| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU auf Vista ; kein zugriff auf abgesischtern Modus!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.01.2013, 15:44
| #1 |
| |  GVU auf Vista ; kein zugriff auf abgesischtern Modus! Hallo , ich habe mir den GVU eingefangen . Wie im Titel beschrieben , kann ich nicht auf den abgesicherten Modus vom Profil zugreifen . Aber ich habe die Scans auf einen weitern Profil durchgeführt . OTL: Code:
ATTFilter OTL logfile created on: 14.01.2013 11:21:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Uni\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 64,89% Memory free 6,19 Gb Paging File | 5,18 Gb Available in Paging File | 83,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,68 Gb Total Space | 38,80 Gb Free Space | 8,52% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 2,38 Gb Free Space | 23,83% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.14 11:13:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uni\Downloads\OTL.exe PRC - [2012.12.10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2012.11.14 11:59:32 | 000,615,440 | ---- | M] () -- C:\Programme\EslWire\service\WireHelperSvc.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.04.09 16:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.11.08 07:31:08 | 000,667,648 | ---- | M] () -- C:\GIGABYTE FORCE\GIGABYTE FORCE.exe PRC - [2011.09.24 02:58:48 | 000,397,312 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.09.24 02:58:18 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.08.15 18:13:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2011.06.15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.12 17:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.12.09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Programme\DivX\DivX Plus Web Player\DDMService.exe PRC - [2010.11.04 17:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2010.11.04 17:15:32 | 002,219,184 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\System32\ASDR.exe PRC - [2009.04.10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:24:21 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2006.10.23 01:40:14 | 000,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe PRC - [2006.10.22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe PRC - [2000.01.01 01:00:00 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe ========== Modules (No Company Name) ========== MOD - [2013.01.12 12:38:10 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6cd1063230763008a7c5ea6d77622613\WindowsFormsIntegration.ni.dll MOD - [2013.01.12 12:35:14 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2cbdbc8bb7fcf0d7eb7a8d616e141d79\System.Core.ni.dll MOD - [2013.01.12 12:35:03 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1179785f4c54c05377586bdb2c408acb\IAStorUtil.ni.dll MOD - [2013.01.12 12:35:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\fa3cd8efa21ffb31222298c4ab8a08df\IAStorCommon.ni.dll MOD - [2013.01.12 10:35:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013.01.12 10:35:46 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll MOD - [2013.01.12 10:35:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll MOD - [2013.01.12 10:35:28 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.12 10:35:06 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll MOD - [2013.01.12 10:34:47 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.12 10:32:50 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll MOD - [2013.01.12 10:32:01 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\668c039655437b25586280e1fbff8ef0\PresentationFramework.ni.dll MOD - [2013.01.12 10:30:49 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll MOD - [2013.01.12 10:30:09 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll MOD - [2013.01.12 10:30:03 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.12 10:29:29 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2011.11.08 07:31:08 | 000,667,648 | ---- | M] () -- C:\GIGABYTE FORCE\GIGABYTE FORCE.exe MOD - [2011.09.24 02:17:48 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2011.09.23 21:23:12 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011.03.21 16:30:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010.12.09 20:29:16 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.12.09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2009.03.29 20:42:14 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.29 20:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.29 20:42:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.03.29 20:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.24 17:16:58 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ========== Services (SafeList) ========== SRV - [2013.01.09 17:59:59 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.22 11:56:12 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.11.14 11:59:32 | 000,615,440 | ---- | M] () [Auto | Running] -- C:\Programme\EslWire\service\WireHelperSvc.exe -- (EslWireHelper) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.27 19:12:26 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.24 02:58:18 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.08.15 18:13:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.07.07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.06.15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.11.04 17:18:10 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2010.11.04 17:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ASDR.exe -- (ASDR) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) SRV - [2000.01.01 01:00:00 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Running] -- C:\Windows\system32\drivers\IOMap.sys -- (IOMap) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATKDispLowFilter.sys -- (atkdisplf) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\asusgsb.sys -- (asusgsb) DRV - [2013.01.14 10:54:42 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon) DRV - [2012.11.14 11:59:24 | 000,867,344 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC) DRV - [2011.12.15 18:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2011.10.05 19:05:25 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO.sys -- (EIO) DRV - [2011.09.24 03:57:00 | 008,598,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.09.24 02:18:54 | 000,257,024 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011.07.26 18:49:12 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2011.06.06 23:06:42 | 000,081,936 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService) DRV - [2010.09.03 06:13:46 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2010.07.29 12:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010.07.29 12:31:26 | 000,096,920 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2009.03.18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2000.01.01 01:00:00 | 000,319,592 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2000.01.01 01:00:00 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109989&babsrc=HP_ss&mntrId=e6f9663800000000000000219b17b856 IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109989&babsrc=SP_ss&mntrId=e6f9663800000000000000219b17b856 IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=83f3746d-dd95-43e5-a07b-09f069f6486b&apn_sauid=54AC8C80-2489-4373-9FE1-175ED7B660BC IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local IE - HKU\S-1-5-21-2188088278-3483027397-1906438238-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot" FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.5 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2 FF - prefs.js..extensions.enabledItems: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=109989&babsrc=adbartrp&mntrId=e6f9663800000000000000219b17b856&q=" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\Daniel\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.http: "207.62.217.252" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Daniel\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.17 17:31:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.17 17:31:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 19:12:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 19:12:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.20 17:29:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.01.15 13:08:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 19:12:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 19:12:20 | 000,000,000 | ---D | M] [2011.06.28 09:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2011.06.28 09:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.21 10:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions [2012.12.21 10:55:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.03.24 17:11:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.11.10 15:26:21 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.02.23 20:03:31 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\battlefieldheroespatcher@ea.com [2011.04.12 15:12:26 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\battlefieldplay4free@ea.com [2012.09.15 14:22:04 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\ich@maltegoetz.de [2012.05.24 12:13:27 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\toolbar@ask.com [2011.09.15 13:10:27 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\10ovj1rj.default\extensions\vshare@toolbar [2012.12.20 16:42:47 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2011.12.09 16:23:07 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012.11.24 16:38:42 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.05.24 12:13:27 | 000,002,328 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\askcom.xml [2012.12.20 16:38:33 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-1.xml [2011.06.10 15:12:30 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-2.xml [2011.08.17 09:30:03 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-3.xml [2011.09.01 18:07:53 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-4.xml [2011.09.07 12:18:03 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-5.xml [2011.09.12 21:31:30 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-6.xml [2011.09.16 08:43:27 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin-7.xml [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\10ovj1rj.default\searchplugins\icqplugin.xml [2012.10.27 19:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.27 19:12:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.12.20 18:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions [2012.12.20 18:07:26 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.12.20 18:07:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\updated\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.10.27 19:12:26 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.19 09:55:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.25 21:34:48 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.08.30 13:45:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.19 09:55:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.12.13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml [2012.06.19 09:55:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 09:55:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 09:55:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npoctoshape.dll CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Daniel\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.8_0\ CHR - Extension: Media Hint = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.12_0\ CHR - Extension: YouTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Kalender = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\ CHR - Extension: DivX HiQ = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\ CHR - Extension: AdBlock = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\ CHR - Extension: Troll Emoticons = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndllphbhpadfpoikpaofkkkpkpnmjik\4.6.7_0\ CHR - Extension: Google Mail-Checker = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\ CHR - Extension: Google Mail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [GMouse] C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE () O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [RestartNeroSetup] "F:\Adobe\Nero\Installation\SetupX.exe" File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS) O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 File not found O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [Spotify Web Helper] C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Windows\System32\schtasks.exe (Microsoft Corporation) O4 - Startup: C:\Users\Uni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O7 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E7E103B-45E5-4941-AFA8-78C01B7F06F1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95172133-33D9-40B4-815E-38F9EEAE3F3E}: DhcpNameServer = 131.246.9.116 131.246.1.116 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2188088278-3483027397-1906438238-1000 Winlogon: Shell - (C:\Users\Daniel\AppData\Roaming\skype.dat) - C:\Users\Daniel\AppData\Roaming\skype.dat () O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\UNI\DESKTOP\TASK\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{027f2c52-5026-11e2-8daf-00219b17b856}\Shell - "" = AutoRun O33 - MountPoints2\{027f2c52-5026-11e2-8daf-00219b17b856}\Shell\AutoRun\command - "" = F:\Installer.exe O33 - MountPoints2\{16269461-201f-11e0-8abf-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{16269461-201f-11e0-8abf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CheckID.exe O33 - MountPoints2\{1fea36f2-20bf-11e0-ad25-00219b17b856}\Shell - "" = AutoRun O33 - MountPoints2\{1fea36f2-20bf-11e0-ad25-00219b17b856}\Shell\AutoRun\command - "" = G:\Razor1911_Installer.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.27 18:10:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\FUSSBALL MANAGER 13 [2012.12.27 17:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\FUSSBALL MANAGER 13 [2012.12.27 17:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2012.12.27 17:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes [2012.12.27 17:43:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Pro [2012.12.27 17:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro [2012.12.27 17:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2012.12.27 17:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\FIFA Manager 13 [2012.12.20 17:06:37 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Ashampoo [2012.12.20 17:06:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\ashampoo [2012.12.20 17:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.12.20 17:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo [2012.12.20 17:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo [2012.12.17 16:32:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\HM1 [2011.03.05 14:28:40 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Daniel\AppData\Roaming\MinecraftSP.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.14 11:17:52 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job [2013.01.14 11:17:46 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.14 11:17:46 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.14 11:17:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.14 11:17:41 | 3220,164,608 | -HS- | M] () -- C:\hiberfil.sys [2013.01.14 11:16:30 | 000,000,004 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\skype.ini [2013.01.14 11:16:15 | 000,000,186 | ---- | M] () -- C:\Users\Daniel\defogger_reenable [2013.01.14 10:55:42 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.14 10:54:42 | 000,012,984 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys [2013.01.13 22:23:35 | 000,002,032 | ---- | M] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat [2013.01.13 22:17:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2188088278-3483027397-1906438238-1000UA.job [2013.01.13 21:19:43 | 000,058,880 | ---- | M] () -- C:\Users\Daniel\8394241.exe [2013.01.13 19:33:32 | 000,139,832 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013.01.13 19:33:21 | 000,281,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2013.01.13 19:24:24 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2013.01.13 17:17:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2188088278-3483027397-1906438238-1000Core.job [2013.01.12 10:27:26 | 001,604,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.11 20:08:33 | 000,699,366 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.11 20:08:33 | 000,655,528 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.11 20:08:33 | 000,156,690 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.11 20:08:33 | 000,128,542 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.04 21:35:02 | 000,028,160 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.04 21:34:55 | 002,093,613 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.wmv [2013.01.04 21:32:38 | 000,016,288 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.vf [2013.01.04 21:31:53 | 109,836,288 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.avi [2013.01.04 21:31:53 | 000,000,042 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.avi.sfl [2013.01.04 21:31:19 | 000,016,288 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.vf.bak [2013.01.04 21:12:50 | 000,089,232 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein.wmv.sfk [2013.01.04 21:07:34 | 012,578,955 | ---- | M] () -- C:\Users\Daniel\Documents\Ringen_klein.wmv [2013.01.01 19:36:36 | 000,003,345 | ---- | M] () -- C:\Users\Daniel\AppData\Local\recently-used.xbel [2012.12.30 14:06:04 | 000,000,991 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.30 14:05:48 | 000,000,961 | ---- | M] () -- C:\Users\Daniel\Desktop\Dropbox.lnk [2012.12.28 12:59:41 | 275,882,401 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.12.23 22:35:26 | 000,662,111 | ---- | M] () -- C:\Users\Daniel\Documents\Moler.jpg [2012.12.23 22:33:43 | 003,655,712 | ---- | M] () -- C:\Users\Daniel\Documents\IMG_1014.JPG [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.14 11:15:39 | 000,000,186 | ---- | C] () -- C:\Users\Daniel\defogger_reenable [2013.01.13 21:50:02 | 3220,164,608 | -HS- | C] () -- C:\hiberfil.sys [2013.01.13 21:20:08 | 000,000,004 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\skype.ini [2013.01.13 21:19:43 | 000,058,880 | ---- | C] () -- C:\Users\Daniel\8394241.exe [2013.01.04 21:34:19 | 002,093,613 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.wmv [2013.01.04 21:31:43 | 000,000,042 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.avi.sfl [2013.01.04 21:31:42 | 109,836,288 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.avi [2013.01.04 21:31:19 | 000,016,288 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.vf.bak [2013.01.04 21:31:19 | 000,016,288 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein_beta.vf [2013.01.04 21:12:39 | 000,089,232 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein.wmv.sfk [2013.01.04 20:57:31 | 012,578,955 | ---- | C] () -- C:\Users\Daniel\Documents\Ringen_klein.wmv [2013.01.01 19:36:36 | 000,003,345 | ---- | C] () -- C:\Users\Daniel\AppData\Local\recently-used.xbel [2012.12.23 22:34:13 | 000,662,111 | ---- | C] () -- C:\Users\Daniel\Documents\Moler.jpg [2012.12.23 22:26:26 | 003,655,712 | ---- | C] () -- C:\Users\Daniel\Documents\IMG_1014.JPG [2012.12.07 21:40:40 | 000,042,440 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2012.08.14 16:04:21 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012.07.03 21:48:36 | 000,054,704 | ---- | C] () -- C:\Users\Daniel\info.pdf [2012.05.27 12:30:58 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI [2012.05.27 12:21:52 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat [2012.05.20 09:27:47 | 000,605,033 | ---- | C] () -- C:\Users\Daniel\se2_ws2012_6_UML_Analyse.pdf [2012.05.20 09:27:39 | 000,505,341 | ---- | C] () -- C:\Users\Daniel\se2_ws2012_5_Projektplanung.pdf [2012.05.14 15:38:52 | 000,212,317 | ---- | C] () -- C:\Users\Daniel\CS_12-Exercise-2.pdf [2012.04.25 14:20:22 | 000,172,702 | ---- | C] () -- C:\Users\Daniel\RDP.pdf [2012.04.25 14:10:52 | 000,481,204 | ---- | C] () -- C:\Users\Daniel\Drucken_Vista.pdf [2012.04.23 18:42:45 | 000,143,430 | ---- | C] () -- C:\Users\Daniel\CS_12-Exercise-1.pdf [2012.04.19 16:52:52 | 000,051,077 | ---- | C] () -- C:\Users\Daniel\p01.pdf [2012.04.17 12:16:45 | 001,291,945 | ---- | C] () -- C:\Users\Daniel\HM1_Skript.pdf [2012.04.17 12:16:02 | 000,941,173 | ---- | C] () -- C:\Users\Daniel\se2_ws2012_2_Motivation.pdf [2012.04.17 12:07:54 | 000,040,868 | ---- | C] () -- C:\Users\Daniel\info_internet.pdf [2012.04.17 12:07:02 | 000,115,949 | ---- | C] () -- C:\Users\Daniel\saalübung01.pdf [2012.04.17 12:06:54 | 000,031,840 | ---- | C] () -- C:\Users\Daniel\grundwissen hm1.pdf [2012.04.13 18:57:53 | 000,053,066 | ---- | C] () -- C:\Users\Daniel\anti_memkey_jacky.jpg [2012.04.13 18:55:25 | 000,034,469 | ---- | C] () -- C:\Users\Daniel\anti_memkey.jpg [2012.04.13 18:52:37 | 000,011,648 | ---- | C] () -- C:\Users\Daniel\ludwig^^.jpg [2012.04.13 18:50:55 | 000,048,146 | ---- | C] () -- C:\Users\Daniel\memekey_partey_hard.jpg [2012.04.13 18:50:01 | 000,056,278 | ---- | C] () -- C:\Users\Daniel\memekey_gif.jpg [2012.04.13 18:48:18 | 000,047,401 | ---- | C] () -- C:\Users\Daniel\memekey_penis.jpg [2012.04.13 18:47:17 | 000,052,663 | ---- | C] () -- C:\Users\Daniel\memekey_bedroom.jpg [2012.04.13 18:45:43 | 000,058,047 | ---- | C] () -- C:\Users\Daniel\memekey_home.jpg [2012.04.13 18:44:25 | 000,051,160 | ---- | C] () -- C:\Users\Daniel\memekey_beer.jpg [2012.04.13 18:42:14 | 000,066,276 | ---- | C] () -- C:\Users\Daniel\memekey_waka.jpg [2012.04.13 18:14:22 | 000,091,530 | ---- | C] () -- C:\Users\Daniel\memekey_forgot.rar [2012.04.13 18:07:41 | 000,062,505 | ---- | C] () -- C:\Users\Daniel\memekey_forgot.jpg [2012.04.13 18:06:09 | 000,054,414 | ---- | C] () -- C:\Users\Daniel\memekey_trap.jpg [2012.03.29 23:04:35 | 000,039,583 | ---- | C] () -- C:\Users\Daniel\memekey_timmay.jpg [2012.03.29 23:03:48 | 000,052,347 | ---- | C] () -- C:\Users\Daniel\memekey_tintin.jpg [2012.03.29 23:00:09 | 000,053,386 | ---- | C] () -- C:\Users\Daniel\memekey_job.jpg [2012.03.29 22:58:02 | 000,052,633 | ---- | C] () -- C:\Users\Daniel\memekey_downs.jpg [2012.03.29 22:54:48 | 000,051,485 | ---- | C] () -- C:\Users\Daniel\memekey_allah.jpg [2012.03.29 22:51:48 | 000,052,428 | ---- | C] () -- C:\Users\Daniel\memekey_ass.jpg [2012.03.17 21:10:00 | 000,051,027 | ---- | C] () -- C:\Users\Daniel\memekey_hasenfuss.jpg [2012.03.17 21:00:39 | 000,059,503 | ---- | C] () -- C:\Users\Daniel\memekey_whazzzz.jpg [2012.03.17 20:59:41 | 000,062,599 | ---- | C] () -- C:\Users\Daniel\memekey_Spongebob.jpg [2012.03.15 21:58:30 | 000,051,606 | ---- | C] () -- C:\Users\Daniel\memekey_surprised.jpg [2012.03.15 21:57:09 | 000,055,726 | ---- | C] () -- C:\Users\Daniel\memekey_vacation.jpg [2012.03.15 13:21:57 | 000,067,201 | ---- | C] () -- C:\Users\Daniel\memekey_kamera.jpg [2012.03.15 13:16:05 | 000,033,257 | ---- | C] () -- C:\Users\Daniel\memekey_ohne.jpg [2012.03.14 21:07:13 | 000,063,939 | ---- | C] () -- C:\Users\Daniel\memekey.jpg [2012.03.14 20:59:32 | 000,009,846 | ---- | C] () -- C:\Users\Daniel\img-thing.jpg [2012.03.08 22:39:40 | 000,000,043 | ---- | C] () -- C:\Users\Daniel\qm.gif [2012.03.06 13:15:32 | 000,004,494 | ---- | C] () -- C:\Users\Daniel\.swfinfo [2012.02.20 15:11:22 | 000,066,458 | ---- | C] () -- C:\Users\Daniel\Zwischenklasur_Lösung.htm [2012.02.17 16:27:06 | 000,042,895 | ---- | C] () -- C:\Users\Daniel\ProMa_2009_April.pdf [2012.02.16 18:17:38 | 021,421,467 | ---- | C] () -- C:\Users\Daniel\zusammenfassung.pdf [2012.02.16 18:13:08 | 000,824,881 | ---- | C] () -- C:\Users\Daniel\klausurtipps.pdf [2012.02.14 10:42:48 | 000,187,546 | ---- | C] () -- C:\Users\Daniel\Vorlesungsinhalte.pdf [2012.02.10 10:57:56 | 001,335,643 | ---- | C] () -- C:\Users\Daniel\07-Steuerung.pdf [2012.02.10 10:09:49 | 002,005,012 | ---- | C] () -- C:\Users\Daniel\06-Planung.pdf [2012.02.01 17:45:00 | 000,278,813 | ---- | C] () -- C:\Users\Daniel\uebung14.lhv.pdf [2012.01.31 22:29:27 | 000,151,895 | ---- | C] () -- C:\Users\Daniel\internet-memes-rage-face-drinking-game.png [2012.01.29 15:58:41 | 000,039,099 | ---- | C] () -- C:\Users\Daniel\04.jpg [2012.01.29 15:53:48 | 001,990,702 | ---- | C] () -- C:\Users\Daniel\6.gif [2012.01.29 15:19:40 | 000,196,080 | ---- | C] () -- C:\Users\Daniel\6544345315_b103854b47_z.jpg [2012.01.29 15:19:37 | 000,020,419 | ---- | C] () -- C:\Users\Daniel\shoe_on_head_6.jpg [2012.01.29 15:00:34 | 000,058,925 | ---- | C] () -- C:\Users\Daniel\If you know what I mean..png [2012.01.24 16:52:26 | 000,035,908 | ---- | C] () -- C:\Users\Daniel\tumblr_lxje1ufTT41qzzdop.jpg [2012.01.24 16:00:04 | 000,197,516 | ---- | C] () -- C:\Users\Daniel\uebung13.lhv.pdf [2012.01.24 15:49:38 | 000,489,257 | ---- | C] () -- C:\Users\Daniel\uebung12.lhv.pdf [2012.01.23 14:55:24 | 000,378,550 | ---- | C] () -- C:\Users\Daniel\Unbenannt-1.psd [2012.01.23 14:55:09 | 000,053,653 | ---- | C] () -- C:\Users\Daniel\gutschein.jpg [2012.01.18 10:39:18 | 000,156,871 | ---- | C] () -- C:\Users\Daniel\400359_345313688814833_100000086130202_1318334_342874193_n.jpg [2012.01.17 15:08:27 | 000,097,696 | ---- | C] () -- C:\Users\Daniel\templatejava.pdf [2012.01.17 14:49:18 | 004,451,786 | ---- | C] () -- C:\Users\Daniel\proma-10.pdf [2012.01.17 14:48:16 | 002,839,858 | ---- | C] () -- C:\Users\Daniel\09-Qualitaetsmanagement.pdf [2012.01.11 16:20:32 | 000,058,880 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\skype.dat [2012.01.09 19:30:33 | 000,178,648 | ---- | C] () -- C:\Users\Daniel\Blatt10.pdf [2012.01.09 13:40:39 | 000,316,030 | ---- | C] () -- C:\Users\Daniel\scan0010.pdf [2012.01.09 13:22:02 | 000,199,320 | ---- | C] () -- C:\Users\Daniel\se32.pdf [2012.01.09 13:21:34 | 000,159,611 | ---- | C] () -- C:\Users\Daniel\se33.pdf [2012.01.08 23:44:11 | 005,278,584 | ---- | C] () -- C:\Users\Daniel\bollywood.gif [2012.01.08 23:40:17 | 000,510,434 | ---- | C] () -- C:\Users\Daniel\33.gif [2012.01.08 23:38:58 | 000,469,057 | ---- | C] () -- C:\Users\Daniel\19.gif [2012.01.08 23:36:33 | 001,316,008 | ---- | C] () -- C:\Users\Daniel\29_2.gif [2012.01.08 23:28:36 | 000,507,362 | ---- | C] () -- C:\Users\Daniel\29.gif [2012.01.04 13:28:10 | 000,118,238 | ---- | C] () -- C:\Users\Daniel\induktion.pdf [2012.01.03 17:07:02 | 001,587,963 | ---- | C] () -- C:\Users\Daniel\08-Unterstuetzende_Prozesse.pdf [2012.01.02 13:39:25 | 000,091,075 | ---- | C] () -- C:\Users\Daniel\The Tuthyiyx.png [2012.01.02 13:39:02 | 000,091,075 | ---- | C] () -- C:\Users\Daniel\The Tuthyiyx [2012.01.02 13:25:52 | 000,031,037 | ---- | C] () -- C:\Users\Daniel\you+know+it+s+true.+I+like+to+look+at+tags_84b9cc_3110520.jpg [2011.12.30 13:54:22 | 000,000,201 | ---- | C] () -- C:\Users\Daniel\.Xauthority [2011.12.18 19:15:44 | 000,329,238 | ---- | C] () -- C:\Users\Daniel\Blatt09.pdf [2011.12.15 21:08:50 | 000,143,122 | ---- | C] () -- C:\Users\Daniel\se41.pdf [2011.12.14 14:56:43 | 000,375,183 | ---- | C] () -- C:\Users\Daniel\proma-8.pdf [2011.12.14 10:01:14 | 000,177,092 | ---- | C] () -- C:\Users\Daniel\se44.pdf [2011.12.14 10:00:59 | 000,515,855 | ---- | C] () -- C:\Users\Daniel\se43.pdf [2011.12.13 15:28:38 | 000,211,367 | ---- | C] () -- C:\Users\Daniel\Blatt08.pdf [2011.11.30 16:23:14 | 002,188,448 | ---- | C] () -- C:\Users\Daniel\proma-6.pdf [2011.11.30 16:13:31 | 004,072,307 | ---- | C] () -- C:\Users\Daniel\05-Schaetzung.pdf [2011.11.30 11:26:55 | 000,180,850 | ---- | C] () -- C:\Users\Daniel\Blatt06.pdf [2011.11.24 15:59:52 | 001,285,048 | ---- | C] () -- C:\Users\Daniel\04-Projektorganisation.pdf [2011.11.24 15:59:06 | 005,213,444 | ---- | C] () -- C:\Users\Daniel\proma-5.pdf [2011.11.21 16:56:54 | 000,272,296 | ---- | C] () -- C:\Users\Daniel\Blatt05.pdf [2011.11.17 15:28:00 | 010,968,369 | ---- | C] () -- C:\Users\Daniel\proma-4.pdf [2011.11.16 11:51:49 | 001,204,056 | ---- | C] () -- C:\Users\Daniel\AS_Teil4.pdf [2011.11.16 11:23:55 | 000,369,979 | ---- | C] () -- C:\Users\Daniel\se31.pdf [2011.11.16 10:33:43 | 002,510,901 | ---- | C] () -- C:\Users\Daniel\ags_04.pdf [2011.11.13 11:07:24 | 000,169,295 | ---- | C] () -- C:\Users\Daniel\Blatt04.pdf [2011.11.13 10:57:32 | 000,102,933 | ---- | C] () -- C:\Users\Daniel\blatt_4.pdf [2011.11.11 22:36:08 | 000,092,685 | ---- | C] () -- C:\Users\Daniel\vereinbarung16.pdf [2011.11.09 15:27:45 | 002,189,657 | ---- | C] () -- C:\Users\Daniel\03-Projektverlauf.pdf [2011.11.09 15:27:36 | 001,770,343 | ---- | C] () -- C:\Users\Daniel\02-Gegenstand_von_SW-Projekten.pdf [2011.11.09 10:10:34 | 000,393,630 | ---- | C] () -- C:\Users\Daniel\uebungsblatt.pdf [2011.11.09 10:08:00 | 003,646,411 | ---- | C] () -- C:\Users\Daniel\proma-3.pdf [2011.11.09 10:06:32 | 002,254,743 | ---- | C] () -- C:\Users\Daniel\uebung.pdf [2011.11.07 15:35:35 | 012,243,067 | ---- | C] () -- C:\Users\Daniel\ags_03.pdf [2011.11.07 14:14:26 | 000,089,907 | ---- | C] () -- C:\Users\Daniel\blatt_3.pdf [2011.10.31 16:52:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011.10.23 10:24:43 | 000,000,680 | RHS- | C] () -- C:\Users\Daniel\ntuser.pol [2011.10.08 19:42:55 | 001,660,844 | ---- | C] () -- C:\Users\Daniel\ts3_recording_11_10_08_20_42_52.wav [2011.10.07 16:14:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.10.07 16:13:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.10.07 16:00:39 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.09.24 02:17:48 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2011.09.23 21:15:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll [2011.09.20 09:51:13 | 000,001,100 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d8caps.dat [2011.09.15 13:18:21 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.09.12 21:31:03 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2011.09.07 10:45:20 | 000,721,964 | ---- | C] () -- C:\Users\Daniel\ts3_recording_11_09_07_11_45_18.wav [2011.08.17 20:48:44 | 000,237,701 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.07.19 14:57:05 | 001,146,156 | ---- | C] () -- C:\Users\Daniel\ts3_recording_11_07_19_15_57_2.wav [2011.07.05 19:39:05 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys [2011.06.03 20:46:52 | 000,000,094 | ---- | C] () -- C:\Users\Daniel\AppData\Local\fusioncache.dat [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.29 17:34:22 | 000,139,832 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.03.29 17:34:22 | 000,138,056 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\PnkBstrK.sys [2011.03.29 17:33:59 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini [2011.03.20 14:12:30 | 000,281,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.03.20 14:12:28 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.03.05 23:33:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011.03.05 14:28:40 | 000,290,797 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\minecraft_name.jar [2011.03.05 14:28:40 | 000,232,501 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Minecraft.exe [2011.03.05 14:28:40 | 000,051,765 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Minecraft.jar [2011.03.05 14:28:40 | 000,000,133 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\zan.settings [2011.03.05 14:28:40 | 000,000,008 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\lastlogin [2011.02.11 17:48:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.15 18:42:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.01.15 13:11:57 | 000,028,160 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.14 21:51:07 | 000,002,032 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.02.08 15:20:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\.minecraft [2011.10.14 10:34:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\2K Sports [2011.07.05 19:43:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\AnvSoft [2012.12.20 17:06:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ashampoo [2012.02.25 21:34:46 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Babylon [2012.02.12 19:50:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BigHugeEngine [2011.01.17 14:34:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\bin [2011.07.25 14:23:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Chirurgie Simulation [2011.10.17 14:40:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Clonk [2011.10.17 15:01:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Clonk Rage [2011.01.15 16:53:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite [2012.12.27 17:43:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Pro [2011.06.16 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DeepBurner [2013.01.14 10:56:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dropbox [2011.09.13 15:35:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoft [2011.01.17 14:36:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.11 19:22:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Free Download Manager [2011.08.19 09:47:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GameRanger [2012.04.04 22:02:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo [2011.11.13 15:05:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ghc [2013.01.14 10:53:10 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\go [2012.09.20 17:06:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ [2011.01.15 17:10:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech [2011.01.17 17:32:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Local [2011.02.08 19:40:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient [2012.05.24 10:14:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient2 [2011.01.31 14:21:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ManyCam [2011.01.17 14:34:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\minecraft_name_src [2011.02.07 16:04:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\NeatImage SL [2011.01.15 15:27:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Octoshape [2011.01.20 14:53:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org [2011.06.18 20:42:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Opera [2012.08.09 10:48:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Origin [2011.03.12 10:47:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PACE Anti-Piracy [2011.08.31 16:32:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Publish Providers [2011.03.20 14:12:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PunkBuster [2011.01.17 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\resources [2011.08.31 12:34:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Rovio [2011.01.17 14:34:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\saves [2012.07.23 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\six-updater [2012.07.23 15:19:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\six-zsync [2011.05.04 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Softpark [2011.08.31 16:32:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Sony [2012.04.03 09:26:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SplitMediaLabs [2013.01.04 21:59:57 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Spotify [2011.04.16 19:48:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\StreamTorrent [2012.08.27 12:40:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\temp [2011.01.03 16:32:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\texturepacks [2011.05.23 08:15:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\The Creative Assembly [2011.06.28 09:27:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird [2012.01.04 15:18:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Trine2 [2012.06.23 10:05:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TS3Client [2011.12.29 19:41:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Tunngle [2011.07.03 19:05:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2012.01.06 23:06:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ubisoft [2011.03.12 10:51:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Unity [2011.09.30 10:50:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Updates [2012.07.23 14:31:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\X-Chat 2 [2012.02.10 14:36:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\XMedia Recode [2012.07.15 10:14:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\yWorks [2011.10.27 19:27:08 | 000,000,000 | ---D | M] -- C:\Users\Uni\AppData\Roaming\ICQ [2011.10.26 12:09:42 | 000,000,000 | ---D | M] -- C:\Users\Uni\AppData\Roaming\OpenOffice.org [2011.10.23 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Uni\AppData\Roaming\Opera ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C8B8CEBD < End of report > Leider musste ich den GMER abbrechen und ist zulange um ihn zu posten befindet sich aber im Anhang mfg MoNeY |
| Themen zu GVU auf Vista ; kein zugriff auf abgesischtern Modus! |
| adblock, adobe, antivirus, babylontoolbar, bho, bingbar, bonjour, converter, cs3, cs3/contributeieplugin.dll, defender, downloader, error, eset nod32, firefox, flash player, format, free download, google, gvu- trojaner, home, installation, launch, logfile, mozilla, mp3, object, openvpn, plug-in, realtek, registry, security, server, software, spotify web helper, vista, winload toolbar |
Baum-Darstellung