgesicherter Modus mit Eingabeaufforderung und drücke Enter
    ** Hinweis: Es kann sein, dass eine andere F Taste gedrückt werden muss, um in die Startoptionen zu kommen.
  • Logge dich nun in das infizierte Benutzerkonto ein.
  • Schließe den USB Stick an den infizierten Rechner an.
  • Nun ist etwas Handarbeit gefragt.
    • Du musst zuerst heraus finden, welchen Laufwerksbuchstaben der USB Stick hat.
    • Dazu gib bitte einfach E: ein und drücke Enter. Sollte folgende Meldung kommen.
      Zitat:
      Das System kann das angegeben Laufwerk nicht finden
      versuche einen anderen Laufwerksbuchstaben. ( zB F: )
  • Sobald Du den richtigen Laufwerksbuchstaben gefunden hast, gib folgendes ein und drücke Enter.
    start srep.exe
  • Drücke nun auf Scan.
  • Lass das Tool in Ruhe laufen. Der Rechner wird automatisch neu starten.
Auf deinen USB Stick befindet sich eine shell.txt. Bitte poste diese in deiner nächsten Antwort.

Hinweis: Es ist gut möglich, dass du bereits nach dem Scan wieder auf deinen Rechner zugreifen kannst.
__________________

__________________

Alt 06.09.2012, 18:53   #18
fridum
 
AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



WIN_VISTA X86 Service Pack 2
Running from F:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
Modified HKCU shell extension. Current Shell File = C:\Users\Julian\AppData\Roaming\1.exe
File C:\Users\Julian\AppData\Roaming\1.exe moved to F:\\infected or not found


[System Process]
System
smss.exe
csrss.exe
csrss.exe
wininit.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
rundll32.exe
WmiPrvSE.exe
srep.exe


HKLM\..\Run [Windows Defender] = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\..\Run [ATKOSD2] = "C:\Program Files\ATKOSD2\ATKOSD2.exe"
HKLM\..\Run [RtHDVCpl] = RtHDVCpl.exe
HKLM\..\Run [Skytel] = Skytel.exe
HKLM\..\Run [SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM\..\Run [Adobe Reader Speed Launcher] = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM\..\Run [Monitor] = C:\Windows\PixArt\PAC207\Monitor.exe
HKLM\..\Run [TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKLM\..\Run [ccApp] = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKLM\..\Run [osCheck] = "C:\Program Files\Norton 360\osCheck.exe"
HKLM\..\Run [SunJavaUpdateSched] = "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\..\Run [QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\..\Run [AppleSyncNotifier] = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
HKLM\..\Run [iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM\..\Run [IgfxTray] = C:\Windows\system32\igfxtray.exe
HKLM\..\Run [HotKeysCmds] = C:\Windows\system32\hkcmd.exe
HKLM\..\Run [Persistence] = C:\Windows\system32\igfxpers.exe
HKLM\..\Run [SSDMonitor] = C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
HKLM\..\Run [DATAMNGR] = C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
HKLM\..\Run [Aeria Ignite] = "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
HKLM\..\Run [vProt] = "C:\Program Files\AVG Secure Search\vprot.exe"
HKLM\..\Run [SweetIM] = C:\Program Files\SweetIM\Messenger\SweetIM.exe
HKLM\..\Run [Sweetpacks Communicator] = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
HKLM\..\Run [ROC_ROC_JULY_P1] = "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

HKCU\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU\..\Run [LightScribe Control Panel] = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKCU\..\Run [ehTray.exe] = C:\Windows\ehome\ehTray.exe
HKCU\..\Run [Spiele Post] = C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe
HKCU\..\Run [Akamai NetSession Interface] = "C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe"
HKCU\..\Run [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKCU\..\Run [RockMelt Update] = "C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
HKCU\..\Run [SpeedUpMyPC] = "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
HKCU\..\Run [Media Finder] = "C:\Program Files\Media Finder\Media Finder.exe" /opentotray
HKCU\..\Run [HKCU] = C:\Users\Julian\AppData\Roaming\WinDir\Svchost.exe
HKCU\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Winlogon; Shell = explorer.exe
HKU\S-1-5-21-3824640764-3932222006-762400181-1001_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\.DEFAULT\..\Run [msnmsgr] = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\.DEFAULT\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-20\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [LightScribe Control Panel] = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [ehTray.exe] = C:\Windows\ehome\ehTray.exe
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Spiele Post] = C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Akamai NetSession Interface] = "C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [RockMelt Update] = "C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [SpeedUpMyPC] = "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Media Finder] = "C:\Program Files\Media Finder\Media Finder.exe" /opentotray
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [HKCU] = C:\Users\Julian\AppData\Roaming\WinDir\Svchost.exe
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-18\..\Run [msnmsgr] = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-18\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup

==== FINISH 06.09-19.38 ====
Hallo, du bist WIN_VISTA X86 Service Pack 2
Running from F:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
Modified HKCU shell extension. Current Shell File = C:\Users\Julian\AppData\Roaming\1.exe
File C:\Users\Julian\AppData\Roaming\1.exe moved to F:\\infected or not found


[System Process]
System
smss.exe
csrss.exe
csrss.exe
wininit.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
rundll32.exe
WmiPrvSE.exe
srep.exe


HKLM\..\Run [Windows Defender] = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\..\Run [ATKOSD2] = "C:\Program Files\ATKOSD2\ATKOSD2.exe"
HKLM\..\Run [RtHDVCpl] = RtHDVCpl.exe
HKLM\..\Run [Skytel] = Skytel.exe
HKLM\..\Run [SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM\..\Run [Adobe Reader Speed Launcher] = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM\..\Run [Monitor] = C:\Windows\PixArt\PAC207\Monitor.exe
HKLM\..\Run [TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKLM\..\Run [ccApp] = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKLM\..\Run [osCheck] = "C:\Program Files\Norton 360\osCheck.exe"
HKLM\..\Run [SunJavaUpdateSched] = "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\..\Run [QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\..\Run [AppleSyncNotifier] = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
HKLM\..\Run [iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM\..\Run [IgfxTray] = C:\Windows\system32\igfxtray.exe
HKLM\..\Run [HotKeysCmds] = C:\Windows\system32\hkcmd.exe
HKLM\..\Run [Persistence] = C:\Windows\system32\igfxpers.exe
HKLM\..\Run [SSDMonitor] = C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
HKLM\..\Run [DATAMNGR] = C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
HKLM\..\Run [Aeria Ignite] = "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
HKLM\..\Run [vProt] = "C:\Program Files\AVG Secure Search\vprot.exe"
HKLM\..\Run [SweetIM] = C:\Program Files\SweetIM\Messenger\SweetIM.exe
HKLM\..\Run [Sweetpacks Communicator] = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
HKLM\..\Run [ROC_ROC_JULY_P1] = "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

HKCU\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU\..\Run [LightScribe Control Panel] = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKCU\..\Run [ehTray.exe] = C:\Windows\ehome\ehTray.exe
HKCU\..\Run [Spiele Post] = C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe
HKCU\..\Run [Akamai NetSession Interface] = "C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe"
HKCU\..\Run [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKCU\..\Run [RockMelt Update] = "C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
HKCU\..\Run [SpeedUpMyPC] = "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
HKCU\..\Run [Media Finder] = "C:\Program Files\Media Finder\Media Finder.exe" /opentotray
HKCU\..\Run [HKCU] = C:\Users\Julian\AppData\Roaming\WinDir\Svchost.exe
HKCU\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Winlogon; Shell = explorer.exe
HKU\S-1-5-21-3824640764-3932222006-762400181-1001_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\.DEFAULT\..\Run [msnmsgr] = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\.DEFAULT\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-20\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [LightScribe Control Panel] = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [ehTray.exe] = C:\Windows\ehome\ehTray.exe
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Spiele Post] = C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Akamai NetSession Interface] = "C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [RockMelt Update] = "C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [SpeedUpMyPC] = "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Media Finder] = "C:\Program Files\Media Finder\Media Finder.exe" /opentotray
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [HKCU] = C:\Users\Julian\AppData\Roaming\WinDir\Svchost.exe
HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-18\..\Run [msnmsgr] = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-18\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup

==== FINISH 06.09-19.38 ===
Das stand in dieser Datei shell.txt

Ich wollte mich nur rießig bei dir BEDANKEN. Du bist ein Traum.
Der Rechner hat gleich wieder funktioniert. Kann ich mich irgendwie erkentlich zeigen.

Nochmals vielen DANK.
__________________

Alt 07.09.2012, 06:19   #19
schrauber
/// the machine
/// TB-Ausbilder
 

AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



Bitte bitte

wir sind aber noch lange nicht fertig . jetzt müssen wir weiterarbeiten im normalmodus, damit der rechner sauber wird.


lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Setz den haken bei extra registrierung auf benutze safe list und drück scan, poste bitte beide logfiles.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.09.2012, 20:20   #20
fridum
 
AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.09.2012 16:40:31 - Run 1
OTL by OldTimer - Version 3.2.61.1     Folder = C:\Users\Julian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,63% Memory free
4,22 Gb Paging File | 2,79 Gb Available in Paging File | 66,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 11,65 Gb Free Space | 10,00% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 106,53 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT_PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.07 16:35:18 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe
PRC - [2012.09.03 19:14:33 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012.09.03 19:14:03 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.08.07 17:05:31 | 000,136,336 | ---- | M] (Google Inc.) -- C:\Users\Julian\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2012.07.08 07:37:22 | 000,026,008 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2012.06.28 15:43:16 | 008,613,888 | ---- | M] (Media Finder) -- C:\Program Files\Media Finder\Media Finder.exe
PRC - [2012.05.29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2012.05.24 23:20:51 | 001,241,184 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
PRC - [2012.04.30 15:19:09 | 000,397,848 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe
PRC - [2012.03.21 20:02:24 | 004,862,384 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\FantastiGames\GPlayer.exe
PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.01.04 22:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012.01.04 22:24:50 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011.10.13 10:52:40 | 000,479,984 | ---- | M] (Intenium) -- C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe
PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.25 15:46:33 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.16 02:27:10 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.12.12 01:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.29 02:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.31 06:35:57 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007.09.01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.03 19:14:33 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012.09.03 19:14:09 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012.09.03 19:14:05 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012.06.19 15:18:40 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\sendspace.dll
MOD - [2012.06.19 15:18:40 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\mediafire.dll
MOD - [2012.06.19 15:18:38 | 000,359,424 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploading.dll
MOD - [2012.06.19 15:18:38 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploadstation.dll
MOD - [2012.06.19 15:18:38 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\unibytes.dll
MOD - [2012.06.19 15:18:38 | 000,317,440 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\turbobit.dll
MOD - [2012.06.19 15:18:38 | 000,315,392 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\rapidshare.dll
MOD - [2012.06.19 15:18:36 | 000,437,760 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\extabit.dll
MOD - [2012.06.19 15:18:36 | 000,359,936 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\filepost.dll
MOD - [2012.06.19 15:18:36 | 000,357,376 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\madshare.dll
MOD - [2012.06.19 15:18:36 | 000,320,000 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\letitbit.dll
MOD - [2012.06.19 15:18:36 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\hotfile.dll
MOD - [2012.06.19 15:18:36 | 000,314,880 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\furk.dll
MOD - [2012.06.19 15:18:34 | 000,961,536 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\_4shared.dll
MOD - [2012.06.19 15:18:34 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\depositfiles.dll
MOD - [2012.06.15 14:29:51 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll
MOD - [2012.06.15 14:03:10 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll
MOD - [2012.06.15 14:02:30 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll
MOD - [2012.06.15 14:01:53 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll
MOD - [2012.06.15 14:01:42 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll
MOD - [2012.05.24 13:19:00 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\oron.dll
MOD - [2012.05.18 13:37:41 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll
MOD - [2012.05.18 13:37:40 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll
MOD - [2012.05.18 13:37:40 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll
MOD - [2012.05.18 13:37:37 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll
MOD - [2012.05.18 13:37:33 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
MOD - [2012.05.13 08:46:55 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll
MOD - [2012.05.13 08:38:24 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
MOD - [2012.05.13 08:38:02 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll
MOD - [2012.05.13 08:38:00 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012.05.13 08:37:46 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012.05.13 08:37:22 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012.05.13 08:37:09 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2011.06.16 06:32:36 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.02.06 12:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.02.06 12:31:58 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.02.06 12:31:58 | 000,324,896 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll
MOD - [2010.03.18 14:18:36 | 000,509,304 | ---- | M] () -- C:\Windows\Downloaded Program Files\ExentCtl.ocx
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
MOD - [2007.08.14 22:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 22:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 22:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.07 09:00:59 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012.09.03 19:14:03 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012.08.29 08:30:47 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.30 15:19:09 | 000,397,848 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012.01.04 22:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011.04.03 09:33:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\microsoft shared\Service\Software Jukebox v2.0 Service File.exe -- (Software Jukebox v2.0 Service)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.03.25 15:46:33 | 001,245,064 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008.09.05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007.08.22 02:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.06.15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2012.09.03 19:14:07 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011.08.24 16:32:39 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.08.24 16:32:00 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.11.22 10:25:22 | 000,046,184 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\FantastiGames\X6XSEx.sys -- (X6XSEx)
DRV - [2009.11.20 05:02:57 | 000,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100402.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009.10.19 09:15:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009.06.10 12:09:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.03.17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009.02.19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009.02.19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2009.02.19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009.02.19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2009.02.19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009.02.19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.07.30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008.02.01 03:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008.02.01 03:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008.02.01 03:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.12.06 22:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.08.09 05:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.08.08 18:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007.07.30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.07.13 10:18:19 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.05.14 10:26:10 | 000,508,288 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007.01.24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.14 02:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2005.12.06 05:27:29 | 000,287,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2005.12.06 05:26:16 | 000,039,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005.06.17 05:20:20 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=141113&systemid=426&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://isearch.avg.com/?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=11.1.0.12&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=12.2.5.32&sap=hp
IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=113933&tt=3612_3&babsrc=SP_ss&mntrId=e0c5cd28000000000000002243021e0c
IE - HKCU\..\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}: "URL" = hxxp://isearch.avg.com/search?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{82007ACF-53B7-404B-9D71-D2DD12C0E98C}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=331
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=141113&systemid=426&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=HP_ss&mntrId=e0c5cd28000000000000002243021e0c"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledAddons: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.6.0.10
FF - prefs.js..extensions.enabledAddons: crossriderapp2258@crossrider.com:0.83.60
FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {af6ac4f2-9825-4fb6-a600-92bc5361f209}:4.6.0.1
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2
FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.1
FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com:1.5
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01
FF - prefs.js..extensions.enabledAddons: ffxtlbr@claro.com:1.5.0
FF - prefs.js..extensions.enabledAddons: @themediafinder.com:1.1.0
FF - prefs.js..extensions.enabledAddons: gencrawler@some.com:2.6
FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchcore.net/426"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=KW_ss&mntrId=e0c5cd28000000000000002243021e0c&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Julian\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.11.19 17:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.09.03 19:14:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.24 17:50:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.01 14:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.19 15:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.04.08 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions
[2011.02.15 16:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.03 08:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions
[2011.01.30 00:35:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.11 18:07:52 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2012.09.03 08:21:55 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.04.08 19:21:37 | 000,000,000 | ---D | M] (Searchcore Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{af6ac4f2-9825-4fb6-a600-92bc5361f209}
[2012.07.05 16:32:50 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\crossriderapp2258@crossrider.com
[2012.08.07 16:29:19 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@babylon.com
[2012.09.01 15:54:49 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@claro.com
[2012.08.07 16:14:09 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com
[2012.07.05 14:42:48 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbra@softonic.com
[2012.08.07 16:38:31 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@videofiledownload.com
[2012.08.15 17:12:27 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@yontoo.com
[2012.07.05 14:32:59 | 000,172,310 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2011.08.02 12:16:02 | 000,000,941 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\conduit.xml
[2012.08.21 17:04:17 | 000,002,325 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\Search.xml
[2012.09.03 08:21:40 | 000,002,519 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\Search_Results.xml
[2012.07.05 14:42:45 | 000,002,060 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\softonic.xml
[2012.07.05 16:37:43 | 000,004,113 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\sweetim.xml
[2012.04.08 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.15 20:38:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.04.08 19:22:00 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCHCORE TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012.09.03 19:14:16 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
[2012.09.03 08:08:58 | 000,000,000 | ---D | M] (Media Finder plugin) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\@THEMEDIAFINDER.COM
[2012.09.03 08:08:58 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.03 19:14:32 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.03 08:18:04 | 000,006,528 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.24 15:17:30 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.03 08:21:40 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\crossrider
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\crossrider
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BrotherSoft Extreme  Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.)
O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (DataMngr) - {7DA17D5A-5718-4130-A605-FC316C827836} - C:\Program Files\Searchcore Toolbar\Datamngr\BrowserConnection.dll (Discordia , LTD)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Julian\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)
O2 - BHO: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll ()
O2 - BHO: (VideoFileDownload) - {BA0454C5-FD30-428E-8DB9-3FF87A612F64} - C:\Program Files\OpenApp\bho_project.dll (VideoFileDownload)
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Julian\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL ()
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.5.24.3\bh\Softonic.dll (Softonic.com)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme  Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme  Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE File not found
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Exetender] C:\Program Files\FantastiGames\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [HKCU] C:\Users\Julian\AppData\Roaming\WinDir\Svchost.exe ()
O4 - HKCU..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (Media Finder)
O4 - HKCU..\Run: [RockMelt Update] C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Ltd)
O4 - HKCU..\Run: [Spiele Post] C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe (Intenium)
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk =  File not found
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59392AD0-085B-4AAA-B346-699B938CA27F}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72B212A2-F5DB-4CF9-B478-17CB52DC02C6}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchcore Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchcore Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Julian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Julian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f63f08b3-6464-11dd-9f20-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f63f08b3-6464-11dd-9f20-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.07 16:35:08 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe
[2012.09.07 16:31:26 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Download
[2012.09.03 19:14:07 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.09.03 08:24:18 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[2012.09.03 08:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FantastiGames
[2012.09.03 08:24:01 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2012.09.03 08:23:54 | 000,053,314 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
[2012.09.03 08:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\FantastiGames
[2012.09.03 08:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC
[2012.09.03 08:18:47 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Media Get LLC
[2012.09.03 08:18:41 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\MediaGet2
[2012.09.03 08:18:41 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Media Get LLC
[2012.09.03 08:17:58 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Media Pack
[2012.09.03 08:17:55 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Free Media Pack
[2012.09.01 15:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012.09.01 15:55:13 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Media Finder
[2012.09.01 15:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Media Finder
[2012.09.01 15:55:09 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Uniblue
[2012.09.01 15:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012.09.01 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012.09.01 15:54:55 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\IClaro
[2012.09.01 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Claro LTD
[2012.08.16 08:40:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.16 08:40:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.16 08:40:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.16 08:40:09 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.16 08:40:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.16 08:40:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.16 08:40:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.16 08:39:31 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.15 18:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2012.08.15 18:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Youdagames
[2012.08.15 18:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Youdagames
[2012.08.15 18:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fishdom 2
[2012.08.15 17:39:02 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Ilivid Player
[2012.08.15 17:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012.08.15 17:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar
[2012.08.15 17:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012.08.15 17:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.07 16:35:18 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe
[2012.09.07 16:34:13 | 000,027,171 | -H-- | M] () -- C:\Users\Julian\AppData\Roaming\Julianlog.dat
[2012.09.07 16:28:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.07 16:28:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 16:28:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 16:28:20 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2012.09.07 16:28:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.07 16:28:07 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.07 09:31:55 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.07 09:25:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.07 09:25:00 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.07 09:25:00 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.07 09:25:00 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.07 09:10:31 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001UA.job
[2012.09.07 09:08:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.07 09:04:38 | 000,000,680 | ---- | M] () -- C:\Users\Julian\AppData\Local\d3d9caps.dat
[2012.09.04 18:34:05 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.09.03 19:14:07 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.09.03 08:46:20 | 000,000,605 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012.09.03 08:18:08 | 000,002,217 | ---- | M] () -- C:\user.js
[2012.09.02 19:00:10 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012.09.02 17:49:26 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job
[2012.09.02 17:49:21 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001Core.job
[2012.09.01 16:04:53 | 000,571,904 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\SpiralKnightsHack.exe
[2012.09.01 15:58:49 | 000,031,695 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Julian3SQLite3.dll
[2012.08.29 08:30:47 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.29 08:30:46 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.25 18:01:26 | 000,001,921 | ---- | M] () -- C:\Users\Julian\Desktop\Spiral Knights.lnk
[2012.08.16 08:53:40 | 000,461,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.06 19:39:46 | 2138,300,416 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.03 08:46:20 | 000,000,605 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012.09.01 15:58:49 | 000,031,695 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Julian3SQLite3.dll
[2012.09.01 15:58:38 | 000,571,904 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\SpiralKnightsHack.exe
[2012.09.01 15:55:12 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2012.08.25 18:01:26 | 000,001,951 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiral Knights.lnk
[2012.08.25 18:01:26 | 000,001,921 | ---- | C] () -- C:\Users\Julian\Desktop\Spiral Knights.lnk
[2012.08.25 18:00:37 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.08.07 16:14:10 | 000,384,844 | ---- | C] () -- C:\Users\Julian\AppData\Local\funmoods-speeddial.crx
[2012.08.07 16:14:10 | 000,031,465 | ---- | C] () -- C:\Users\Julian\AppData\Local\funmoods.crx
[2012.02.06 17:09:47 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2011.08.24 16:32:39 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.08.24 16:32:00 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.08.12 17:58:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.04.17 10:54:24 | 000,000,680 | ---- | C] () -- C:\Users\Julian\AppData\Local\d3d9caps.dat
[2011.01.30 00:37:03 | 000,023,040 | ---- | C] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.01 20:52:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\NetServices
[2010.08.01 20:52:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.08.01 20:52:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Pedal Hard
[2010.08.01 20:51:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature
[2010.08.01 20:51:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.08.01 20:51:21 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Overdrive
[2010.01.13 15:24:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2005.04.26 06:18:32 | 000,027,171 | -H-- | C] () -- C:\Users\Julian\AppData\Roaming\Julianlog.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
--- --- ---
File 1


Alt 07.09.2012, 20:22   #21
fridum
 
AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.09.2012 16:40:31 - Run 1
OTL by OldTimer - Version 3.2.61.1     Folder = C:\Users\Julian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,63% Memory free
4,22 Gb Paging File | 2,79 Gb Available in Paging File | 66,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 11,65 Gb Free Space | 10,00% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 106,53 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT_PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.07 16:35:18 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe
PRC - [2012.09.03 19:14:33 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012.09.03 19:14:03 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.08.07 17:05:31 | 000,136,336 | ---- | M] (Google Inc.) -- C:\Users\Julian\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2012.07.08 07:37:22 | 000,026,008 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2012.06.28 15:43:16 | 008,613,888 | ---- | M] (Media Finder) -- C:\Program Files\Media Finder\Media Finder.exe
PRC - [2012.05.29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2012.05.24 23:20:51 | 001,241,184 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
PRC - [2012.04.30 15:19:09 | 000,397,848 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe
PRC - [2012.03.21 20:02:24 | 004,862,384 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\FantastiGames\GPlayer.exe
PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.01.04 22:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012.01.04 22:24:50 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011.10.13 10:52:40 | 000,479,984 | ---- | M] (Intenium) -- C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe
PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.25 15:46:33 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.16 02:27:10 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.12.12 01:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.29 02:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.31 06:35:57 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007.09.01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.03 19:14:33 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012.09.03 19:14:09 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012.09.03 19:14:05 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012.06.19 15:18:40 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\sendspace.dll
MOD - [2012.06.19 15:18:40 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\mediafire.dll
MOD - [2012.06.19 15:18:38 | 000,359,424 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploading.dll
MOD - [2012.06.19 15:18:38 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploadstation.dll
MOD - [2012.06.19 15:18:38 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\unibytes.dll
MOD - [2012.06.19 15:18:38 | 000,317,440 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\turbobit.dll
MOD - [2012.06.19 15:18:38 | 000,315,392 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\rapidshare.dll
MOD - [2012.06.19 15:18:36 | 000,437,760 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\extabit.dll
MOD - [2012.06.19 15:18:36 | 000,359,936 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\filepost.dll
MOD - [2012.06.19 15:18:36 | 000,357,376 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\madshare.dll
MOD - [2012.06.19 15:18:36 | 000,320,000 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\letitbit.dll
MOD - [2012.06.19 15:18:36 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\hotfile.dll
MOD - [2012.06.19 15:18:36 | 000,314,880 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\furk.dll
MOD - [2012.06.19 15:18:34 | 000,961,536 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\_4shared.dll
MOD - [2012.06.19 15:18:34 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\depositfiles.dll
MOD - [2012.06.15 14:29:51 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll
MOD - [2012.06.15 14:03:10 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll
MOD - [2012.06.15 14:02:30 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll
MOD - [2012.06.15 14:01:53 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll
MOD - [2012.06.15 14:01:42 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll
MOD - [2012.05.24 13:19:00 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\oron.dll
MOD - [2012.05.18 13:37:41 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll
MOD - [2012.05.18 13:37:40 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll
MOD - [2012.05.18 13:37:40 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll
MOD - [2012.05.18 13:37:37 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll
MOD - [2012.05.18 13:37:33 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
MOD - [2012.05.13 08:46:55 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll
MOD - [2012.05.13 08:38:24 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
MOD - [2012.05.13 08:38:02 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll
MOD - [2012.05.13 08:38:00 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012.05.13 08:37:46 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012.05.13 08:37:22 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012.05.13 08:37:09 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2011.06.16 06:32:36 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.02.06 12:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.02.06 12:31:58 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.02.06 12:31:58 | 000,324,896 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll
MOD - [2010.03.18 14:18:36 | 000,509,304 | ---- | M] () -- C:\Windows\Downloaded Program Files\ExentCtl.ocx
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
MOD - [2007.08.14 22:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 22:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 22:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.07 09:00:59 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012.09.03 19:14:03 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012.08.29 08:30:47 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.30 15:19:09 | 000,397,848 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012.01.04 22:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011.04.03 09:33:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\microsoft shared\Service\Software Jukebox v2.0 Service File.exe -- (Software Jukebox v2.0 Service)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.03.25 15:46:33 | 001,245,064 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008.09.05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007.08.22 02:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.06.15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2012.09.03 19:14:07 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011.08.24 16:32:39 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.08.24 16:32:00 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.11.22 10:25:22 | 000,046,184 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\FantastiGames\X6XSEx.sys -- (X6XSEx)
DRV - [2009.11.20 05:02:57 | 000,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100402.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009.10.19 09:15:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009.06.10 12:09:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.03.17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009.02.19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009.02.19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2009.02.19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009.02.19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2009.02.19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009.02.19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.07.30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008.02.01 03:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008.02.01 03:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008.02.01 03:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.12.06 22:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.08.09 05:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.08.08 18:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007.07.30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.07.13 10:18:19 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.05.14 10:26:10 | 000,508,288 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007.01.24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.14 02:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2005.12.06 05:27:29 | 000,287,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2005.12.06 05:26:16 | 000,039,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005.06.17 05:20:20 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=141113&systemid=426&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://isearch.avg.com/?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=11.1.0.12&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=12.2.5.32&sap=hp
IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=113933&tt=3612_3&babsrc=SP_ss&mntrId=e0c5cd28000000000000002243021e0c
IE - HKCU\..\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}: "URL" = hxxp://isearch.avg.com/search?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{82007ACF-53B7-404B-9D71-D2DD12C0E98C}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=331
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=141113&systemid=426&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=HP_ss&mntrId=e0c5cd28000000000000002243021e0c"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledAddons: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.6.0.10
FF - prefs.js..extensions.enabledAddons: crossriderapp2258@crossrider.com:0.83.60
FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {af6ac4f2-9825-4fb6-a600-92bc5361f209}:4.6.0.1
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2
FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.1
FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com:1.5
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01
FF - prefs.js..extensions.enabledAddons: ffxtlbr@claro.com:1.5.0
FF - prefs.js..extensions.enabledAddons: @themediafinder.com:1.1.0
FF - prefs.js..extensions.enabledAddons: gencrawler@some.com:2.6
FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchcore.net/426"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=KW_ss&mntrId=e0c5cd28000000000000002243021e0c&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Julian\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.11.19 17:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.09.03 19:14:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.24 17:50:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.01 14:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.19 15:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.04.08 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions
[2011.02.15 16:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.03 08:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions
[2011.01.30 00:35:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.11 18:07:52 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2012.09.03 08:21:55 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.04.08 19:21:37 | 000,000,000 | ---D | M] (Searchcore Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{af6ac4f2-9825-4fb6-a600-92bc5361f209}
[2012.07.05 16:32:50 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\crossriderapp2258@crossrider.com
[2012.08.07 16:29:19 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@babylon.com
[2012.09.01 15:54:49 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@claro.com
[2012.08.07 16:14:09 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com
[2012.07.05 14:42:48 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbra@softonic.com
[2012.08.07 16:38:31 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@videofiledownload.com
[2012.08.15 17:12:27 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@yontoo.com
[2012.07.05 14:32:59 | 000,172,310 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2011.08.02 12:16:02 | 000,000,941 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\conduit.xml
[2012.08.21 17:04:17 | 000,002,325 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\Search.xml
[2012.09.03 08:21:40 | 000,002,519 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\Search_Results.xml
[2012.07.05 14:42:45 | 000,002,060 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\softonic.xml
[2012.07.05 16:37:43 | 000,004,113 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\sweetim.xml
[2012.04.08 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.15 20:38:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.04.08 19:22:00 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCHCORE TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012.09.03 19:14:16 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
[2012.09.03 08:08:58 | 000,000,000 | ---D | M] (Media Finder plugin) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\@THEMEDIAFINDER.COM
[2012.09.03 08:08:58 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.03 19:14:32 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.03 08:18:04 | 000,006,528 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.24 15:17:30 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.03 08:21:40 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\crossrider
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\crossrider
CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BrotherSoft Extreme  Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.)
O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (DataMngr) - {7DA17D5A-5718-4130-A605-FC316C827836} - C:\Program Files\Searchcore Toolbar\Datamngr\BrowserConnection.dll (Discordia , LTD)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Julian\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)
O2 - BHO: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll ()
O2 - BHO: (VideoFileDownload) - {BA0454C5-FD30-428E-8DB9-3FF87A612F64} - C:\Program Files\OpenApp\bho_project.dll (VideoFileDownload)
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Julian\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL ()
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.5.24.3\bh\Softonic.dll (Softonic.com)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme  Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme  Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE File not found
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Exetender] C:\Program Files\FantastiGames\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [HKCU] C:\Users\Julian\AppData\Roaming\WinDir\Svchost.exe ()
O4 - HKCU..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (Media Finder)
O4 - HKCU..\Run: [RockMelt Update] C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Ltd)
O4 - HKCU..\Run: [Spiele Post] C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe (Intenium)
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk =  File not found
O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59392AD0-085B-4AAA-B346-699B938CA27F}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72B212A2-F5DB-4CF9-B478-17CB52DC02C6}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchcore Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchcore Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Julian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Julian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f63f08b3-6464-11dd-9f20-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f63f08b3-6464-11dd-9f20-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.07 16:35:08 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe
[2012.09.07 16:31:26 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Download
[2012.09.03 19:14:07 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.09.03 08:24:18 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[2012.09.03 08:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FantastiGames
[2012.09.03 08:24:01 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2012.09.03 08:23:54 | 000,053,314 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
[2012.09.03 08:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\FantastiGames
[2012.09.03 08:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC
[2012.09.03 08:18:47 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Media Get LLC
[2012.09.03 08:18:41 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\MediaGet2
[2012.09.03 08:18:41 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Media Get LLC
[2012.09.03 08:17:58 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Media Pack
[2012.09.03 08:17:55 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Free Media Pack
[2012.09.01 15:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012.09.01 15:55:13 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Media Finder
[2012.09.01 15:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Media Finder
[2012.09.01 15:55:09 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Uniblue
[2012.09.01 15:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012.09.01 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012.09.01 15:54:55 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\IClaro
[2012.09.01 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Claro LTD
[2012.08.16 08:40:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.16 08:40:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.16 08:40:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.16 08:40:09 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.16 08:40:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.16 08:40:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.16 08:40:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.16 08:39:31 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.15 18:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2012.08.15 18:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Youdagames
[2012.08.15 18:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Youdagames
[2012.08.15 18:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fishdom 2
[2012.08.15 17:39:02 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Ilivid Player
[2012.08.15 17:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012.08.15 17:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar
[2012.08.15 17:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012.08.15 17:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.07 16:35:18 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe
[2012.09.07 16:34:13 | 000,027,171 | -H-- | M] () -- C:\Users\Julian\AppData\Roaming\Julianlog.dat
[2012.09.07 16:28:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.07 16:28:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 16:28:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 16:28:20 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2012.09.07 16:28:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.07 16:28:07 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.07 09:31:55 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.07 09:25:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.07 09:25:00 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.07 09:25:00 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.07 09:25:00 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.07 09:10:31 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001UA.job
[2012.09.07 09:08:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.07 09:04:38 | 000,000,680 | ---- | M] () -- C:\Users\Julian\AppData\Local\d3d9caps.dat
[2012.09.04 18:34:05 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.09.03 19:14:07 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.09.03 08:46:20 | 000,000,605 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012.09.03 08:18:08 | 000,002,217 | ---- | M] () -- C:\user.js
[2012.09.02 19:00:10 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012.09.02 17:49:26 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job
[2012.09.02 17:49:21 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001Core.job
[2012.09.01 16:04:53 | 000,571,904 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\SpiralKnightsHack.exe
[2012.09.01 15:58:49 | 000,031,695 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Julian3SQLite3.dll
[2012.08.29 08:30:47 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.29 08:30:46 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.25 18:01:26 | 000,001,921 | ---- | M] () -- C:\Users\Julian\Desktop\Spiral Knights.lnk
[2012.08.16 08:53:40 | 000,461,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.06 19:39:46 | 2138,300,416 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.03 08:46:20 | 000,000,605 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012.09.01 15:58:49 | 000,031,695 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Julian3SQLite3.dll
[2012.09.01 15:58:38 | 000,571,904 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\SpiralKnightsHack.exe
[2012.09.01 15:55:12 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2012.08.25 18:01:26 | 000,001,951 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiral Knights.lnk
[2012.08.25 18:01:26 | 000,001,921 | ---- | C] () -- C:\Users\Julian\Desktop\Spiral Knights.lnk
[2012.08.25 18:00:37 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.08.07 16:14:10 | 000,384,844 | ---- | C] () -- C:\Users\Julian\AppData\Local\funmoods-speeddial.crx
[2012.08.07 16:14:10 | 000,031,465 | ---- | C] () -- C:\Users\Julian\AppData\Local\funmoods.crx
[2012.02.06 17:09:47 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2011.08.24 16:32:39 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.08.24 16:32:00 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.08.12 17:58:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.04.17 10:54:24 | 000,000,680 | ---- | C] () -- C:\Users\Julian\AppData\Local\d3d9caps.dat
[2011.01.30 00:37:03 | 000,023,040 | ---- | C] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.01 20:52:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\NetServices
[2010.08.01 20:52:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.08.01 20:52:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Pedal Hard
[2010.08.01 20:51:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature
[2010.08.01 20:51:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.08.01 20:51:21 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Overdrive
[2010.01.13 15:24:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2005.04.26 06:18:32 | 000,027,171 | -H-- | C] () -- C:\Users\Julian\AppData\Roaming\Julianlog.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
--- --- ---
File 1

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.09.2012 16:40:31 - Run 1
OTL by OldTimer - Version 3.2.61.1     Folder = C:\Users\Julian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,63% Memory free
4,22 Gb Paging File | 2,79 Gb Available in Paging File | 66,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 11,65 Gb Free Space | 10,00% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 106,53 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT_PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C0D70F-531B-4EB0-B036-CAA6FA163E7B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{208774B8-F0A1-487D-BB36-E42AEDF909E7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4B13F255-D055-47E5-B4B8-A0964AEE80A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4F56665C-78B2-49BE-A4A8-1CDE8EA31D77}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5A269FE7-9970-404B-BDE9-AB5A3948B327}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7A736A6E-31AF-43BB-8142-CA5007D68095}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8C562371-8C65-43DC-A004-D5BCB8E0CA92}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BA4C19D9-E342-4C3C-8769-A1686FB6E99F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DC573A11-8420-4DDA-8ADD-75A0635B3516}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E4F4DE4B-F0F6-495D-B43F-B60D9F29CF26}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041365C5-B662-451B-B123-7FEAA8299630}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{062A776D-FFB8-40D0-9038-F7E3C8FFCCF6}" = protocol=17 | dir=in | app=c:\program files\searchcore toolbar\datamngr\toolbar\dtuser.exe | 
"{07EEB584-1D9F-4392-9CCC-11DF63CE1BAB}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe | 
"{11FE892B-BAA5-48CC-8133-149EDE40CF93}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{12B4FF67-9490-42FD-8ADB-1E232E470C2E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{15B078D8-92A2-497C-A4E2-B76A6A11FF5A}" = protocol=6 | dir=in | app=c:\program files\searchcore toolbar\datamngr\toolbar\dtuser.exe | 
"{15D6FB71-85A9-4402-B11C-F4C563287408}" = protocol=6 | dir=in | app=c:\users\julian\appdata\local\akamai\netsession_win.exe | 
"{1893CE1D-6A38-4EA8-A44E-3F528D9CD6E9}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{18F2498C-41FA-4271-86D2-A612B594BBDF}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe | 
"{2245F96D-2BC8-40D3-837D-6F30076ECBB7}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{274E4BD0-86FD-42C3-828E-3757CA74A351}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"{2A89C101-EEF3-427E-A781-D04DF72AB5E4}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe | 
"{30043F4C-153D-4323-AC3C-5A05572D5016}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe | 
"{35BF720D-DE16-4013-8ECA-C3AB11CFAD3A}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{3755F6C4-0D6B-4077-B0A8-9439A69C4404}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{37C10947-0D09-4333-BB64-E8D42BBFA0C2}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{48F879BA-1B60-4146-9873-DB015A51E289}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{49075855-5E4F-42D7-956C-299770F551E1}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{49A0E560-C080-49E5-BC1A-FE48A0234792}" = protocol=17 | dir=in | app=c:\users\julian\appdata\local\akamai\netsession_win.exe | 
"{559F926F-DD48-4EAB-A351-A4359D907611}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{5A737496-C6D5-4808-94EE-BA3A9290C113}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{5FD34093-1B48-4667-9D09-F6D03AFE352D}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{63ED93F2-AE1B-49EA-B579-7C4C8D44C98A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6A4D2B4C-CC66-4F30-8D69-B242F5C48BD6}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{6D8F8063-410F-403E-A7BD-5DB9FB798950}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{6DF82AE0-FC6C-41B2-A403-4185AC4229D7}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{7A326EAF-CBA0-4009-9661-272C99975491}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{8519AC87-F8DD-4A90-9F97-9188F1D32793}" = protocol=17 | dir=in | app=c:\users\julian\downloads\facemoods.exe | 
"{89BA8EAE-66BD-474F-BD06-A00D8EC82472}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{91D58EFF-14C8-4F29-A36A-15F1A18D0720}" = protocol=6 | dir=in | app=c:\users\julian\downloads\facemoods.exe | 
"{94C52A11-F082-4AE6-A7E1-04E80B306828}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{95072148-549E-4110-959D-B096A6186EC4}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{95B19B0C-BDB8-489D-A7E3-12728FD5A969}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{A6B11090-952C-4528-BCC8-F4208FFB2BFE}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{ABA8EDAE-87B1-4AF2-8BCE-049EF096D71C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"{AF2DC172-CDFC-406F-8B8C-DDAED58B3039}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{AF6CA5B5-F900-486E-BC7B-99F8816CC774}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{BA009C22-9DBC-4221-8B41-49BD05805639}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe | 
"{BA68D5A8-44E6-4E88-B2E7-1BFA836F22F3}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{C43432E2-E8FE-41CF-A98A-00F8A64CD28F}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{C6B1CCAB-3B84-4396-BAEB-900D6F05BBD9}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{C9DB3AA0-B929-4F62-A7A9-5D6DF742CD9F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CFBCAF8E-E525-4135-A8B2-BEB92E70D058}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"{CFDC7F0E-4231-4F69-9D61-E57A5610EC42}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D226C295-F5CF-480E-B5E0-AE47444ECDEC}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{D56727A9-2913-4B32-BC9C-D875A9857A68}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{E4671131-9414-43C8-86C1-3BB0D4B5E350}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{E8427696-6778-4D2C-BB15-B177FFE0E0F7}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{E98B947D-93E5-4492-8952-895F8E6BFED4}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{EE4D0457-3F61-434D-9E50-5550F723E55B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EE5F85A3-1477-4B0C-94E9-49306B464245}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F0CE7701-0271-4A29-80A0-E8BFB6BEB800}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F11EF3CE-0E80-4A11-ABFE-58E9BB7E367C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F45FE5E1-4F2E-451F-8B86-920F176FED92}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{F5E6B9C7-CB86-4883-9A15-567D975D0EF6}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{F94AA15E-E5A7-4412-A08E-8C94AAA1C623}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe | 
"{FBE24523-40F1-40AB-A9DB-553A1E4E8AE0}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{FCFD55CA-455D-42AE-BB97-29FCF65052CA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1CFE89F9-E734-41C3-A2EF-0C558FCE0C1F}" = SymNet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = FantastiGames
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{45A583AC-22D5-44F1-B093-FF0429D764E9}" = Jagen 2011
"{49CC8633-1C39-494F-81A9-9FB05D5B3372}" = Fishdom 2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}" = LEGO® Star Wars™ III: The Clone Wars™
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6DA399FC-350F-41AC-8CA6-B9F8496753BE}_is1" = Media Finder 1.0.9.29
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74AF34F6-ACF4-438C-9C7E-FA0307B60E45}" = IClaroInstaller
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94F15234-1602-49AA-9D8C-4E0655173725}" = Aeria Ignite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A4478A48-6DFD-47EB-8140-B0E373047805}" = ErgoPlanet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{ADCABEAB-487A-42CE-B751-6AFDBC3EC676}_is1" = Free Media Pack version 1.7
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EAA01BA0-6991-4296-A404-4FFF2DAC2225}" = ParaWorld
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-Treiberpaket - Nokia (WUDFRd) WPD  (06/01/2007 6.84.33.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.7.1238" = Aeria Ignite
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Akamai" = Akamai NetSession Interface
"AVG Secure Search" = AVG Security Toolbar
"BabylonToolbar" = Babylon toolbar on IE
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"Build-a-lot" = Build-a-lot
"Civitas3" = Grand Ages Rome 1.01
"claro" = Claro LTD toolbar  on IE
"conduitEngine" = Conduit Engine
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"Deer Drive" = Deer Drive 1.51T
"Deer Hunter 2004" = Deer Hunter 2004 (remove only)
"Deutschland Spielt - Spiele Post" = Deutschland Spielt - Spiele Post
"DEUTSCHLAND SPIELT Spiele Post" = DEUTSCHLAND SPIELT Spiele Post
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EdenEternal-DE" = EdenEternal-DE
"ExpressBurn" = Express Burn
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"Fiesta Online DE" = Fiesta Online DE 1.04.053
"funmoods" = Funmoods Web Search
"GameSpy Arcade" = GameSpy Arcade
"German Truck Simulator" = Austrian Truck Simulator 1.31
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hunting Unlimited 2010" = Hunting Unlimited 2010 1.0
"I Want This" = I Want This
"iLivid" = iLivid
"InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.2
"MAGIX Fotos auf CD & DVD 7 D" = MAGIX Fotos auf CD & DVD 7 7.0.2.0 (D)
"MAGIX Fotos auf CD & DVD 9 Download-Version D" = MAGIX Fotos auf CD & DVD 9 Download-Version 9.0.3.1 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Screenshare D" = MAGIX Screenshare
"Meine kleine Farm 2" = Meine kleine Farm 2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"PC Performer_is1" = PC Performer
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Searchqu Toolbar" = Searchqu Toolbar
"Skyscraper Simulator" = Skyscraper Simulator
"Softonic" = Softonic toolbar  on IE
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trophy Hunter 2003 Demo_is1" = Trophy Hunter 2003 Demo - Rocky Mountain Adventures
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"Updater Service" = Updater Service
"UseNeXT_is1" = UseNeXT
"vfd-ob" = VideoFileDownload
"WavePad" = WavePad Sound Editor
"Windows Searchcore Toolbar" = Searchcore Toolbar
"Xfire" = Xfire (remove only)
"Youda Fisherman" = Youda Fisherman
"Youda Marina" = Youda Marina
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E2AF26F0-6DCC-410c-A24D-ED093DDE1638}" = Free Media Pack
"Akamai" = Akamai NetSession Interface
"iPACS Viewer" = iPACS Viewer
"RockMelt" = RockMelt
"YourFileDownloader" = YourFileDownloader
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.09.2012 03:35:06 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.09.2012 03:35:07 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.09.2012 03:35:07 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.09.2012 03:35:07 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.09.2012 03:35:07 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.09.2012 03:35:08 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.09.2012 03:35:08 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.09.2012 10:29:11 | Computer Name = Privat_PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 5.0.0.4183, Zeitstempel
 0x4df95302, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x10488792,  Prozess-ID 0x968, Anwendungsstartzeit
 01cd8d051bbfd998.
 
Error - 07.09.2012 10:29:54 | Computer Name = Privat_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.09.2012 10:58:05 | Computer Name = Privat_PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung deerdrive.exe, Version 1.51.0.0, Zeitstempel
 0x46bc1825, fehlerhaftes Modul deerdrive.exe, Version 1.51.0.0, Zeitstempel 0x46bc1825,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00075e24,  Prozess-ID 0x160c, Anwendungsstartzeit
 01cd8d08f47bbd08.
 
[ System Events ]
Error - 06.09.2012 13:47:24 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 07.09.2012 03:00:29 | Computer Name = Privat_PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.0.0.3 für die Netzwerkkarte mit der Netzwerkadresse
 002243021E0C wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 07.09.2012 03:02:04 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 07.09.2012 03:02:04 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.09.2012 03:06:08 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 07.09.2012 03:19:25 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.09.2012 03:22:47 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 07.09.2012 10:28:23 | Computer Name = Privat_PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.16 für die Netzwerkkarte mit der Netzwerkadresse
 002243021E0C wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 07.09.2012 10:30:32 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.09.2012 10:33:23 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---
File 2

Alt 07.09.2012, 20:45   #22
schrauber
/// the machine
/// TB-Ausbilder
 

AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



Dann bitte jetzt das hier

http://www.trojaner-board.de/123412-...tml#post907655
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.09.2012, 21:12   #23
fridum
 
AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-09-08.02 - Julian 08.09.2012  21:19:59.1.2 - x86
ausgeführt von:: c:\users\Julian\AppData\Local\Temp\79q1s4s4.tmp\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OpenApp\bhO_project.dll
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\TSearch
c:\program files\TSearch\easydownload.exe
c:\program files\TSearch\libtorrent.pyd
c:\program files\TSearch\python25.dll
c:\program files\TSearch\results
c:\users\Julian\AppData\Roaming\Julian3SQLite3.dll
c:\users\Julian\AppData\Roaming\Julianlog.dat
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\install.rdf
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
c:\users\Julian\AppData\Roaming\SpiralKnightsHack.exe
c:\users\Julian\AppData\Roaming\Windir
c:\users\Julian\AppData\Roaming\WinDir\Svchost.exe
c:\users\Patrick Masser\AppData\Roaming\AdVantage
c:\users\Patrick Masser\AppData\Roaming\master
c:\windows\system32\GnUCdna.dll
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-08 bis 2012-09-08  ))))))))))))))))))))))))))))))
.
.
2012-09-08 19:00 . 2012-09-08 19:00	--------	d-----w-	c:\program files\CCleaner
2012-09-07 15:08 . 2012-09-07 15:08	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{83660C0C-E462-417E-B7CB-5D1B1A0B3661}\offreg.dll
2012-09-07 07:43 . 2012-08-23 07:15	7022536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{83660C0C-E462-417E-B7CB-5D1B1A0B3661}\mpengine.dll
2012-09-03 17:14 . 2012-09-03 17:14	27496	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2012-09-03 06:19 . 2012-09-03 06:19	--------	d-----w-	c:\programdata\Media Get LLC
2012-09-03 06:18 . 2012-09-03 06:18	--------	d-----w-	c:\users\Julian\AppData\Local\Media Get LLC
2012-09-03 06:17 . 2012-09-03 06:17	--------	d-----w-	c:\users\Julian\AppData\Roaming\Free Media Pack
2012-09-01 13:55 . 2012-09-03 06:08	--------	d-----w-	c:\users\Julian\AppData\Roaming\Media Finder
2012-09-01 13:55 . 2012-09-03 06:09	--------	d-----w-	c:\program files\Media Finder
2012-09-01 13:55 . 2012-09-01 13:55	--------	d-----w-	c:\users\Julian\AppData\Roaming\Uniblue
2012-09-01 13:54 . 2012-09-01 13:54	--------	d-----w-	c:\program files\Uniblue
2012-09-01 13:54 . 2012-09-01 13:54	--------	d-----w-	c:\users\Julian\AppData\Roaming\IClaro
2012-09-01 13:54 . 2012-09-01 13:54	--------	d-----w-	c:\program files\Claro LTD
2012-08-16 06:39 . 2012-07-04 14:02	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 16:37 . 2012-08-15 16:37	--------	d-----w-	c:\programdata\Playrix Entertainment
2012-08-15 16:36 . 2012-08-15 16:37	--------	d-----w-	c:\programdata\Youdagames
2012-08-15 16:36 . 2012-08-15 16:36	--------	d-----w-	c:\program files\Youdagames
2012-08-15 15:39 . 2012-08-15 15:39	--------	d-----w-	c:\users\Julian\AppData\Local\Ilivid Player
2012-08-15 15:37 . 2012-08-15 15:38	--------	d-----w-	c:\program files\Searchqu Toolbar
2012-08-15 15:12 . 2012-08-15 15:12	--------	d-----w-	c:\program files\Yontoo
2012-08-15 15:12 . 2012-08-15 15:12	--------	d-----w-	c:\programdata\Tarma Installer
2012-08-15 08:34 . 2012-05-11 15:57	623616	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 18:03 . 2008-08-07 11:15	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-08-29 06:30 . 2012-04-04 07:33	696520	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-29 06:30 . 2011-07-15 05:34	73416	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-01 17:13 . 2012-08-01 17:13	184700	----a-w-	C:\torrent.exe
2011-06-16 04:32 . 2011-06-01 12:45	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26	3908192	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2011-05-09 09:49	176936	----a-w-	c:\program files\BrotherSoft_Extreme\prxtbBro1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08	2393184	----a-w-	c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-03 17:14	1734240	----a-w-	c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-05-29 07:05	244840	----a-w-	c:\program files\Softonic\Softonic\1.5.24.3\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2011-05-09 09:49	176936	----a-w-	c:\program files\DVDVideoSoft\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-06-04 14:12	1310040	----a-w-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD2.dll" [2011-05-09 176936]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro1.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-03 1734240]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll" [2012-05-29 253032]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD2.dll" [2011-05-09 176936]
"{51A86BB3-6602-4C85-92A5-130EE4864F13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro1.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Akamai NetSession Interface"="c:\users\Julian\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RockMelt Update"="c:\users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-08-07 136336]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2012-07-08 68504]
"Media Finder"="c:\program files\Media Finder\Media Finder.exe" [2012-06-28 8613888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-19 185872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-04 103896]
"Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-03 947808]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]
.
c:\users\Patrick Masser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ja.lnk -  [N/A]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2006-11-29 2323024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:30]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 16:30]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 16:30]
.
2012-09-02 c:\windows\Tasks\PC Performer_DEFAULT.job
- c:\program files\PC Performer\PCPerformer.exe [2012-04-08 13:47]
.
2012-07-18 c:\windows\Tasks\PC Performer_UPDATES.job
- c:\program files\PC Performer\PCPerformer.exe [2012-04-08 13:47]
.
2012-09-07 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-02-06 20:24]
.
2012-09-07 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001Core.job
- c:\users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-08-07 15:05]
.
2012-09-08 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001UA.job
- c:\users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-08-07 15:05]
.
2012-09-08 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-09-01 05:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://isearch.avg.com/?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31&v=12.2.5.32&sap=hp
mStart Page = hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722
uInternet Settings,ProxyOverride = *.local;<local>
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.hpOld - hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF}
FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.Softonic.dspOld - SweetIM Search
FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic)
FF - user.js: extensions.Softonic_i.dnsErr - true
FF - user.js: extensions.Softonic_i.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - e0c5cd28000000000000002243021e0c
FF - user.js: extensions.Softonic.instlDay - 15526
FF - user.js: extensions.Softonic.vrsn - 1.5.24.3
FF - user.js: extensions.Softonic.vrsni - 1.5.24.3
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.24.314:42
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00015
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722&q=
FF - user.js: extensions.funmoods.id - 002243021E0CCD28
FF - user.js: extensions.funmoods.instlDay - 15559
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2216:14:3
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - wbst
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - 
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - e0c5cd28000000000000002243021e0c
FF - user.js: extensions.BabylonToolbar.instlDay - 15561
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.611:09
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3212_7
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extentions.y2layers.installId - 408814f5-9ee7-4125-b252-67fab029f7bd
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.id - e0c5cd28000000000000002243021e0c
FF - user.js: extensions.claro.instlDay - 15586
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.18:18
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - iclaro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-DATAMNGR - c:\progra~1\SEARCH~1\Datamngr\DATAMN~1.EXE
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-08 21:55
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-09-08  22:00:33
ComboFix-quarantined-files.txt  2012-09-08 20:00
.
Vor Suchlauf: 11 Verzeichnis(se), 34.057.961.472 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 35.121.307.648 Bytes frei
.
- - End Of File - - 723570DE3580D02D45BAAD8BDC9E3469
         
--- --- ---

Alt 09.09.2012, 07:25   #24
schrauber
/// the machine
/// TB-Ausbilder
 

AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



Hi,

Scripten mit Combofix

  • Öffne den Editor ( Start -> Zubehör -> Editor ) kopiere nun folgenden Text in das weiße Feld:
Zitat:
File::
C:\torrent.exe


Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt
  • Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!




Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann






Malwarebytes' Anti-Malware
  • Lies dir die Entfernungsanleitung durch und lass alles entfernen was gefunden wurde:

(nach dem scannen auf den Button klicken und Funde löschen lassen!)
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.09.2012, 13:53   #25
fridum
 
AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.09.09.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Julian :: PRIVAT_PC [Administrator]

Schutz: Aktiviert

09.09.2012 10:50:47
mbam-log-2012-09-09 (10-50-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 403293
Laufzeit: 2 Stunde(n), 20 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 4244 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 26
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\claro.claroappCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\claro.claroappCore (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt.
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{2850BDC7-2330-4E31-9FA0-88268846539A} (Adware.WhenU) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21} (Adware.WhenU) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\CYBER (Backdoor.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\USERS\JULIAN\APPDATA\ROAMING\MEDIA FINDER\EXTENSIONS\GENCRAWLER_GC.DLL (Trojan.Downloader) -> Daten: 2 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Cyber|FirstExecution (Backdoor.Trace) -> Daten: 01/09/2012 -- 15:58 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 9
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files\Claro LTD\claro\1.6.4.1\claroApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Program Files\OpenApp\bhO_project.dll.vir (PUP.Adware.Agent) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Julian\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Julian\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\smartdl\vfd.exe (Adware.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Julian\AppData\Roaming\WinDir\Svchost.exe.vir (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 09.09.2012, 16:06   #26
schrauber
/// the machine
/// TB-Ausbilder
 

AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



wurde der schritt mit cf ausgeführt? hast du die funde von Malwarebytes löschen lassen? lass bitte Malwarebytes nochmal laufen, funde löschen, log posten.


Mache außerdem noch einen Online-Scan nach dieser Anleitung und poste mir die Ergebnisse. Bitte während der Onine-Scans evtl. vorhandene externe Festplatten einschalten! Wenn Du Firefox verwenden möchtest, musst Du das Addon IE View installieren. Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliche) abstellen und nicht vergessen, sie hinterher wieder einzuschalten. Bitte benutze folgende Scanner und vergesse nicht, die Ergebnisse zu speichern und mir zu posten: F-Secure und Eset/NOD32.



öffne otl, setze bei extra registrierung den haken bei "benutze safe list" und drück scan, poste beide logfiles.

wie läuft der rechner? noch probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.09.2012, 22:40   #27
fridum
 
AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



Ich komme mit dem Scan nicht zurecht, da ich mit SAFARI arbeite.

Alt 12.09.2012, 04:46   #28
schrauber
/// the machine
/// TB-Ausbilder
 

AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



Der Internet Explorer ist werkseitig installiert, benutz den
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.09.2012, 18:52   #29
fridum
 
AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



Malwarebytes Anti-Malware (Test) 1.65.0.1400
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.09.11.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Julian :: PRIVAT_PC [Administrator]

Schutz: Aktiviert

12.09.2012 15:55:32
mbam-log-2012-09-12 (15-55-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 403990
Laufzeit: 2 Stunde(n), 33 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 3800 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 19
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\claro.claroappCore.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\claro.claroappCore (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\f (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Löschen bei Neustart.
C:\Program Files\Claro LTD\claro\1.6.4.1\claroApp.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Program Files\OpenApp\bhO_project.dll.vir (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (PUP.Adware.RelevantKnowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Julian\AppData\Local\funmoods.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende) Malwarebytes Anti-Malware (Test) 1.65.0.1400
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.09.11.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Julian :: PRIVAT_PC [Administrator]

Schutz: Aktiviert

12.09.2012 15:55:32
mbam-log-2012-09-12 (18-31-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 403990
Laufzeit: 2 Stunde(n), 33 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 3800 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 19
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\claro.claroappCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\claro.claroappCore (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files\Claro LTD\claro\1.6.4.1\claroApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Program Files\OpenApp\bhO_project.dll.vir (PUP.Adware.Agent) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Julian\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.

(Ende)

Alt 12.09.2012, 18:58   #30
schrauber
/// the machine
/// TB-Ausbilder
 

AKM Trojaner auf Vista - Standard

AKM Trojaner auf Vista



Dann noch der Rest

Die Logs zeigen einmal dass Du die Funde entfernt hast und einmal wurden Sie ignoriert. Ich geh mal davon auss dass die letzte Aktion das Entfernen war.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu AKM Trojaner auf Vista
akm trojaner, funktionier, funktioniert, heute, nichts, troja, trojaner, vista



Ähnliche Themen: AKM Trojaner auf Vista


  1. Unter Firefox friert Vista ein - oder doch ein Vista Explorer Problem?
    Alles rund um Windows - 10.11.2015 (24)
  2. Win Vista: GVU Trojaner
    Log-Analyse und Auswertung - 01.11.2013 (16)
  3. Vista x32 GVU Trojaner 2.12
    Log-Analyse und Auswertung - 12.08.2013 (7)
  4. bka trojaner 1.13 vista
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (2)
  5. GVU Trojaner 2.07 Vista
    Log-Analyse und Auswertung - 26.10.2012 (15)
  6. Win Vista BKA 1.13 Trojaner
    Log-Analyse und Auswertung - 27.09.2012 (6)
  7. BKA Trojaner 1.13 Vista
    Log-Analyse und Auswertung - 18.09.2012 (3)
  8. GVU-Trojaner mit Web-Cam auf Win Vista 32-Bit
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (8)
  9. Win Vista GVU Trojaner 2.07
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (4)
  10. Win Vista GVU Trojaner 2.07
    Mülltonne - 14.07.2012 (1)
  11. Windows Vista wieder sauber nach entfernen von Vista Recovery?
    Log-Analyse und Auswertung - 14.06.2011 (5)
  12. Vista Security Tool 2010 / Antivirus Vista und deren Verbeitung über dubiose Websites
    Plagegeister aller Art und deren Bekämpfung - 27.04.2010 (4)
  13. Trojaner bei Vista
    Plagegeister aller Art und deren Bekämpfung - 18.04.2010 (1)
  14. Trojaner auf Vista !?
    Plagegeister aller Art und deren Bekämpfung - 24.01.2009 (3)
  15. Vista 64-Bit-Edition auf DVD Alternative Windows Vista-Medien
    Alles rund um Windows - 18.04.2008 (4)
  16. Boot Manager von Vista erneuern, ohne Vista Patition zu löschen
    Alles rund um Windows - 16.01.2008 (1)
  17. Tip: Linux und Vista mit Bitlocker - Dualboot mit dem Vista Boot Manager
    Alles rund um Windows - 19.11.2007 (0)

Zum Thema AKM Trojaner auf Vista - Sehr schön . MUss kurz was checken, melde mich wieder. - AKM Trojaner auf Vista...
Archiv
Du betrachtest: AKM Trojaner auf Vista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.