Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.04.2013, 20:45   #1
DerAmpelmeis
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



Folgendes:

Ich wollte den Taskmgr starten (mit dem 3 Tastengriff "Strg+Shift+Esc"), aber er startete nicht und ich probierte es dann noch mal mit Strg+Alt+Entf und der "Task-Manager" wurde mir nicht angezeigt (also die fläche zum starten) und dann hab ich es über die CMD probiert und da kam die folgende meldung:

Der Task-Manager wurde durch den Administrator deaktiviert.

Da dachte ich mir da stimmt etwas nicht und habe mir gedacht meine Exe´n wurden "enführt", also startete ich eine datei die ich mir angelegt hatte wo folgendes drinne steht (es ist eine .reg datei mit dem inhalt):

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids]
"exefile"=hex(0):


Aber dann kam die meldung:

Das Bearbeiten der Registrierung wurde durch den Administrator deaktiviert.

Ich habe mich dann auch erkundigt und es wurde HijackThis vorgeschlagen und ich habe es scannen lassen und kam zu diesem Ergebniss:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:02:30, on 29.04.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Users\***\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe
C:\Users\***\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ExpressFiles\EFupdater.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\WinArchiver\WAHELPER.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\***\Desktop\HijackThis.exe
C:\Users\***\Desktop\***\SecurityTaskManager_Setup.exe
C:\Users\***\Desktop\HijackThis.exe
C:\Users\***\AppData\Local\Temp\WZSE0.TMP\setup.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Softonic-de Toolbar - {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll
R3 - URLSearchHook: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll
R3 - URLSearchHook: BrotherSoft Extreme  Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll
R3 - URLSearchHook: InnoGames Toolbar - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll
R3 - URLSearchHook: express-files Toolbar - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll
O2 - BHO: Winload - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll
O2 - BHO: DealScout - {467013BB-D67E-45BE-A7D7-C29E3CCA8AAD} - C:\Program Files (x86)\DealScout\dealscout.dll
O2 - BHO: BrotherSoft Extreme  - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll
O2 - BHO: Softonic-de - {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: express-files - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Results Toolbar - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: SearchCore for Browsers - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: InnoGames - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll
O2 - BHO: Yolobar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\yolobartb\yolobarDx.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
O2 - BHO: icqBHO - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll
O3 - Toolbar: Softonic-de Toolbar - {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll
O3 - Toolbar: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll
O3 - Toolbar: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll
O3 - Toolbar: Hyperionics DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
O3 - Toolbar: BrotherSoft Extreme  Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: InnoGames Toolbar - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll
O3 - Toolbar: express-files Toolbar - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll
O3 - Toolbar: Search Results Toolbar - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll
O3 - Toolbar: Yolobar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\yolobartb\yolobarDx.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WAHELPER.EXE] "C:\Program Files (x86)\WinArchiver\WAHELPER.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\***\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Phrozen Mon_KP] "C:\Users\***\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe" /h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-694020154-2073930874-1152709320-1010\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-694020154-2073930874-1152709320-1010\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: tbhcn.lnk = ***\AppData\Roaming\BrowserCompanion\tbhcn.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Casino Action - Š - C:\Microgaming\Casino\CasinoAction\casinogame.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WinArchiver Service - Unknown owner - C:\Program Files (x86)\WinArchiver\WAService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yontoo Desktop Updater - Unknown owner - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (file missing)

--
End of file - 22610 bytes
         
--- --- ---
(Damit weiß ich nix anzufangen)

Ich hab auch noch einen Kompletten Systemscann vorgenommen (Symatec Norton) aber da kam auch nix raus.

Mir wurde auch noch das Programm MBAM empfohlen, aber da ich es irgendwie nicht hinbekomme es runterzuladen (finde den DL-Link nicht) weiß ich jetzt auch nicht mehr weiter und brauche hilfe.

Danke im vorraus.

Mfg DerAmpelmeis

Alt 29.04.2013, 21:03   #2
aharonov
/// TB-Ausbilder
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



Hi,

Zitat:
(Damit weiß ich nix anzufangen)
Ich auch nicht..
Hijackthis ist für dein 64-bit Windows unbrauchbar. Mach stattdessen bitte das:
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.
__________________

__________________

Alt 29.04.2013, 21:10   #3
DerAmpelmeis
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



Soll ich sie einfach hier drunter machen oder einen extra Thread dafür anlegen? (bzw diesen hier editieren)
__________________

Alt 29.04.2013, 21:12   #4
aharonov
/// TB-Ausbilder
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



Poste die Logs einfach gesammelt hier in deiner nächsten Antwort in diesen Thread, wenn du alle Schritte erledigt hast.
__________________
cheers,
Leo

Alt 30.04.2013, 14:51   #5
DerAmpelmeis
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



Hier sind alle erforderlichen dateien drinne:

Anhang 53765


Alt 30.04.2013, 15:23   #6
aharonov
/// TB-Ausbilder
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



Kannst du bitte die Logfiles nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].
Danke.
__________________
--> Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.

Alt 30.04.2013, 15:31   #7
DerAmpelmeis
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



OTL:

Code:
ATTFilter
OTL logfile created on: 29.04.2013 21:55:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 41,27% Memory free
7,73 Gb Paging File | 5,24 Gb Available in Paging File | 67,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923,02 Gb Total Space | 338,06 Gb Free Space | 36,63% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.29 21:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.04.29 19:00:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HijackThis.exe
PRC - [2013.04.25 18:47:26 | 000,200,952 | ---- | M] (hxxp://www.express-files.com/) -- C:\Program Files (x86)\ExpressFiles\EFupdater.exe
PRC - [2013.04.16 09:51:12 | 000,202,264 | ---- | M] () -- C:\Program Files (x86)\WinArchiver\WAService.exe
PRC - [2013.04.16 09:51:10 | 000,480,792 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\WinArchiver\WAHELPER.EXE
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.04.03 06:57:20 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013.03.24 18:34:11 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013.03.06 03:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.02.23 20:16:58 | 001,297,728 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013.02.23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe
PRC - [2012.06.28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
PRC - [2011.10.25 15:52:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.10.02 13:15:02 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.19 04:00:32 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.19 04:00:28 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013.04.09 10:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013.04.03 06:57:20 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013.02.14 01:13:20 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.02.14 01:12:55 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 20:23:54 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll
MOD - [2013.01.10 20:23:54 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll
MOD - [2013.01.09 20:46:06 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 20:45:30 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 20:45:15 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.09 20:45:07 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 20:45:00 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 20:44:55 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 20:44:25 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.04.16 09:51:12 | 000,202,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WinArchiver\WAService.exe -- (WinArchiver Service)
SRV - [2013.04.12 13:45:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.25 20:59:56 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.03.13 19:52:50 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.06 03:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012.04.19 22:23:38 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2011.10.25 15:52:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011.04.24 22:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.21 16:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.19 04:00:32 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.19 04:00:28 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.11.06 22:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.16 09:51:14 | 000,140,184 | ---- | M] (Power Software Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\waemu.sys -- (waemu)
DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.05 21:11:22 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.11.09 16:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012.11.09 16:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.28 13:18:18 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.07.06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.06.07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.05.22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.04.18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.04.18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.02.07 19:04:33 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41)
DRV:64bit: - [2012.02.01 03:31:00 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.25 20:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011.03.21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2011.03.21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.30 15:02:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
DRV:64bit: - [2009.06.23 09:38:20 | 003,531,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.11.06 22:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2006.08.27 09:59:12 | 000,031,744 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV - [2013.04.13 01:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130412.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.02.16 17:52:27 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130429.004\ex64.sys -- (NAVEX15)
DRV - [2013.02.16 17:52:27 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.02.16 17:52:27 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130429.004\eng64.sys -- (NAVENG)
DRV - [2013.01.19 15:03:03 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.09.01 02:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130426.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.02.03 00:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2011.03.21 16:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{83E494DD-FE42-4181-BB47-AC5D274584D7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8B8F841D-FD9F-446C-B2C0-F7D848F86F9C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {8B8F841D-FD9F-446C-B2C0-F7D848F86F9C}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=114170&tt=3412_7&babsrc=SP_iclro&mntrId=58116d7f00000000000000ffc87041b5
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{8B8F841D-FD9F-446C-B2C0-F7D848F86F9C}: "URL" = hxxp://www.bing.com/search?FORM=MNMTDF&PC=MANM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9F3CE6DD-69A6-4470-8115-321F3EAF8250}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=16552&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=4035421714594355&p2=^A9T^YYYYYY^YY^DE&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2682599&SearchSource=13&CUI=SB_CUI"
FF - prefs.js..extensions.enabledAddons: %7B26DDE423-F085-4b2d-893B-BF98C9FAD0CF%7D:1.4
FF - prefs.js..extensions.enabledAddons: info%40convert2mp3.net:2.2
FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7BC3949AC2-4B17-43ee-B4F1-D26B9D42404D%7D:15.0.5
FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: iobit%40mybrowserbar.com:7.0
FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.8
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.2
FF - prefs.js..extensions.enabledAddons: %7Bc7478d43-2bd5-4844-98b8-c2a6aa9ed677%7D:10.15.2.523
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 4
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\***\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.19 13:05:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.07.28 13:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.04.29 18:44:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.11 19:28:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.03.24 18:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.03.24 18:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 13:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:45:07 | 000,000,000 | ---D | M]
 
[2012.07.29 12:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.26 20:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions
[2012.12.18 15:31:48 | 000,000,000 | ---D | M] (Online video Converter) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\{26DDE423-F085-4b2d-893B-BF98C9FAD0CF}
[2013.04.19 12:22:54 | 000,000,000 | ---D | M] (InnoGames) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
[2013.03.24 18:43:19 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2013.03.24 18:42:50 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\plugin@yontoo.com
[2013.02.21 13:35:43 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\exif_viewer@mozilla.doslash.org.xpi
[2013.01.20 14:26:26 | 000,043,066 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\info@convert2mp3.net.xpi
[2013.04.26 20:01:10 | 000,658,566 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi
[2013.04.16 19:33:53 | 000,382,710 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\jid1-aPwS0JCl36iLkQ@jetpack.xpi
[2013.04.15 14:48:01 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.03.24 18:39:40 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.02.14 16:21:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.21 13:10:15 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.02.28 19:06:02 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.04.14 12:11:31 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2013.04.12 13:45:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.04.06 14:17:28 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES (X86)\IOBIT TOOLBAR\FF
[2012.07.11 19:28:54 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2013.03.24 18:35:18 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013.04.12 13:45:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2013.03.24 18:34:22 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.02.28 14:04:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.10 17:12:26 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
[2012.08.23 12:46:28 | 000,006,531 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.30 17:03:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.28 14:04:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.28 14:04:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.30 23:02:14 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml
[2012.07.29 12:07:18 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012.02.28 14:04:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.28 14:04:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Plus! Network (Enabled)
CHR - default_search_provider: search_url = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: AppUp (Enabled) = C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\***\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Browser Companion Helper = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: IClaro = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff\1.0_0\
CHR - Extension: DealPly = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: RealDownloader = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: express-files = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh\2.3.4.2_0\
CHR - Extension: SweetIM for Facebook = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: PricePeep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.355.0_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Norton Identity Protection = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: BrotherSoft Extreme = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj\2.2.0.5_0\
CHR - Extension: Winload = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\2.0.1.4_0\
CHR - Extension: ICQ Sparberater = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.2.662_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Browser Companion Helper = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: IClaro = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff\1.0_0\
CHR - Extension: DealPly = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: RealDownloader = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: express-files = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh\2.3.4.2_0\
CHR - Extension: SweetIM for Facebook = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: PricePeep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.355.0_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Norton Identity Protection = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: BrotherSoft Extreme = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj\2.2.0.5_0\
CHR - Extension: Winload = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\2.0.1.4_0\
CHR - Extension: ICQ Sparberater = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.2.662_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\BROWSE~1.DLL (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (DealScout) - {467013BB-D67E-45BE-A7D7-C29E3CCA8AAD} - C:\Program Files (x86)\DealScout\dealscout.dll (DealScout)
O2 - BHO: (BrotherSoft Extreme  Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Softonic-de Toolbar) - {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (express-files Toolbar) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll (Conduit Ltd.)
O2 - BHO: (Search Results Toolbar) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (InnoGames Toolbar) - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll (Conduit Ltd.)
O2 - BHO: (Yolobar) - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\yolobartb\yolobarDx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll ()
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme  Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic-de Toolbar) - {6b9c3e37-fcbd-4834-a71a-fa45c106a001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (express-files Toolbar) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (InnoGames Toolbar) - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yolobar) - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\yolobartb\yolobarDx.dll ()
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-de Toolbar) - {6B9C3E37-FCBD-4834-A71A-FA45C106A001} - C:\Program Files (x86)\Softonic-de\prxtbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (InnoGames Toolbar) - {C7478D43-2BD5-4844-98B8-C2A6AA9ED677} - C:\Program Files (x86)\InnoGames\prxtbInno.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WAHELPER.EXE] C:\Program Files (x86)\WinArchiver\WAHELPER.EXE (Power Software Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Phrozen Mon_KP] "C:\Users\***\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe" /h File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACC33D24-B72F-4CE3-B4FE-3ECF51F39C7C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.29 21:51:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.04.29 19:08:21 | 003,980,324 | ---- | C] (Phrozen ® Software 2012.                                    ) -- C:\Users\***\Desktop\PhrozenKeyloggerLite1-0R2_setup.exe
[2013.04.29 19:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.04.29 19:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013.04.29 19:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013.04.29 19:00:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HijackThis.exe
[2013.04.28 11:01:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PhrozenSoft
[2013.04.28 11:01:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phrozen Keylogger Lite
[2013.04.28 11:01:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.04.27 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.25 13:11:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix5
[2013.04.24 19:18:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Info
[2013.04.24 16:01:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix4
[2013.04.24 15:28:10 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix3
[2013.04.24 14:22:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDustepMix2
[2013.04.24 14:00:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix
[2013.04.22 18:48:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Skrillex
[2013.04.20 16:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
[2013.04.20 16:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker
[2013.04.20 16:03:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner (2)
[2013.04.20 15:55:39 | 000,000,000 | ---D | C] -- C:\Users***\AppData\Roaming\WinArchiver
[2013.04.20 15:50:23 | 000,140,184 | ---- | C] (Power Software Ltd) -- C:\windows\SysNative\drivers\waemu.sys
[2013.04.20 15:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinArchiver
[2013.04.20 15:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinArchiver
[2013.04.13 09:26:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wifite
[2013.04.12 13:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.08 19:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.07 21:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
[2013.04.07 16:07:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.terasology
[2013.04.06 16:35:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Minecraft Version Changer
[2013.04.06 13:51:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Firefox Portable v.23
[2013.04.03 03:59:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Counter-Strike 1.6 - LAN
[2013.04.03 00:46:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Warcraft III
[2013.04.02 21:44:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DIE SIEDLER - DEdK
[2013.04.01 11:53:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\PSP
[9 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.29 21:54:17 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.04.29 21:53:00 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.04.29 21:52:50 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.04.29 21:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.04.29 21:50:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.04.29 21:16:08 | 000,001,146 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-694020154-2073930874-1152709320-1001UA.job
[2013.04.29 21:01:02 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.29 19:00:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HijackThis.exe
[2013.04.29 18:52:03 | 000,009,696 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 18:52:03 | 000,009,696 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 18:51:44 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.29 18:43:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.04.29 18:43:26 | 3113,865,216 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.29 18:16:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-694020154-2073930874-1152709320-1001Core.job
[2013.04.29 17:58:42 | 005,469,414 | ---- | M] () -- C:\Users\***\Desktop\teaser-for-an-anime-tradition-episode.jpg
[2013.04.28 17:29:48 | 000,000,456 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for ***.job
[2013.04.28 15:53:04 | 001,652,184 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.04.28 15:53:04 | 000,710,530 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.04.28 15:53:04 | 000,664,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.04.28 15:53:04 | 000,154,462 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.04.28 15:53:04 | 000,126,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.04.28 15:00:49 | 003,297,456 | ---- | M] () -- C:\Users\***\Desktop\RICHTER & SHOX - BEWEG DICH [HD OFFICIAL VIDEO] (LYRICS).mp3
[2013.04.26 21:45:53 | 004,143,039 | ---- | M] () -- C:\Users\***\Desktop\Wiz Khalifa - Let It Go feat. Akon NEW VIDEO 2013.mp3.mp3
[2013.04.25 18:47:28 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Express Files.lnk
[2013.04.25 13:09:49 | 012,897,560 | ---- | M] () -- C:\Users\***\Desktop\MyOwnDubstepMix5.mp3
[2013.04.24 21:12:53 | 003,062,561 | ---- | M] () -- C:\Users\***\Desktop\Kollegah - Mondfinsternis (Official HD Video).mp3
[2013.04.24 13:57:30 | 000,656,973 | ---- | M] () -- C:\Users\***\Desktop\173119.jpg
[2013.04.21 15:15:21 | 003,314,156 | ---- | M] () -- C:\Users\***\Desktop\AHMED - Du weißt-Kopffickerexclusive (Beat by DOPETONES and T-MAN).MP3
[2013.04.20 15:50:25 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\WinArchiver.lnk
[2013.04.17 21:24:07 | 003,107,702 | ---- | M] () -- C:\Users\***\Desktop\4tune - Splash Qualifikation 2013 (prod. by Hookbeats & Sadikbeatz).mp3
[2013.04.17 15:28:22 | 002,375,020 | ---- | M] () -- C:\Users\***\Desktop\DER ASIATE UND DIE REIMEBUDE JULIENSÖHNE (BACKSPIN TV EXCLUSIVE).mp3
[2013.04.16 09:51:14 | 000,140,184 | ---- | M] (Power Software Ltd) -- C:\windows\SysNative\drivers\waemu.sys
[2013.04.11 13:54:55 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013.04.11 12:27:32 | 000,271,064 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.04.09 21:10:55 | 000,260,956 | ---- | M] () -- C:\Users\***\Desktop\FPSBild.jpg
[2013.04.08 19:16:43 | 000,000,000 | ---- | M] () -- C:\cookies.sqlite
[2013.04.07 21:18:08 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\osu!.lnk
[2013.04.07 14:44:19 | 000,001,460 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2013.04.05 21:57:47 | 180,398,760 | ---- | M] () -- C:\Users\***\Desktop\Best Dubstep mix 2012 (New Free Download Songs, 2 Hours, Complete playlist, High audio quality).MP3
[2013.04.05 20:32:26 | 002,389,648 | ---- | M] () -- C:\Users\***\Desktop\JBB 2013 - Chosen (Qualifikation).mp3
[2013.04.04 23:07:14 | 009,562,273 | ---- | M] () -- C:\Users\\Desktop\06 - Exochrist.mp3
[2013.04.03 03:07:08 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013.04.03 03:07:08 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013.04.02 21:44:17 | 000,002,823 | ---- | M] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Nebelreich spielen.lnk
[2013.04.02 21:44:17 | 000,002,823 | ---- | M] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Legenden spielen.lnk
[2013.04.02 21:44:16 | 000,002,694 | ---- | M] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige - Gold Edition.lnk
[2013.04.02 15:34:35 | 003,056,711 | ---- | M] () -- C:\Users\***\Desktop\RICHTER - JULIAS BLOG [OFFICIAL VIDEO HD] 2013 (Juliensblog Diss).mp3
[2013.03.31 22:01:25 | 003,092,238 | ---- | M] () -- C:\Users\***\Desktop\JBB 2013 - Cashisclay (Qualifikation).mp3
[9 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.29 21:54:17 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.04.29 21:52:53 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.04.29 21:52:49 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.04.29 17:57:49 | 005,469,414 | ---- | C] () -- C:\Users\***\Desktop\teaser-for-an-anime-tradition-episode.jpg
[2013.04.28 15:00:40 | 003,297,456 | ---- | C] () -- C:\Users\***\Desktop\RICHTER & SHOX - BEWEG DICH [HD OFFICIAL VIDEO] (LYRICS).mp3
[2013.04.26 21:45:36 | 004,143,039 | ---- | C] () -- C:\Users\***\Desktop\Wiz Khalifa - Let It Go feat. Akon NEW VIDEO 2013.mp3.mp3
[2013.04.25 13:09:14 | 012,897,560 | ---- | C] () -- C:\Users\***\Desktop\MyOwnDubstepMix5.mp3
[2013.04.24 21:04:41 | 003,062,561 | ---- | C] () -- C:\Users\***\Desktop\Kollegah - Mondfinsternis (Official HD Video).mp3
[2013.04.24 13:57:28 | 000,656,973 | ---- | C] () -- C:\Users\***\Desktop\173119.jpg
[2013.04.21 15:14:49 | 003,314,156 | ---- | C] () -- C:\Users\***\Desktop\AHMED - Du weißt-Kopffickerexclusive (Beat by DOPETONES and T-MAN).MP3
[2013.04.20 19:37:16 | 006,410,985 | ---- | C] () -- C:\Users\***\Desktop\matryoshka.mp3
[2013.04.20 15:50:25 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\WinArchiver.lnk
[2013.04.17 21:23:54 | 003,107,702 | ---- | C] () -- C:\Users\***\Desktop\4tune - Splash Qualifikation 2013 (prod. by Hookbeats & Sadikbeatz).mp3
[2013.04.17 15:28:15 | 002,375,020 | ---- | C] () -- C:\Users\***\Desktop\DER ASIATE UND DIE REIMEBUDE JULIENSÖHNE (BACKSPIN TV EXCLUSIVE).mp3
[2013.04.11 13:54:55 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013.04.11 13:13:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.04.09 21:09:58 | 000,260,956 | ---- | C] () -- C:\Users\***\Desktop\FPSBild.jpg
[2013.04.08 19:16:43 | 000,000,000 | ---- | C] () -- C:\cookies.sqlite
[2013.04.07 21:18:06 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\osu!.lnk
[2013.04.07 14:44:19 | 000,001,460 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2013.04.06 14:25:28 | 009,562,273 | ---- | C] () -- C:\Users\***\Desktop\06 - Exochrist.mp3
[2013.04.05 20:55:40 | 180,398,760 | ---- | C] () -- C:\Users\***\Desktop\Best Dubstep mix 2012 (New Free Download Songs, 2 Hours, Complete playlist, High audio quality).MP3
[2013.04.05 20:32:19 | 002,389,648 | ---- | C] () -- C:\Users\***\Desktop\JBB 2013 - Chosen (Qualifikation).mp3
[2013.04.03 03:07:08 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013.04.03 03:07:08 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013.04.02 21:44:17 | 000,002,823 | ---- | C] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Legenden spielen.lnk
[2013.04.02 21:44:16 | 000,002,823 | ---- | C] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Nebelreich spielen.lnk
[2013.04.02 21:44:16 | 000,002,694 | ---- | C] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige - Gold Edition.lnk
[2013.04.02 15:34:27 | 003,056,711 | ---- | C] () -- C:\Users\***\Desktop\RICHTER - JULIAS BLOG [OFFICIAL VIDEO HD] 2013 (Juliensblog Diss).mp3
[2013.03.31 22:01:17 | 003,092,238 | ---- | C] () -- C:\Users\***\Desktop\JBB 2013 - Cashisclay (Qualifikation).mp3
[2013.02.19 20:25:05 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.01.07 16:53:22 | 000,000,350 | ---- | C] () -- C:\windows\doom3.ini
[2012.07.25 18:49:44 | 000,000,079 | ---- | C] () -- C:\windows\iPlayer.INI
[2012.07.18 19:13:57 | 000,008,704 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.08 21:29:06 | 000,002,180 | ---- | C] () -- C:\Users\***\.lmmsrc.xml
[2012.05.20 13:15:11 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\Access.dat
[2012.05.10 17:16:37 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2012.04.23 18:10:36 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012.03.13 18:39:29 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI
[2011.12.06 21:27:03 | 000,069,632 | R--- | C] () -- C:\windows\SysWow64\xmltok.dll
[2011.12.06 21:27:03 | 000,036,864 | R--- | C] () -- C:\windows\SysWow64\xmlparse.dll
[2011.11.07 18:44:14 | 000,000,095 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2011.10.27 17:16:58 | 000,007,599 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.10.25 15:52:37 | 000,111,928 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011.10.25 15:52:30 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\windows\SysWow64\bdmpegv.dll
[2011.09.15 07:12:41 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{E7D498F8-7C09-4345-B848-23C9A1D8D55D}
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.02.18 19:14:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2003.06.26 15:22:54 | 000,033,196 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\Core.u
[2003.06.26 15:22:56 | 000,776,809 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\Echelon.u
[2003.06.26 15:22:58 | 000,034,699 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonCharacter.u
[2003.06.26 15:23:00 | 000,076,420 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonEffect.u
[2003.06.26 15:23:02 | 000,028,145 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonGameObject.u
[2003.06.26 15:23:04 | 000,095,881 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonHUD.u
[2003.06.26 15:23:06 | 000,342,081 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonIngredient.u
[2003.06.26 15:23:10 | 000,358,185 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonMenus.u
[2003.06.26 15:23:12 | 000,515,391 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\EchelonPattern.u
[2003.06.26 15:23:16 | 001,111,570 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\Engine.u
[2003.06.26 15:23:20 | 000,374,875 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-694020154-2073930874-1152709320-1001\$R0XBJPP\Ubi Soft\Splinter Cell\system\UWindow.u
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.29 18:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2013.04.07 16:07:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.terasology
[2013.04.28 15:00:52 | 000,000,000 | ---D | M] -- C:\Users***\\AppData\Roaming\Audacity
[2012.07.28 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BANDISOFT
[2011.10.28 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations
[2013.04.29 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BrowserCompanion
[2011.06.23 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.socialbox.socialbox
[2012.01.14 15:19:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2013.01.07 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.12.21 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2012.09.16 15:08:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.03.23 21:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.10 12:17:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ExpressFiles
[2012.07.29 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeScreenToVideo
[2011.10.28 12:58:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.12.14 20:18:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.01.24 23:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HomebrewStore Downloader
[2012.08.23 12:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IClaro
[2012.04.18 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.11.03 17:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ijjigame
[2011.10.09 21:26:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2012.06.01 21:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit
[2011.10.28 13:56:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.11.06 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2013.04.11 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Minecraft Version Changer
[2013.03.07 20:58:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.10.07 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World
[2012.06.13 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2012.01.04 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.06.13 18:07:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2013.03.17 14:01:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.07.19 17:53:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2013.03.09 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.09.12 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2013.04.28 11:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhrozenSoft
[2011.02.17 12:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PriceGong
[2013.04.24 21:37:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2013.02.16 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz
[2011.12.20 21:52:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz Help
[2013.02.25 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia
[2013.01.21 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.10.10 19:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TechSmith
[2011.10.19 18:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds
[2011.04.14 20:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2013.04.22 15:21:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.05.20 13:15:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle
[2012.01.24 23:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net
[2013.04.20 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinArchiver
[2012.08.29 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.10.10 17:36:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark
[2012.02.07 19:04:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XLink Kai
[2013.04.25 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\
[2013.04.29 18:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2013.04.07 16:07:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.terasology
[2013.04.28 15:00:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.07.28 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BANDISOFT
[2011.10.28 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations
[2013.04.29 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BrowserCompanion
[2011.06.23 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.socialbox.socialbox
[2012.01.14 15:19:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2013.01.07 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.12.21 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2012.09.16 15:08:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.03.23 21:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.10 12:17:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ExpressFiles
[2012.07.29 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeScreenToVideo
[2011.10.28 12:58:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.12.14 20:18:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.01.24 23:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HomebrewStore Downloader
[2012.08.23 12:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IClaro
[2012.04.18 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.11.03 17:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ijjigame
[2011.10.09 21:26:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2012.06.01 21:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit
[2011.10.28 13:56:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.11.06 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2013.04.11 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Minecraft Version Changer
[2013.03.07 20:58:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.10.07 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World
[2012.06.13 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2012.01.04 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.06.13 18:07:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2013.03.17 14:01:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.07.19 17:53:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2013.03.09 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.09.12 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2013.04.28 11:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhrozenSoft
[2011.02.17 12:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PriceGong
[2013.04.24 21:37:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2013.02.16 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz
[2011.12.20 21:52:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz Help
[2013.02.25 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia
[2013.01.21 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.10.10 19:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TechSmith
[2011.10.19 18:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds
[2011.04.14 20:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2013.04.22 15:21:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.05.20 13:15:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle
[2012.01.24 23:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net
[2013.04.20 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinArchiver
[2012.08.29 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.10.10 17:36:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark
[2012.02.07 19:04:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XLink Kai
[2013.04.25 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yontoo
 [2013.04.29 18:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2013.04.07 16:07:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.terasology
[2013.04.28 15:00:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.07.28 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BANDISOFT
[2011.10.28 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations
[2013.04.29 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BrowserCompanion
[2011.06.23 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.socialbox.socialbox
[2012.01.14 15:19:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2013.01.07 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.12.21 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2012.09.16 15:08:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.03.23 21:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.10 12:17:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ExpressFiles
[2012.07.29 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeScreenToVideo
[2011.10.28 12:58:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.12.14 20:18:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.01.24 23:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HomebrewStore Downloader
[2012.08.23 12:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IClaro
[2012.04.18 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.11.03 17:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ijjigame
[2011.10.09 21:26:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2012.06.01 21:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit
[2011.10.28 13:56:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.11.06 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2013.04.11 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Minecraft Version Changer
[2013.03.07 20:58:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.10.07 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World
[2012.06.13 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2012.01.04 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.06.13 18:07:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2013.03.17 14:01:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.07.19 17:53:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2013.03.09 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.09.12 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2013.04.28 11:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhrozenSoft
[2011.02.17 12:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PriceGong
[2013.04.24 21:37:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2013.02.16 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz
[2011.12.20 21:52:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz Help
[2013.02.25 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia
[2013.01.21 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.10.10 19:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TechSmith
[2011.10.19 18:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds
[2011.04.14 20:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2013.04.22 15:21:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.05.20 13:15:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle
[2012.01.24 23:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net
[2013.04.20 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinArchiver
[2012.08.29 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.10.10 17:36:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark
[2012.02.07 19:04:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XLink Kai
[2013.04.25 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yontoo
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.07.26 20:02:10 | 000,000,000 | ---D | M](C:\windows\SysWow64\????sers) -- C:\windows\SysWow64\œ粠œsers
[2012.07.26 20:02:10 | 000,000,000 | ---D | C](C:\windows\SysWow64\????sers) -- C:\windows\SysWow64\œ粠œsers

< End of report >
         

Alt 30.04.2013, 15:32   #8
DerAmpelmeis
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



OTL Extras:

Code:
ATTFilter
OTL Extras logfile created on: 29.04.2013 21:55:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 41,27% Memory free
7,73 Gb Paging File | 5,24 Gb Available in Paging File | 67,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923,02 Gb Total Space | 338,06 Gb Free Space | 36,63% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1486A2D0-2B52-43E6-BCDF-49DD4F5DD02C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{189E2349-0A18-4AB9-AA12-835A1855A41D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{20F8563F-A9BA-4DC8-99DE-4420B3BD37EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{28FBE8BC-1DE8-4695-9B85-824D37F359D1}" = lport=51911 | protocol=6 | dir=in | name=akamai netsession interface | 
"{296EDC4F-D1FD-4015-8D4C-F45F3AA0EF94}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2DB457DF-CFBB-44DF-B95F-FC4372444512}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{43CEA626-AE0C-4EAD-B55F-C3AD01F50EEA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44F9611C-40E3-4843-AE49-63907AB3ECFD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5ACA731B-307C-4899-A100-7121B9F260FE}" = lport=8303 | protocol=6 | dir=in | name=teeworlds | 
"{5C96D933-1716-447F-91BC-C9AE043623EE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6610E461-820E-4BE0-A224-5618291B2DBC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{669A6EC7-38F8-4041-A793-AB31154C6892}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6D429A5F-EA8B-420F-8EDF-047D0E227710}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{81B22D71-CE2B-463F-9BCD-F6B3F57A29D9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{83E1A74F-D40D-4870-9888-B8CB69053287}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{84F1949E-C3A6-4A47-B363-1C95C81BDB58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8586ACC9-47F2-4274-958D-923AE4E5AA5A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{887E82EC-101E-49FD-BB68-4C97FF71E089}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8B092DC8-5E3D-4C32-99D5-BE78B2292D03}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8B678962-B870-4813-9A4B-908BC13ABEEB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8F41AAE7-6E59-4C37-BC03-2D3F0559DEE4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{937F225E-CEDC-43A0-96D0-086AC9804573}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A9788FEA-989F-4A95-B481-C4C6E369B453}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B64EAF8D-9CBC-4EC4-8FEE-19F7D30CA193}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{BAFD2635-E23E-4DAC-8A0A-D3BA80EEC7EF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C45B36A4-3A98-42EA-B15A-1CA14DDC6F35}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C4F1E3BF-633A-478C-8AA2-0B7C9BA774AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{C6651CFB-55E3-4B55-92C2-61432509F332}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C8C4BE30-CD5C-4483-B208-501DE875999F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6C121A7-458F-4678-98D2-B2881954A363}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D9C257CE-5453-4F1A-9E29-F2CF702E4767}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DD7EE9EE-5AD5-48F1-BF78-C223B405BAA7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{EBCEAF88-2527-42CD-BFB2-B2E9EB8B0CC6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F2FD2627-3372-406D-A0CC-BCF1543AE741}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F3194466-5EE9-4867-9FFB-6D03B4D7E9F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FC59DAFB-F833-4FC3-A5CF-D233708BAF41}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F0868A-56D8-4EF7-8F89-69F0E23CC7E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{055BBB1E-0877-44B6-BE15-670F7D48805B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{070E1E53-4871-4E9A-B1A0-0CE34250DAD9}" = protocol=6 | dir=in | app=c:\program files (x86)\yolobartb\dtuser.exe | 
"{0978956F-BD09-459F-89C9-DA90DB597EBF}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe | 
"{098672D3-AF05-484A-A51E-7A8C24C04F16}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{0B58595D-58CF-4479-84EC-02E4338E6819}" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"{0D2F483E-48D9-402E-9D74-6BDA7003F4DE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{0EA79902-BE6D-4805-B529-B0A638F65009}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{1470DACA-CCD4-47B9-A78E-1BDB91358B3A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1619AA2D-6A1F-427F-9695-C969E88F2BED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A9CB1D3-F50E-4EEE-A482-72F0D7418670}" = protocol=17 | dir=in | app=c:\ut2003\system\ut2003.exe | 
"{1B30CCF7-BD2A-4046-A887-2B7F88AD417A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{1BA0C272-4D7F-4CB7-A153-3B951C64DE77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1C2DAB8C-95B7-4A4F-AB12-43395F6AA2B6}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{1D1CDC34-8CA7-423D-8D11-3C502CCC1639}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\blur(tm)\blur.exe | 
"{267C269A-2FC4-48FB-85C7-717809EEC949}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{26D4C3B8-1EF3-4C73-8370-23F02FD0F255}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{2CB6146B-168B-4A0C-B7F2-BA714DD74112}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{2CF72FE3-251F-4456-93A9-D869AB90A02A}" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"{2F2DF737-F297-4AF4-8915-4B61749E42C6}" = protocol=17 | dir=in | app=c:\program files (x86)\searchresults1\dtuser.exe | 
"{3335D362-FB8A-4949-909F-9023EB95D592}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{342D0EBC-0FD4-46A3-9F1B-CE87F765C649}" = protocol=58 | dir=in | app=system | 
"{3AC13AF7-30B4-4E37-B4F9-E6B038F3EF4A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{3AC2F0DB-EFD8-4100-8ED1-A1C11E2BF994}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{3C3C8A67-8A95-4C09-81D4-A7BA49C5142A}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{3C6EFE4B-539D-4BAE-9FFF-571170EC64CD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{3D600BC7-FD24-4F76-A713-B7F1BD04B2CE}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{3ED1824A-1484-4842-A7E4-93BF76D79F9B}" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\call of duty - world at war\codwaw.exe | 
"{3F07F0E7-6F49-446B-9234-CC3678640770}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{44473C79-49E5-4595-8F4E-543A19CFFE23}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | 
"{446A0556-C1C8-419E-9FA4-E05302D8A740}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"{44B742C4-B047-49D8-B3F3-ABA48B7AF87D}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{44FB910F-9BC9-41B7-A731-61657E867459}" = protocol=6 | dir=out | app=system | 
"{45F5DC92-CBA3-4467-A61A-18EF9F690343}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{460921F4-75F0-40B6-A5F0-8750C9926E88}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
"{46AB5A82-4588-405A-9DDE-4BB4D087FA6D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{46E40890-0C53-4843-8342-3A120D1D2E09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{48E38484-8700-4492-B3FA-26F1CB5A7C45}" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\call of duty - world at war\codwaw.exe | 
"{4994DD01-D25E-4339-A6DF-521A2006F36B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{4A6D2F75-5BD7-43B4-831D-C90322365B9B}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{4A9E2CF3-1C15-432D-8CCB-BCF6BB19EFA1}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{4AAAB31C-FA8B-4C2B-AE8E-3FB459FD6041}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4D8EDF21-3EF6-487D-9F6C-30461297DEC6}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{4F3B3071-CF6B-47C7-93E0-90BF32567FEA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5026DB92-5104-431E-93BC-03DC112F6725}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{531C7111-AB87-47DF-874C-EF8046D7CC84}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{5743F487-EB0C-4355-8C91-9726F6DD4D10}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs26c7\hpdiagnosticcoreui.exe | 
"{58622BE3-03EA-492D-A007-C5A79F030D69}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{5C910534-58F3-4550-9DF2-9FCA29754D8E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{5D4F290B-EC7C-4DDC-89F9-3D05206CC7F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5D826675-C678-42C0-AF3B-E938EBE36E79}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{60A977FB-C241-459F-9546-FD2B06310040}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe | 
"{60DD1E2C-F626-49B0-90D9-15736FAF1287}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{63475F2C-8343-4C9E-BE90-F60FD1CD1557}" = protocol=17 | dir=in | name=zocken | 
"{642B1889-49C8-40CF-97EE-089AF8A0C813}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{64869499-562A-4C91-BF40-76344349FD70}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe | 
"{6512BC90-4D56-410E-A8E8-2D7B759A5CCB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{656298B3-9AB7-4CF6-94E4-40983003D307}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{664DB5AF-3701-497C-8414-5898AFFFBDEB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{6773FEB2-47DC-4881-9E09-58419FEF8D69}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{6779C479-E9F3-4B34-B264-EB606FBA48BA}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{67CBAD91-EA01-4B71-AD52-B4A8C086C2F9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6B33B6D2-5750-4548-A41F-8EEAB0F92EAF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | 
"{6CE2A79B-D974-4CCD-837D-79E337DBDB07}" = protocol=6 | dir=in | app=c:\ut2003\system\ut2003.exe | 
"{6D9C795C-1172-4446-9647-0E57950C8F3F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{6F4A272E-4BB9-41CB-89AD-D4AA103C9289}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{728E0042-26F1-4788-8F2D-90AC4A2D5A63}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{732B1900-88F2-4BFD-906F-B8BD0F8D6FA7}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{7472B5E3-2479-4759-9230-BDF10F553B60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{75B52D6A-CF00-4114-A2CA-8F60908AB3B6}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{7642931F-6BDA-42A5-AF9E-67F1E0B772FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{7A7F6B6D-FBEB-4F22-9578-430E09305CDA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{7C5ACC92-B5BB-4626-8897-CB77E0605C48}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{7E618E26-7CEE-40A1-9762-0F0DE9F90309}" = protocol=6 | dir=in | app=c:\program files (x86)\searchresults1\dtuser.exe | 
"{7F9468F3-60DD-46FC-90B2-84A9ECF67A41}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\blur(tm)\blur.exe | 
"{804BB11D-FD6C-4A70-AD77-7B30F222AF27}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{818390E4-7510-4086-BA12-BCE1E4D0445E}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{81E1A3B9-DCC2-4DA2-91A7-49681EDDA031}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{84887386-AACC-4D50-BB28-888F42E57DFF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{86395B01-602A-40D0-999E-9DA6BEB71E65}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe | 
"{87AE9004-1EE3-44E2-8BA5-F7C31579BC41}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{8964F503-B02A-4F32-B621-B6CF43AAE595}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe | 
"{89AC2EA1-7A52-47BC-9BB2-B93213521E0D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{89DCEE35-DEE1-40E9-BA7A-9A52CC5E6499}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{8CBB9FF0-FAED-452F-9DCC-0B17B638C40C}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe | 
"{8D623C7F-EADB-4CA2-B361-A68E7D5F0B17}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8FFF90E9-A2CC-42AB-8E00-9CECB70A58B6}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{91CE6831-FF4D-40E1-BEAD-1BE12936A9C8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{923F8F2A-46E6-4770-B1F9-DDC91B90D8B2}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{960C7B31-CBD1-4DF4-8685-E31C2605E8BF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{971CBD72-9BEB-4A1A-9C8C-7119C453D17B}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"{97B9E976-843D-4472-AF62-92BECF808665}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{997E4B4B-E179-4454-9BDD-0385E1A84013}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{9C3C13B9-8A22-485D-A482-69D386E8C3D9}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{9E8266B1-D7CE-4AA3-B724-4CB9B86D6F43}" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_race.exe | 
"{A02DEF4C-2BA9-4293-AE46-1892E255B0DC}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | 
"{A37B4E2B-BF49-4E02-B780-648E756B3E64}" = protocol=6 | dir=in | app=c:\users\***\desktop\psp downloads\fraps_3.2.7_cracked.rar_downloader_224.exe | 
"{A456435A-94B5-4330-AC73-4D6034632BA3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A565DA8B-4F3D-4F28-96F2-B5CA9106C157}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{A5A33D80-BA89-4D27-A928-CBD77E661CD0}" = protocol=17 | dir=in | app=c:\program files (x86)\yolobartb\dtuser.exe | 
"{A5C68652-EC70-40C2-BE1D-EEB4BC7109AA}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{A8B21A0B-A405-437C-B3C8-E291AAA56553}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{AA14F258-8ED4-4FB0-ADA7-23EC5E527148}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{AAA914B5-D73F-43C0-9BEF-FD7B68CB74B6}" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\remoterserver.exe | 
"{AAC39919-C4B7-484C-AF63-DB35EB74F6F8}" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\remoterserver.exe | 
"{AB52B01C-8BF9-4B72-BC3C-E0EEE6B715BD}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{AC7702F9-65E4-4AFA-A867-899B0634EDD1}" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_dummydrag.exe | 
"{AD90095D-6DBC-4CDC-9DF9-43E6A5309B5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | 
"{B0440CB9-DB97-405D-9FA4-2EAF34179D62}" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_dummydrag.exe | 
"{B08C8F4F-DDCD-429E-A1B0-6BD3AF969D70}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{B0F471E7-CD73-4705-B43B-6CD8D5B0D63C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B226CFA3-2547-44B3-9678-AA8D66B5558A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B3CFACE5-B0E6-4531-980D-CEFDF81B15FC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
"{B7B9E744-9317-4E7E-BF96-F1E87B6F2A5D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{B92C74A5-9344-4781-810E-71506E0D27AE}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{BDA00DBC-6FC2-4A14-80A1-60240941754B}" = protocol=6 | dir=in | name=zocken | 
"{BEFEDCAF-DF10-4F3B-AD71-56AD58F1C512}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{BF263C51-4BE7-4D99-AEDC-1AB9AAF8CD43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0F3F689-53CC-47D4-8F77-50EEB8DEFBBE}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{C208C86C-2CB4-421B-B3C7-BB622EBAD422}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C3973B12-1542-4ABD-A069-14044E7EFE2B}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{C6C031B7-F767-4931-99AA-D2626FE8BE7E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{C7E3B2D6-E253-42AB-B558-8CA3AA164A63}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{CC7EB5AA-9984-4A34-8484-426A1B30B990}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{CCBB237C-067D-4B12-8189-D15E94F6F249}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe | 
"{D0DBA80F-8D3A-4555-B369-E56516C7E7B3}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{D1AEE8BC-DCEE-4FE9-A971-9E72DF162063}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D31A0FED-5493-4E14-81F3-43D8B1500CD0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D6A8DC79-29C3-4C04-AB56-BA10F0354852}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{D6BA0273-0BE8-481B-9423-00CEA01AADA2}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{D80196B7-DDE2-486F-BF5D-CECEA574F4A9}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe | 
"{DA6C1B43-41B5-47E5-8E9E-2C5E6DE40CB8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DAC73158-056B-49FA-90D5-009DCC670914}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{DE5320F3-2B7D-4D39-A91A-BDACD09AA1F3}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{DEFCBB80-8AE6-4A15-9771-409F8B8663FE}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{E07BF2AE-3F15-4C47-ACFC-5919F03FD7EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E0C589FC-6489-4426-97FD-82BDE0A93F67}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{E243B444-1728-4E9C-B1BC-00EE24A6D3B4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{E62B2C2B-8388-43BE-8B14-8532D678B80F}" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_race.exe | 
"{E6A0CE8A-6EFD-4C57-AC0D-B548CC3DB923}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{ECFD596E-A397-458E-B6D6-C3E19CB6F582}" = protocol=17 | dir=in | app=c:\users\***\desktop\psp downloads\fraps_3.2.7_cracked.rar_downloader_224.exe | 
"{EE673B7B-4ED7-4A8C-AD04-40B197BBC920}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs26c7\hpdiagnosticcoreui.exe | 
"{F00E0BC6-30DC-49DD-BFF9-52DB4D34DDE2}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{F242B751-402C-4F51-8AA3-F1519D080566}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F2EE4689-1DE7-4163-9E76-661C96B90D60}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{F5900B3D-A93F-4885-A237-36E9625215CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | 
"{F817A408-C350-4601-9CF7-93F1EA37A40F}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{FB12187C-5E61-4870-B30E-CF60C9C36222}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{FB340566-F69C-4795-BE6F-2AEAB4346B9C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{FBCE5C6A-495E-439C-97FE-CFC71F72E757}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{FE15255F-2CB1-4848-A225-025C9A31DCFA}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{FF2FE898-F5DF-4455-9E08-D0612284A06D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{037F3810-97AC-4D09-9146-E900E16472B5}C:\program files (x86)\EA GAMES\MOHAA\MOHAA.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mohaa\mohaa.exe | 
"TCP Query User{0F47986B-7D53-454E-A08E-BEECE4C7DEF0}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"TCP Query User{11B5460D-13A6-46CB-B5DB-13CEE44476A3}C:\users\***\desktop\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"TCP Query User{15C2930D-DBC1-46FB-AD13-DD0B7889C54E}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
"TCP Query User{181B06D7-652D-4919-A812-A993B16FA4EC}C:\users\***\desktop\ds lan\dslan_v1.4\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\ds lan\dslan_v1.4\apache\bin\apache.exe | 
"TCP Query User{1B66A262-0063-44F8-AE01-4A19BF6B5570}C:\users\***\desktop\donatello\ds lan\dslan_v1.4\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\ds lan\dslan_v1.4\mysql\bin\mysqld.exe | 
"TCP Query User{3FAB9B30-D46F-447C-ADFB-9C31A52EABF1}C:\program files (x86)\nokia\phoenix\phoenix.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\phoenix\phoenix.exe | 
"TCP Query User{42E9657A-BCC2-42E4-BD45-187F094203F2}C:\program files (x86)\firefly studios\stronghold\stronghold.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe | 
"TCP Query User{4954E624-AD16-4C6B-A24C-6541F862AA8D}C:\users\***\desktop\donatello\ds lan\dslan_v1.4\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\ds lan\dslan_v1.4\apache\bin\apache.exe | 
"TCP Query User{54639BA4-701E-4D86-9879-A0717856EA5E}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{5F41DED8-091F-4E45-B71F-8CB4457E8670}C:\users\***\desktop\teeworlds 0.6.1\teeworlds_srv_race.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\teeworlds 0.6.1\teeworlds_srv_race.exe | 
"TCP Query User{62B7108A-D17A-418D-A347-22CC166EBBCB}C:\program files (x86)\umair cheema\wificheema server\wificheema.exe" = protocol=6 | dir=in | app=c:\program files (x86)\umair cheema\wificheema server\wificheema.exe | 
"TCP Query User{64C95A7C-43F1-4EC9-ABDC-E54A6753469D}C:\users\***\desktop\donatello\remoterserver.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\remoterserver.exe | 
"TCP Query User{6DFCF6C4-56DC-4C7C-85AC-563F55F2FAB5}C:\ijji\english\ava\binaries\ava.exe" = protocol=6 | dir=in | app=c:\ijji\english\ava\binaries\ava.exe | 
"TCP Query User{6E424A66-ED67-4323-B7A7-7F278C789A0E}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
"TCP Query User{6F37CA64-AB55-43FA-99DA-7E58FCF741D2}C:\users\***\desktop\dslan_v1.4\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\dslan_v1.4\apache\bin\apache.exe | 
"TCP Query User{707C433C-9C49-4D94-B0D0-2611043011B1}C:\users\***\desktop\spiele\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\call of duty - world at war\codwaw.exe | 
"TCP Query User{72FD2108-7921-429B-A50D-ED8DC8966952}C:\program files (x86)\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\reactor.exe | 
"TCP Query User{792F3C80-2E39-4D33-A32F-4565ABEDFB06}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{7C7BC321-5B48-4E4B-B728-104FA3800683}C:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_race.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_race.exe | 
"TCP Query User{8680A18E-8D5B-45D5-9655-E954A7F15274}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{9161A1FC-4EE1-4A0A-9B94-9E2F38632360}C:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe | 
"TCP Query User{93DA27B2-ACAE-43FC-B0AD-B8F067B5B1E3}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{9481DBAD-97B9-4BBE-8A88-1BFDBAD353F5}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
"TCP Query User{9FA7B12F-E4DF-4541-8624-C8FC488C0102}C:\program files (x86)\xlink kai\kaiengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | 
"TCP Query User{A2AB8B44-42EE-4A1F-94FF-8D823EF1BE24}C:\program files (x86)\activision\blur(tm)\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\blur(tm)\blur.exe | 
"TCP Query User{A50726DE-B94B-4616-994C-059E33CB3A86}C:\users\***\desktop\dslan_v1.4\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\dslan_v1.4\mysql\bin\mysqld.exe | 
"TCP Query User{A76DCD6F-276B-4447-B358-DD738DB7FC7C}C:\program files (x86)\common files\nokia\fuse\fuse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\fuse\fuse.exe | 
"TCP Query User{A8CC5452-0A4C-41FC-A2B7-0015C33A8F2E}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\fuse\fuseservice.exe | 
"TCP Query User{AD54D6AC-FEB3-405A-B384-58912983A6E0}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"TCP Query User{BA0E8641-E5D0-4410-9504-22BA9D183379}C:\ut2003\system\ut2003.exe" = protocol=6 | dir=in | app=c:\ut2003\system\ut2003.exe | 
"TCP Query User{C4E3A0CD-110D-464F-84DA-C05F828CE10E}C:\users\***\desktop\ds lan\dslan_v1.4\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\ds lan\dslan_v1.4\mysql\bin\mysqld.exe | 
"TCP Query User{CD47E5B5-E70A-4B28-A3AD-D725527F4797}C:\program files (x86)\odeon\jaf\jcop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\odeon\jaf\jcop.exe | 
"TCP Query User{D1E8FFB0-0172-402B-9F0A-3E148CD42D53}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{D8066E2F-D2FC-4E6F-9163-50DE6A287585}C:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_dummydrag.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_dummydrag.exe | 
"TCP Query User{D8934F5F-6008-402A-815B-E1A348C2C8B7}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe | 
"TCP Query User{DA938E9A-19E9-4CC4-A723-2EC0F632A8C8}C:\users\***\desktop\donatello\mine edit\launchserver.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\mine edit\launchserver.exe | 
"TCP Query User{DABF8F5E-56DC-4B25-B298-77FCE12CA684}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{DDE22C2F-53E9-4249-9A20-F85C5120763A}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{E8633728-97C0-4B34-8138-2E9366755E0A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{EF7D5428-8B81-42F5-8CFA-FBBF3E337DAF}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{F0C5DEC1-574B-4B61-8B3A-1CFFF773D29D}C:\users\***\desktop\michelangelos spiele\cod1\codmp.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\michelangelos spiele\cod1\codmp.exe | 
"TCP Query User{F6ED4BB9-1926-475A-934B-EDA02EC4874F}C:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"TCP Query User{FD8A1007-BFA1-45CE-975D-53DF51EF29E6}C:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe | 
"UDP Query User{0550ECC8-C9E8-4B9B-9D23-FC0B07987F7F}C:\users\***\desktop\ds lan\dslan_v1.4\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\ds lan\dslan_v1.4\mysql\bin\mysqld.exe | 
"UDP Query User{05C79013-E0DE-4DB9-B820-C82AFD71EC29}C:\users\***\desktop\teeworlds 0.6.1\teeworlds_srv_race.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\teeworlds 0.6.1\teeworlds_srv_race.exe | 
"UDP Query User{0C1FA51D-5401-4B81-8E40-13E24B1F0E1A}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{0E8C3072-4A1B-4741-9B58-15023B62E1F5}C:\program files (x86)\EA GAMES\MOHAA\MOHAA.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mohaa\mohaa.exe | 
"UDP Query User{16BDC9E1-BD8D-4542-8582-BAC08E8D9647}C:\users\***\desktop\donatello\remoterserver.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\remoterserver.exe | 
"UDP Query User{177A1A73-2221-409D-A644-D3C706FFE900}C:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe | 
"UDP Query User{1EE7F49E-0CCF-4084-8963-4D8EC29D3EB0}C:\program files (x86)\umair cheema\wificheema server\wificheema.exe" = protocol=17 | dir=in | app=c:\program files (x86)\umair cheema\wificheema server\wificheema.exe | 
"UDP Query User{28AA5427-44FF-4D7A-8535-544B089449A1}C:\program files (x86)\nokia\phoenix\phoenix.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\phoenix\phoenix.exe | 
"UDP Query User{2C1FC9C5-AA0F-4071-9C7C-8781B2E05D61}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{2E1302F3-8929-454F-A884-59F234162B5F}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
"UDP Query User{39089306-ADCA-4060-969B-DA15C5BC2C64}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{3D098275-7BBB-4685-8CEB-694656A28C19}C:\program files (x86)\odeon\jaf\jcop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\odeon\jaf\jcop.exe | 
"UDP Query User{4451ED89-4382-499D-A723-9487489ADF1B}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{4B198F47-D0B5-4679-BAE9-23B2ADC54D3B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{50E0ABDA-9586-422C-8D45-EB170EF58EEB}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{5561545B-6191-4DC3-9EF0-F528E14B24E4}C:\program files (x86)\firefly studios\stronghold\stronghold.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe | 
"UDP Query User{58BCBFA7-6B2E-4F7C-8DFC-7D49C505D7A3}C:\users\***\desktop\donatello\mine edit\launchserver.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\mine edit\launchserver.exe | 
"UDP Query User{61816FD8-3CF9-40F1-A07E-96CC7E42E776}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\fuse\fuseservice.exe | 
"UDP Query User{6EF3F8CD-D605-4390-AAC9-98506B1586CA}C:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_race.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_race.exe | 
"UDP Query User{73CE6918-3A7B-4A7C-95AF-3D3F8C101868}C:\users\***\desktop\dslan_v1.4\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\dslan_v1.4\apache\bin\apache.exe | 
"UDP Query User{7CF05CDF-5A85-4194-98FD-A62B2AD18D82}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{7FD31B02-239C-48EE-8FE5-CEB581321596}C:\users\***\desktop\donatello\ds lan\dslan_v1.4\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\ds lan\dslan_v1.4\mysql\bin\mysqld.exe | 
"UDP Query User{87031836-62AC-4C99-8669-7BAE5BECA0C3}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{8C0F8E54-DEC4-4C1A-8BD3-09EAE05B8C7B}C:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe | 
"UDP Query User{8F682941-F8B1-471B-B238-ADAEBC43E25B}C:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"UDP Query User{96FC5691-E0C2-4E23-901A-1BE5E429D49C}C:\users\***\desktop\dslan_v1.4\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\dslan_v1.4\mysql\bin\mysqld.exe | 
"UDP Query User{98E37BB0-7119-4809-802E-27147CB24465}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
"UDP Query User{99AB2215-AF6F-4E70-B0FC-81FC07930E32}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"UDP Query User{9F51E872-5FE0-46BA-8C9B-3FED57ED929A}C:\program files (x86)\xlink kai\kaiengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | 
"UDP Query User{AB6EEBA9-1303-47C8-AB53-64A3D8F11F8F}C:\users\***\desktop\spiele\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\call of duty - world at war\codwaw.exe | 
"UDP Query User{AF9C627C-AB64-4D62-A433-1126F5BEEB06}C:\users\***\desktop\donatello\ds lan\dslan_v1.4\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\ds lan\dslan_v1.4\apache\bin\apache.exe | 
"UDP Query User{B242686C-E4B9-458F-9C60-5B47EB9657A4}C:\users\***\desktop\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"UDP Query User{B54128DC-18C2-4B31-9BBA-9B66424E9954}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"UDP Query User{BDD5C000-D546-421B-8416-E28B4BF1E670}C:\users\***\desktop\ds lan\dslan_v1.4\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\ds lan\dslan_v1.4\apache\bin\apache.exe | 
"UDP Query User{BEE5EFE3-8798-4749-BB5B-D6071B65DB51}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe | 
"UDP Query User{CBC65FC8-FA70-493B-AB6B-062286908782}C:\ut2003\system\ut2003.exe" = protocol=17 | dir=in | app=c:\ut2003\system\ut2003.exe | 
"UDP Query User{D0C09398-BE97-498C-8404-FEBD3106EAC4}C:\program files (x86)\common files\nokia\fuse\fuse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\fuse\fuse.exe | 
"UDP Query User{D453B923-AAB9-4329-8ADD-791BE131CF61}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{DAABB33E-3D76-48E8-98D3-C3708CF71AFF}C:\ijji\english\ava\binaries\ava.exe" = protocol=17 | dir=in | app=c:\ijji\english\ava\binaries\ava.exe | 
"UDP Query User{EA4B7F14-6305-453B-8C09-3C983DF35CEE}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
"UDP Query User{F03C890E-D3AF-4835-A416-83209F4AF87E}C:\users\***\desktop\michelangelos spiele\cod1\codmp.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\michelangelos spiele\cod1\codmp.exe | 
"UDP Query User{F04BF92F-47EC-4ACD-A3E4-08E2795E27D5}C:\program files (x86)\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\reactor.exe | 
"UDP Query User{F110C5C0-4B06-43CF-B420-07AE09E92130}C:\program files (x86)\activision\blur(tm)\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\blur(tm)\blur.exe | 
"UDP Query User{F1C0F384-53AB-4D11-8F0E-4316B4C0BD6D}C:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_dummydrag.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\donatello\teeworlds 0.6.1\teeworlds-b122-r50edfd37-win32\teeworlds_srv_dummydrag.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.05
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B099E941-4789-46A1-9B14-01CFD04E03B3}" = Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0AFECCA6-61A0-409F-9205-67613984209D}" = Multimedia Card Reader
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD935EA-AA51-4271-8668-F64F34D67CD7}" = Phoenix Service Software
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3800E4B7-3457-42D9-B22D-2CBAAAEDF0A1}" = IObit Toolbar v7.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"{57BC1FEB-421D-469C-B07B-C8095596A224}" = XLink Kai
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74AF34F6-ACF4-438C-9C7E-FA0307B60E45}" = IClaroInstaller
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7E44C354-10A8-4214-9C56-F3F00775E415}_is1" = Stykz for Windows 1.0.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B18BDF00-5F0B-4A99-8CA1-635C5105C279}" = HomebrewStore Downloader
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2B4C2B-0805-4E06-873D-CECB046A5BE8}" = Camtasia Studio 8
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD023A2B-43ED-40C0-8254-794555CDBBC1}" = WiFiCheema Server
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Sitecom Wireless Network USB Adapter Turbo G WL-172
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AGEIA PhysX v2.3.3" = AGEIA PhysX v2.3.3
"Akamai" = Akamai NetSession Interface Service
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"ArmA2" = ArmA2 Uninstall
"Audacity_is1" = Audacity 2.0.2
"Audiosurf_is1" = Audiosurf Beta
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BattlEye" = BattlEye Uninstall
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"BrowserCompanion" = BrowserCompanion
"claro" = Claro LTD toolbar  on IE
"conduitEngine" = Conduit Engine 
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealPly" = DealPly
"DealScout" = DealScout for Internet Explorer
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Everything" = Everything 1.2.1.371
"express-files Toolbar" = express-files Toolbar
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Screen To Video_is1" = Free Screen To Video V 2.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903
"Game Cam" = Game Cam 2.6.1.0
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Chrome" = Google Chrome
"Half-Life_is1" = Half-Life
"HP Photo Creations" = HP Photo Creations
"HyperCam 2" = HyperCam 2
"Hyperionics DB Toolbar" = Hyperionics DB Toolbar
"ICQToolbar" = ICQ Toolbar
"Inkscape" = Inkscape 0.48.2
"InnoGames Toolbar" = InnoGames Toolbar
"InstallShield_{0AFECCA6-61A0-409F-9205-67613984209D}" = Multimedia Card Reader
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Intel AppUp(SM) center 29342" = Intel AppUp(SM) center
"InterActual Player" = InterActual Player
"IsoBuster_is1" = IsoBuster 2.3
"JAFSetup" = JAF Setup
"KaloMa_is1" = KaloMa 4.92
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"LAME_is1" = LAME v3.99.3 (for Windows)
"lmms" = LMMS 0.4.13
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.53
"Nimbuzz" = Nimbuzz 2.4.0
"NIS" = Norton Internet Security
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"NSS" = NSS (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Phoenix Service Software 2011.24.002.46258_is1" = Phoenix Service Software 2011.24.002.46258
"PhotoScape" = PhotoScape
"PricePeep" = PricePeep
"PunkBusterSvc" = PunkBuster Services
"Quick Memory Editor_is1" = Quick Memory Editor 5.7
"RealPlayer 15.0" = RealPlayer
"RealPlayer 16.0" = RealPlayer
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"San Andreas Mod Installer1.0" = San Andreas Mod Installer
"SearchCore for Browsers" = SearchCore for Browsers
"Searchqu 417 MediaBar" = Windows Searchqu Toolbar
"searchresults1" = Search Results Toolbar
"Security Task Manager" = Security Task Manager 1.8g
"Softonic-de Toolbar" = Softonic-de Toolbar
"SpeedFan" = SpeedFan (remove only)
"Steam App 440" = Team Fortress 2
"Steam App 47400" = Stronghold 3
"StepMania" = StepMania (remove only)
"Synthesia" = Synthesia
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"UT2003" = Unreal Tournament 2003
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinArchiver" = WinArchiver
"WinLiveSuite" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.8.3 (64-bit)
"yolobartb" = Yolobar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"ExpressFiles" = ExpressFiles
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.04.2013 07:07:58 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.04.2013 06:39:42 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.04.2013 13:14:22 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.04.2013 14:42:14 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 26.04.2013 14:17:03 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 27.04.2013 10:06:01 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 28.04.2013 06:07:55 | Computer Name = Donatello-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 28.04.2013 06:51:07 | Computer Name = Donatello-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SplinterCell4.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4539e082  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xba04c083  ID des fehlerhaften
 Prozesses: 0x17f8  Startzeit der fehlerhaften Anwendung: 0x01ce43fccef6b203  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell
 Double Agent\SCDA-Offline\system\SplinterCell4.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 8714cf60-aff1-11e2-bf89-1c6f6545c13a
 
Error - 29.04.2013 11:34:13 | Computer Name = Donatello-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\Donatello\SoftonicDownloader_fuer_free-screen-to-video.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 29.04.2013 11:34:16 | Computer Name = Donatello-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Desktop\Donatello\SoftonicDownloader_fuer_audiosurf.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ Media Center Events ]
Error - 20.12.2011 09:38:58 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 14:38:53 - Fehler beim Herstellen der Internetverbindung.  14:38:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.12.2011 12:26:49 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:26:49 - Fehler beim Herstellen der Internetverbindung.  17:26:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.12.2011 12:26:57 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:26:54 - Fehler beim Herstellen der Internetverbindung.  17:26:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.12.2011 11:06:07 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:06:07 - Fehler beim Herstellen der Internetverbindung.  16:06:07 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.12.2011 11:06:30 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:06:14 - Fehler beim Herstellen der Internetverbindung.  16:06:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.12.2011 04:41:35 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:41:35 - Fehler beim Herstellen der Internetverbindung.  09:41:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.12.2011 04:41:43 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:41:40 - Fehler beim Herstellen der Internetverbindung.  09:41:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.12.2011 11:13:24 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:13:24 - Fehler beim Herstellen der Internetverbindung.  16:13:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.12.2011 11:13:33 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:13:30 - Fehler beim Herstellen der Internetverbindung.  16:13:30 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.12.2011 19:09:58 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 00:09:53 - Fehler beim Herstellen der Internetverbindung.  00:09:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ NetLimiter 3 Events ]
Error - 09.01.2013 14:41:53 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 10.01.2013 12:03:40 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 10.01.2013 13:27:07 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 11.01.2013 10:03:58 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 11.01.2013 12:30:12 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 11.01.2013 12:45:27 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 12.01.2013 09:03:16 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 13.01.2013 07:50:23 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 14.01.2013 15:20:56 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 19.01.2013 15:46:46 | Computer Name = ***-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
[ System Events ]
Error - 25.04.2013 06:21:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Yontoo Desktop Updater" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 25.04.2013 08:54:17 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.04.2013 13:39:17 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.04.2013 13:42:13 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description = 
 
Error - 26.04.2013 14:12:17 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27.04.2013 12:05:31 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27.04.2013 12:29:34 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.04.2013 07:16:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines 
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 
Error - 29.04.2013 07:19:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Yontoo Desktop Updater" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 29.04.2013 12:44:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Yontoo Desktop Updater" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
 
< End of report >
         
Gmer:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-30 15:46:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.1AG0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\fxtiruoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                              fffff800039f3000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                              fffff800039f302f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\windows\SysWOW64\svchost.exe[1456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000076241465 2 bytes [24, 76]
.text     C:\windows\SysWOW64\svchost.exe[1456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000762414bb 2 bytes [24, 76]
.text     ...                                                                                                                             * 2
.text     C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1500] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter  00000000758f87b1 5 bytes [33, C0, C2, 04, 00]
.text     C:\Users\***\AppData\Local\Akamai\netsession_win.exe[3860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000076241465 2 bytes [24, 76]
.text     C:\Users\***\AppData\Local\Akamai\netsession_win.exe[3860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000762414bb 2 bytes [24, 76]
.text     ...                                                                                                                             * 2
.text     C:\Users\***\Desktop\gmer_2.1.19163.exe[6836] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000076241465 2 bytes [24, 76]
.text     C:\Users\***\Desktop\gmer_2.1.19163.exe[6836] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000762414bb 2 bytes [24, 76]
.text     ...                                                                                                                             * 2

---- Threads - GMER 2.1 ----

Thread    C:\windows\System32\svchost.exe [1140:1268]                                                                                     000007fefb49f2f4
Thread    C:\windows\System32\svchost.exe [1140:1284]                                                                                     000007fefbd36204
Thread    C:\windows\System32\svchost.exe [1140:1532]                                                                                     000007fefaf45428
Thread    C:\windows\System32\svchost.exe [1140:4576]                                                                                     000007fefec3c608
Thread    C:\windows\System32\svchost.exe [1140:1672]                                                                                     000007fef5f46b8c
Thread    C:\windows\System32\svchost.exe [1140:4224]                                                                                     000007fef5f41d88
Thread    C:\windows\System32\svchost.exe [1172:1692]                                                                                     000007fefa0459a0
Thread    C:\windows\System32\svchost.exe [1172:1868]                                                                                     000007fefd1b1a70
Thread    C:\windows\System32\svchost.exe [1172:3736]                                                                                     000007fef78b20c0
Thread    C:\windows\System32\svchost.exe [1172:3740]                                                                                     000007fef78b26a8
Thread    C:\windows\System32\svchost.exe [1172:3748]                                                                                     000007fef73314a0
Thread    C:\windows\System32\svchost.exe [1172:4048]                                                                                     000007fef6eda2b0
Thread    C:\windows\System32\svchost.exe [1172:4080]                                                                                     000007fef8b144e0
Thread    C:\windows\System32\svchost.exe [1172:6564]                                                                                     000007fef6d588f8
Thread    C:\windows\System32\svchost.exe [1172:4704]                                                                                     000007fef78b29dc
Thread    C:\windows\system32\svchost.exe [1196:1724]                                                                                     000007fef9b21a50
Thread    C:\windows\system32\svchost.exe [1196:3228]                                                                                     000007fef7d9506c
Thread    C:\windows\system32\svchost.exe [1196:3236]                                                                                     000007fef80d1c20
Thread    C:\windows\system32\svchost.exe [1196:3240]                                                                                     000007fef80d1c20
Thread    C:\windows\system32\svchost.exe [1196:1252]                                                                                     000007fef8f25124
Thread    C:\windows\system32\svchost.exe [1196:8060]                                                                                     000007fef9904164
Thread    C:\windows\system32\svchost.exe [1196:5212]                                                                                     000007fef00ccb70
Thread    C:\windows\system32\svchost.exe [1196:5152]                                                                                     000007fef9931ab0
Thread    C:\windows\system32\svchost.exe [1288:1420]                                                                                     000007fefb288274
Thread    C:\windows\system32\svchost.exe [1288:3672]                                                                                     000007fefb288274
Thread    C:\windows\system32\svchost.exe [1892:1760]                                                                                     000007fef94d35c0
Thread    C:\windows\system32\svchost.exe [1892:3712]                                                                                     000007fef94d5600
Thread    C:\windows\system32\svchost.exe [1892:3992]                                                                                     000007fef6f22940
Thread    C:\windows\system32\svchost.exe [1892:1600]                                                                                     000007fef6aa2888
Thread    C:\windows\system32\taskhost.exe [3964:2952]                                                                                    000007fefb381010
Thread    C:\windows\system32\taskhost.exe [3964:4592]                                                                                    000007fef83a5170
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:1124]                                                                  000007fefbf92a7c
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:5096]                                                                  000007fef098d618
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:1816]                                                                  000007fef098d618
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:1108]                                                                  000007fef8f25124

---- EOF - GMER 2.1 ----
         

Alt 30.04.2013, 15:49   #9
aharonov
/// TB-Ausbilder
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



Hallo,

siehst du beim Surfen überhaupt noch etwas von der Website mit all diesen Toolbars im Browser..?


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    • Yontoo 2.05
    • IObit Toolbar v7.0
    • Internet Explorer Toolbar 4.6 by SweetPacks
    • BrowserCompanion
    • Claro LTD toolbar on IE
    • Conduit Engine
    • DealPly
    • DealScout for Internet Explorer
    • express-files Toolbar
    • ICQ Toolbar
    • PricePeep
    • SearchCore for Browsers
    • Windows Searchqu Toolbar
    • Search Results Toolbar
    • Softonic-de Toolbar
    • Winload Toolbar
    • Yolobar
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 4

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von Combofix
  • Log von OTL
__________________
cheers,
Leo

Alt 30.04.2013, 17:06   #10
DerAmpelmeis
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 30/04/2013 um 17:08:43 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\***\AppData\Local\Temp\Searchqu.ini
Datei Gelöscht : C:\Users\***\AppData\Local\Temp\searchqutoolbar-manifest.xml
Datei Gelöscht : C:\Users\***\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
Datei Gelöscht : C:\windows\SysWOW64\conduitEngine.tmp
Ordner Gelöscht : C:\Program Files (x86)\Babylon
Ordner Gelöscht : C:\Program Files (x86)\BrotherSoft_Extreme
Ordner Gelöscht : C:\Program Files (x86)\BrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ExpressFiles
Ordner Gelöscht : C:\Program Files (x86)\Free Offers from Freeze.com
Ordner Gelöscht : C:\Program Files (x86)\FunWebProducts
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\InnoGames
Ordner Gelöscht : C:\Program Files (x86)\SearchCore for Browsers
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Windows Searchqu Toolbar
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\Anti-phishing Domain Advisor
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\yolobartb
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Local\ConduitEngine
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk
Ordner Gelöscht : C:\Users\***\AppData\Local\Minibar
Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\{94366e2c-9923-431c-b0d6-747447dd0f2b}
Ordner Gelöscht : C:\Users\***\AppData\Local\yolobartb
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\BrotherSoft_Extreme
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\InnoGames
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\searchresultstb
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\***\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\***\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\CT2682599
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\jetpack
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\Smartbar
Ordner Gelöscht : C:\Users\***\AppData\Roaming\PriceGong
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\***\AppData\Roaming\ExpressFiles

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BrotherSoft_Extreme
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\InnoGames
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\Installer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEE88B81-C2FB-4733-A826-88CB0A67FB61}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\SearchCore for Browsers
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Somoto Toolbar
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Schlüssel Gelöscht : HKCU\Software\SMTTB2009
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\BrotherSoft_Extreme
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2009772
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2682599
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3176921
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\Software\FunWebProducts
Schlüssel Gelöscht : HKLM\Software\InnoGames
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A4FBEF84-2499-4B5C-A00D-CB0756DB7A3F}
Schlüssel Gelöscht : HKLM\Software\Minibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4FBEF84-2499-4B5C-A00D-CB0756DB7A3F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2832C073-4123-4E67-8BFF-09222A4955A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FA44E4C-CE48-4B2F-AF34-EAA81289632B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72F1A3A4-6389-480E-8EFA-340BA7E44E4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8568A9BA-C6F4-4D2B-A285-8788B12EC2D4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrotherSoft_Extreme Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InnoGames Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{51A86BB3-6602-4C85-92A5-130EE4864F13}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{51A86BB3-6602-4C85-92A5-130EE4864F13}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\user.js ... Gelöscht !

Gelöscht : user_pref("CT2682599.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2682599.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2682599.FirstTime", "true");
Gelöscht : user_pref("CT2682599.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2682599.LoginRevertSettingsEnabled", true);
Gelöscht : user_pref("CT2682599.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT2682599.UserID", "UN97674717168638872");
Gelöscht : user_pref("CT2682599.activeToolbar.enc", "c3RhZW1tZQ==");
Gelöscht : user_pref("CT2682599.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2682599.enableAlerts", "never");
Gelöscht : user_pref("CT2682599.enableFix404ByUser", "FALSE");
Gelöscht : user_pref("CT2682599.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2682599.fixPageNotFoundErrorByUser", "TRUE");
Gelöscht : user_pref("CT2682599.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2682599.fixUrls", true);
Gelöscht : user_pref("CT2682599.homepageuserchanged", true);
Gelöscht : user_pref("CT2682599.hxxp___toolbar_innogames_de_toolbars_flags.APP_WIN_FEATURES.enc", "cmVzaXphYmxl[...]
Gelöscht : user_pref("CT2682599.hxxp___toolbar_innogames_de_toolbars_staemme.APP_WIN_FEATURES.enc", "cmVzaXphYm[...]
Gelöscht : user_pref("CT2682599.installType", "DirectDownload");
Gelöscht : user_pref("CT2682599.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2682599.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2682599.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2682599.isNewTabEnabled", false);
Gelöscht : user_pref("CT2682599.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2682599.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2682599.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2682599.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Gelöscht : user_pref("CT2682599.lastVersion", "10.15.2.523");
Gelöscht : user_pref("CT2682599.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2682599.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Gelöscht : user_pref("CT2682599.revertSettingsEnabled", "false");
Gelöscht : user_pref("CT2682599.search.searchAppId", "129219291115718929");
Gelöscht : user_pref("CT2682599.search.searchCount", "1");
Gelöscht : user_pref("CT2682599.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2682599.searchInNewTabEnabledByUser", "false");
Gelöscht : user_pref("CT2682599.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2682599.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2682599.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2682599.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2682599.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2682599.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2682599.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2682599.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2682599.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2682599.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364819690181");
Gelöscht : user_pref("CT2682599.serviceLayer_services_appsMetadata_lastUpdate", "1364819690125");
Gelöscht : user_pref("CT2682599.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364819690052");
Gelöscht : user_pref("CT2682599.serviceLayer_services_location_lastUpdate", "1367263224623");
Gelöscht : user_pref("CT2682599.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359302023345");
Gelöscht : user_pref("CT2682599.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360758279729");
Gelöscht : user_pref("CT2682599.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364030138512");
Gelöscht : user_pref("CT2682599.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366230502072");
Gelöscht : user_pref("CT2682599.serviceLayer_services_login_10.15.2.523_lastUpdate", "1367322529640");
Gelöscht : user_pref("CT2682599.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364819689978");
Gelöscht : user_pref("CT2682599.serviceLayer_services_searchAPI_lastUpdate", "1364819691304");
Gelöscht : user_pref("CT2682599.serviceLayer_services_serviceMap_lastUpdate", "1367263224295");
Gelöscht : user_pref("CT2682599.serviceLayer_services_setupAPI_lastUpdate", "1361891786538");
Gelöscht : user_pref("CT2682599.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364819690087");
Gelöscht : user_pref("CT2682599.serviceLayer_services_toolbarSettings_lastUpdate", "1367329864366");
Gelöscht : user_pref("CT2682599.serviceLayer_services_translation_lastUpdate", "1367322530029");
Gelöscht : user_pref("CT2682599.settingsINI", true);
Gelöscht : user_pref("CT2682599.showToolbarPermission", "false");
Gelöscht : user_pref("CT2682599.smartbar.CTID", "CT2682599");
Gelöscht : user_pref("CT2682599.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2682599.smartbar.homepage", true);
Gelöscht : user_pref("CT2682599.smartbar.isHidden", true);
Gelöscht : user_pref("CT2682599.smartbar.toolbarName", "InnoGames ");
Gelöscht : user_pref("CT2682599.staemme_village_de86.enc", "OTI4MzY=");
Gelöscht : user_pref("CT2682599.staemme_world_de.enc", "ZGU4Ng==");
Gelöscht : user_pref("CT2682599.toolbarBornServerTime", "23-1-2013");
Gelöscht : user_pref("CT2682599.toolbarCurrentServerTime", "30-4-2013");
Gelöscht : user_pref("CT2682599.toolbarLoginClientTime", "Sun Mar 24 2013 17:44:44 GMT+0100");
Gelöscht : user_pref("CT2682599.toolbarUrl.enc", "aHR0cDovL3Rvb2xiYXIuaW5ub2dhbWVzLmRlL3Rvb2xiYXJzL3N0YWVtbWUvd[...]
Gelöscht : user_pref("CT2682599.toolbar_market.enc", "ZGU=");
Gelöscht : user_pref("CT2682599_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2682599&SearchSource=13&CUI[...]
Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2682599&SearchSource=13[...]
Gelöscht : user_pref("smartbar.machineId", "MAHN3CLXN8IV6KBCFMTHO5KAP03KF076BLIDI7ZVOTO6KRNQXMSXTAKGG8O7BVNEGF8[...]
Gelöscht : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gpq6p1h6.default\prefs.js

Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/417");
Gelöscht : user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=417&sr=0&q=");
Gelöscht : user_pref("browser.search.selectedEngine", "Search The Web");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp");

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\xroymhmo.default\prefs.js

Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/417");
Gelöscht : user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=417&sr=0&q=");
Gelöscht : user_pref("browser.search.selectedEngine", "Search The Web");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp");

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.22] : icon_url = "hxxp://www.plusnetwork.com/assets/56674c9b/img/favicon.ico",
Gelöscht [l.25] : keyword = "www.searchplusnetwork.com",
Gelöscht [l.28] : search_url = "hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}",

Datei : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [35069 octets] - [30/04/2013 17:08:43]

########## EOF - C:\AdwCleaner[S1].txt - [35130 octets] ##########
         

Alt 30.04.2013, 17:06   #11
DerAmpelmeis
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



OTL:

Code:
ATTFilter
OTL logfile created on: 30.04.2013 17:50:34 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 60,10% Memory free
7,73 Gb Paging File | 6,25 Gb Available in Paging File | 80,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923,02 Gb Total Space | 342,32 Gb Free Space | 37,09% Space Free | Partition Type: NTFS
 
Computer Name: DONATELLO-PC | User Name: Antonio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.29 21:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Antonio\Desktop\OTL.exe
PRC - [2013.04.16 09:51:12 | 000,202,264 | ---- | M] () -- C:\Program Files (x86)\WinArchiver\WAService.exe
PRC - [2013.04.16 09:51:10 | 000,480,792 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\WinArchiver\WAHELPER.EXE
PRC - [2013.04.03 06:57:20 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013.03.24 18:34:11 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013.03.06 03:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Antonio\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
PRC - [2011.10.25 15:52:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.19 04:00:32 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.19 04:00:28 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.03 06:57:20 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013.02.14 01:12:55 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 20:23:54 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll
MOD - [2013.01.10 20:23:54 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll
MOD - [2013.01.09 20:46:06 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 20:45:30 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 20:45:15 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.09 20:45:07 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 20:45:00 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 20:44:55 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 20:44:25 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.04.16 09:51:12 | 000,202,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WinArchiver\WAService.exe -- (WinArchiver Service)
SRV - [2013.04.12 13:45:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.25 20:59:56 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.03.13 19:52:50 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.06 03:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012.04.19 22:23:38 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2011.10.25 15:52:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.24 22:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.21 16:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.19 04:00:32 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.19 04:00:28 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.11.06 22:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.16 09:51:14 | 000,140,184 | ---- | M] (Power Software Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\waemu.sys -- (waemu)
DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.05 21:11:22 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.11.09 16:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012.11.09 16:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.28 13:18:18 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.07.06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.06.07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.05.22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.04.18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.04.18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.02.07 19:04:33 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41)
DRV:64bit: - [2012.02.01 03:31:00 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.25 20:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011.03.21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2011.03.21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.30 15:02:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
DRV:64bit: - [2009.06.23 09:38:20 | 003,531,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.11.06 22:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2006.08.27 09:59:12 | 000,031,744 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV - [2013.04.13 01:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130412.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.02.16 17:52:27 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130429.004\ex64.sys -- (NAVEX15)
DRV - [2013.02.16 17:52:27 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.02.16 17:52:27 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130429.004\eng64.sys -- (NAVENG)
DRV - [2013.01.19 15:03:03 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.09.01 02:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130426.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.02.03 00:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2011.03.21 16:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{83E494DD-FE42-4181-BB47-AC5D274584D7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8B8F841D-FD9F-446C-B2C0-F7D848F86F9C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de [binary data]
IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\..\SearchScopes\{8B8F841D-FD9F-446C-B2C0-F7D848F86F9C}: "URL" = hxxp://www.bing.com/search?FORM=MNMTDF&PC=MANM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\..\SearchScopes\{9F3CE6DD-69A6-4470-8115-321F3EAF8250}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1010\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledAddons: %7B26DDE423-F085-4b2d-893B-BF98C9FAD0CF%7D:1.4
FF - prefs.js..extensions.enabledAddons: info%40convert2mp3.net:2.2
FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7BC3949AC2-4B17-43ee-B4F1-D26B9D42404D%7D:15.0.5
FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.8
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.2
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Antonio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Antonio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Antonio\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.19 13:05:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.07.28 13:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.04.30 17:39:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.11 19:28:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.03.24 18:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.03.24 18:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.30 17:03:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:45:07 | 000,000,000 | ---D | M]
 
[2013.04.30 17:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Extensions
[2013.04.30 17:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions
[2012.12.18 15:31:48 | 000,000,000 | ---D | M] (Online video Converter) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\{26DDE423-F085-4b2d-893B-BF98C9FAD0CF}
[2013.02.21 13:35:43 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\exif_viewer@mozilla.doslash.org.xpi
[2013.01.20 14:26:26 | 000,043,066 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\info@convert2mp3.net.xpi
[2013.04.26 20:01:10 | 000,658,566 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi
[2013.04.16 19:33:53 | 000,382,710 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\jid1-aPwS0JCl36iLkQ@jetpack.xpi
[2013.04.15 14:48:01 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.03.24 18:39:40 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.02.14 16:21:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.21 13:10:15 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.02.28 19:06:02 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.04.14 12:11:31 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\il9pkm6c.default-1355332750268\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2013.04.30 17:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.12 13:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.07.11 19:28:54 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2013.03.24 18:35:18 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013.04.12 13:45:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2013.03.24 18:34:22 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.02.28 14:04:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 17:03:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.28 14:04:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.28 14:04:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.30 23:02:14 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml
[2012.02.28 14:04:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.28 14:04:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Plus! Network (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: AppUp (Enabled) = C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Antonio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Antonio\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Antonio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: IClaro = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff\1.0_0\
CHR - Extension: RealDownloader = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Norton Identity Protection = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: ICQ Sparberater = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.2.662_0\
CHR - Extension: Google Mail = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Docs = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: IClaro = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiifdbnlinfkcbohhdcfijbcipfndff\1.0_0\
CHR - Extension: RealDownloader = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Norton Identity Protection = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: ICQ Sparberater = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.2.662_0\
CHR - Extension: Google Mail = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.04.30 17:40:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WAHELPER.EXE] C:\Program Files (x86)\WinArchiver\WAHELPER.EXE (Power Software Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001..\Run: [Akamai NetSession Interface] C:\Users\Antonio\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-694020154-2073930874-1152709320-1010..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-694020154-2073930874-1152709320-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-694020154-2073930874-1152709320-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antonio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antonio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACC33D24-B72F-4CE3-B4FE-3ECF51F39C7C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.30 17:46:57 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013.04.30 17:40:35 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.04.30 17:22:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.04.30 17:22:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.04.30 17:22:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.04.30 17:21:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.30 17:21:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.04.30 16:57:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.04.30 16:50:07 | 005,061,928 | R--- | C] (Swearware) -- C:\Users\Antonio\Desktop\ComboFix.exe
[2013.04.29 21:51:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Antonio\Desktop\OTL.exe
[2013.04.29 19:08:21 | 003,980,324 | ---- | C] (Phrozen ® Software 2012.                                    ) -- C:\Users\Antonio\Desktop\PhrozenKeyloggerLite1-0R2_setup.exe
[2013.04.29 19:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.04.29 19:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013.04.29 19:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013.04.29 19:00:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Antonio\Desktop\HijackThis.exe
[2013.04.28 11:01:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PhrozenSoft
[2013.04.28 11:01:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phrozen Keylogger Lite
[2013.04.28 11:01:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.04.27 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.25 13:11:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix5
[2013.04.24 19:18:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Info
[2013.04.24 16:01:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix4
[2013.04.24 15:28:10 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix3
[2013.04.24 14:22:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDustepMix2
[2013.04.24 14:00:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MyOwnDubstepMix
[2013.04.22 18:48:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Skrillex
[2013.04.20 16:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
[2013.04.20 16:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker
[2013.04.20 16:03:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner (2)
[2013.04.20 15:55:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinArchiver
[2013.04.20 15:50:23 | 000,140,184 | ---- | C] (Power Software Ltd) -- C:\windows\SysNative\drivers\waemu.sys
[2013.04.20 15:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinArchiver
[2013.04.20 15:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinArchiver
[2013.04.13 09:26:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wifite
[2013.04.12 13:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.08 19:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.07 21:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
[2013.04.07 16:07:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.terasology
[2013.04.06 16:35:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Minecraft Version Changer
[2013.04.06 13:51:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Firefox Portable v.23
[2013.04.03 03:59:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Counter-Strike 1.6 - LAN
[2013.04.03 00:46:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Warcraft III
[2013.04.02 21:44:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DIE SIEDLER - DEdK
[2013.04.01 11:53:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\PSP
[9 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.30 17:50:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.04.30 17:47:55 | 000,009,696 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.30 17:47:55 | 000,009,696 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.30 17:40:23 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013.04.30 17:40:13 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.30 17:39:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.04.30 17:38:43 | 3113,865,216 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.30 17:01:05 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.30 16:52:24 | 000,628,743 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.04.30 16:52:05 | 005,061,928 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.04.30 15:47:59 | 000,046,953 | ---- | M] () -- C:\Users\***\Desktop\Logs.rar
[2013.04.30 15:16:05 | 000,001,146 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-694020154-2073930874-1152709320-1001UA.job
[2013.04.30 13:48:00 | 001,652,184 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.04.30 13:48:00 | 000,710,530 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.04.30 13:48:00 | 000,664,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.04.30 13:48:00 | 000,154,462 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.04.30 13:48:00 | 000,126,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.04.29 21:54:17 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.04.29 21:53:00 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.04.29 21:52:50 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.04.29 21:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Antonio\Desktop\OTL.exe
[2013.04.29 19:00:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Antonio\Desktop\HijackThis.exe
[2013.04.29 18:16:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-694020154-2073930874-1152709320-1001Core.job
[2013.04.29 17:58:42 | 005,469,414 | ---- | M] () -- C:\Users\***\Desktop\teaser-for-an-anime-tradition-episode.jpg
[2013.04.28 17:29:48 | 000,000,456 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Antonio.job
[2013.04.28 15:00:49 | 003,297,456 | ---- | M] () -- C:\Users\***\Desktop\RICHTER & SHOX - BEWEG DICH [HD OFFICIAL VIDEO] (LYRICS).mp3
[2013.04.26 21:45:53 | 004,143,039 | ---- | M] () -- C:\Users\***\Desktop\Wiz Khalifa - Let It Go feat. Akon NEW VIDEO 2013.mp3.mp3
[2013.04.25 18:47:28 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Express Files.lnk
[2013.04.25 13:09:49 | 012,897,560 | ---- | M] () -- C:\Users\***\Desktop\MyOwnDubstepMix5.mp3
[2013.04.24 21:12:53 | 003,062,561 | ---- | M] () -- C:\Users\***\Desktop\Kollegah - Mondfinsternis (Official HD Video).mp3
[2013.04.24 13:57:30 | 000,656,973 | ---- | M] () -- C:\Users\***\Desktop\173119.jpg
[2013.04.21 15:15:21 | 003,314,156 | ---- | M] () -- C:\Users\***\Desktop\AHMED - Du weißt-Kopffickerexclusive (Beat by DOPETONES and T-MAN).MP3
[2013.04.20 15:50:25 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\WinArchiver.lnk
[2013.04.17 21:24:07 | 003,107,702 | ---- | M] () -- C:\Users\***\Desktop\4tune - Splash Qualifikation 2013 (prod. by Hookbeats & Sadikbeatz).mp3
[2013.04.17 15:28:22 | 002,375,020 | ---- | M] () -- C:\Users\***\Desktop\DER ASIATE UND DIE REIMEBUDE JULIENSÖHNE (BACKSPIN TV EXCLUSIVE).mp3
[2013.04.16 09:51:14 | 000,140,184 | ---- | M] (Power Software Ltd) -- C:\windows\SysNative\drivers\waemu.sys
[2013.04.11 13:54:55 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013.04.11 12:27:32 | 000,271,064 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.04.09 21:10:55 | 000,260,956 | ---- | M] () -- C:\Users\***\Desktop\FPSBild.jpg
[2013.04.08 19:16:43 | 000,000,000 | ---- | M] () -- C:\cookies.sqlite
[2013.04.07 21:18:08 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\osu!.lnk
[2013.04.07 14:44:19 | 000,001,460 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2013.04.05 21:57:47 | 180,398,760 | ---- | M] () -- C:\Users\***\Desktop\Best Dubstep mix 2012 (New Free Download Songs, 2 Hours, Complete playlist, High audio quality).MP3
[2013.04.05 20:32:26 | 002,389,648 | ---- | M] () -- C:\Users\***\Desktop\JBB 2013 - Chosen (Qualifikation).mp3
[2013.04.04 23:07:14 | 009,562,273 | ---- | M] () -- C:\Users\***\Desktop\06 - Exochrist.mp3
[2013.04.03 03:07:08 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013.04.03 03:07:08 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013.04.02 21:44:17 | 000,002,823 | ---- | M] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Nebelreich spielen.lnk
[2013.04.02 21:44:17 | 000,002,823 | ---- | M] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Legenden spielen.lnk
[2013.04.02 21:44:16 | 000,002,694 | ---- | M] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige - Gold Edition.lnk
[2013.04.02 15:34:35 | 003,056,711 | ---- | M] () -- C:\Users\***\Desktop\RICHTER - JULIAS BLOG [OFFICIAL VIDEO HD] 2013 (Juliensblog Diss).mp3
[2013.03.31 22:01:25 | 003,092,238 | ---- | M] () -- C:\Users\***\Desktop\JBB 2013 - Cashisclay (Qualifikation).mp3
[9 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.30 17:22:29 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.04.30 17:22:29 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.04.30 17:22:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.04.30 17:22:29 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.04.30 17:22:29 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.04.30 16:52:19 | 000,628,743 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.04.30 15:47:59 | 000,046,953 | ---- | C] () -- C:\Users\***\Desktop\Logs.rar
[2013.04.29 21:54:17 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.04.29 21:52:53 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.04.29 21:52:49 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.04.29 17:57:49 | 005,469,414 | ---- | C] () -- C:\Users\***\Desktop\teaser-for-an-anime-tradition-episode.jpg
[2013.04.28 15:00:40 | 003,297,456 | ---- | C] () -- C:\Users\***\Desktop\RICHTER & SHOX - BEWEG DICH [HD OFFICIAL VIDEO] (LYRICS).mp3
[2013.04.26 21:45:36 | 004,143,039 | ---- | C] () -- C:\Users\***\Desktop\Wiz Khalifa - Let It Go feat. Akon NEW VIDEO 2013.mp3.mp3
[2013.04.25 13:09:14 | 012,897,560 | ---- | C] () -- C:\Users\***\Desktop\MyOwnDubstepMix5.mp3
[2013.04.24 21:04:41 | 003,062,561 | ---- | C] () -- C:\Users\***\Desktop\Kollegah - Mondfinsternis (Official HD Video).mp3
[2013.04.24 13:57:28 | 000,656,973 | ---- | C] () -- C:\Users\***\Desktop\173119.jpg
[2013.04.21 15:14:49 | 003,314,156 | ---- | C] () -- C:\Users\***\Desktop\AHMED - Du weißt-Kopffickerexclusive (Beat by DOPETONES and T-MAN).MP3
[2013.04.20 19:37:16 | 006,410,985 | ---- | C] () -- C:\Users\***\Desktop\matryoshka.mp3
[2013.04.20 15:50:25 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\WinArchiver.lnk
[2013.04.17 21:23:54 | 003,107,702 | ---- | C] () -- C:\Users\***\Desktop\4tune - Splash Qualifikation 2013 (prod. by Hookbeats & Sadikbeatz).mp3
[2013.04.17 15:28:15 | 002,375,020 | ---- | C] () -- C:\Users\***\Desktop\DER ASIATE UND DIE REIMEBUDE JULIENSÖHNE (BACKSPIN TV EXCLUSIVE).mp3
[2013.04.11 13:54:55 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013.04.11 13:13:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.04.09 21:09:58 | 000,260,956 | ---- | C] () -- C:\Users\***\Desktop\FPSBild.jpg
[2013.04.08 19:16:43 | 000,000,000 | ---- | C] () -- C:\cookies.sqlite
[2013.04.07 21:18:06 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\osu!.lnk
[2013.04.07 14:44:19 | 000,001,460 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2013.04.06 14:25:28 | 009,562,273 | ---- | C] () -- C:\Users\***\Desktop\06 - Exochrist.mp3
[2013.04.05 20:55:40 | 180,398,760 | ---- | C] () -- C:\Users\***\Desktop\Best Dubstep mix 2012 (New Free Download Songs, 2 Hours, Complete playlist, High audio quality).MP3
[2013.04.05 20:32:19 | 002,389,648 | ---- | C] () -- C:\Users\***\Desktop\JBB 2013 - Chosen (Qualifikation).mp3
[2013.04.03 03:07:08 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013.04.03 03:07:08 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013.04.02 21:44:17 | 000,002,823 | ---- | C] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Legenden spielen.lnk
[2013.04.02 21:44:16 | 000,002,823 | ---- | C] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige Nebelreich spielen.lnk
[2013.04.02 21:44:16 | 000,002,694 | ---- | C] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige - Gold Edition.lnk
[2013.04.02 15:34:27 | 003,056,711 | ---- | C] () -- C:\Users\***\Desktop\RICHTER - JULIAS BLOG [OFFICIAL VIDEO HD] 2013 (Juliensblog Diss).mp3
[2013.03.31 22:01:17 | 003,092,238 | ---- | C] () -- C:\Users\***\Desktop\JBB 2013 - Cashisclay (Qualifikation).mp3
[2013.02.19 20:25:05 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.01.07 16:53:22 | 000,000,350 | ---- | C] () -- C:\windows\doom3.ini
[2012.07.25 18:49:44 | 000,000,079 | ---- | C] () -- C:\windows\iPlayer.INI
[2012.07.18 19:13:57 | 000,008,704 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.08 21:29:06 | 000,002,180 | ---- | C] () -- C:\Users\***\.lmmsrc.xml
[2012.05.20 13:15:11 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\Access.dat
[2012.05.10 17:16:37 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2012.04.23 18:10:36 | 000,000,680 | RHS- | C] () -- C:\Users\Antonio\ntuser.pol
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012.03.13 18:39:29 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI
[2011.12.06 21:27:03 | 000,069,632 | R--- | C] () -- C:\windows\SysWow64\xmltok.dll
[2011.12.06 21:27:03 | 000,036,864 | R--- | C] () -- C:\windows\SysWow64\xmlparse.dll
[2011.11.07 18:44:14 | 000,000,095 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2011.10.27 17:16:58 | 000,007,599 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.10.25 15:52:37 | 000,111,928 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011.10.25 15:52:30 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\windows\SysWow64\bdmpegv.dll
[2011.09.15 07:12:41 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{E7D498F8-7C09-4345-B848-23C9A1D8D55D}
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.02.18 19:14:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.29 18:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2013.04.07 16:07:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.terasology
[2013.04.28 15:00:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.07.28 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BANDISOFT
[2011.10.28 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations
[2011.06.23 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.socialbox.socialbox
[2012.01.14 15:19:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2013.01.07 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.12.21 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2012.09.16 15:08:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.07.29 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeScreenToVideo
[2011.10.28 12:58:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.12.14 20:18:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.01.24 23:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HomebrewStore Downloader
[2012.08.23 12:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IClaro
[2012.04.18 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.11.03 17:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ijjigame
[2011.10.09 21:26:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2012.06.01 21:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit
[2011.10.28 13:56:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.11.06 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2013.04.11 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Minecraft Version Changer
[2013.03.07 20:58:13 | 000,000,000 | ---D | M] -- C:\Users\A***o\AppData\Roaming\Mp3tag
[2011.10.07 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World
[2012.06.13 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2012.01.04 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.06.13 18:07:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2013.03.17 14:01:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.07.19 17:53:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2013.03.09 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.09.12 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2013.04.28 11:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhrozenSoft
[2013.04.24 21:37:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2013.02.16 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz
[2011.12.20 21:52:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stykz Help
[2013.02.25 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia
[2013.01.21 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.10.10 19:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TechSmith
[2011.10.19 18:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds
[2011.04.14 20:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2013.04.22 15:21:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.05.20 13:15:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle
[2012.01.24 23:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net
[2013.04.20 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinArchiver
[2012.08.29 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.10.10 17:36:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark
[2012.02.07 19:04:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XLink Kai
[2012.10.05 13:40:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.10.11 21:38:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.07.26 20:02:10 | 000,000,000 | ---D | M](C:\windows\SysWow64\????sers) -- C:\windows\SysWow64\œ粠œsers
[2012.07.26 20:02:10 | 000,000,000 | ---D | C](C:\windows\SysWow64\????sers) -- C:\windows\SysWow64\œ粠œsers

< End of report >
         
ComboFix:

Code:
ATTFilter
ComboFix 13-04-29.01 - *** 30.04.2013  17:25:11.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2048 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-28 bis 2013-04-30  ))))))))))))))))))))))))))))))
.
.
2013-04-30 15:36 . 2013-04-30 15:36	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-30 15:36 . 2013-04-30 15:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-30 15:11 . 2013-04-30 15:11	0	----a-w-	c:\windows\SysWow64\sho3B54.tmp
2013-04-29 17:02 . 2013-04-29 17:41	--------	d-----w-	c:\programdata\SecTaskMan
2013-04-29 17:02 . 2013-04-29 17:02	--------	d-----w-	c:\program files (x86)\Security Task Manager
2013-04-29 16:19 . 2013-04-29 16:20	--------	d-----w-	c:\users\Administrator
2013-04-29 10:54 . 2013-04-29 10:54	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-28 09:01 . 2013-04-28 09:01	--------	d-----w-	c:\users\***\AppData\Roaming\PhrozenSoft
2013-04-28 09:01 . 2013-04-28 09:01	--------	d-----w-	c:\users\***\AppData\Local\Programs
2013-04-27 13:54 . 2013-04-27 13:54	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-04-27 13:54 . 2013-04-04 03:35	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 10:33 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-20 14:35 . 2013-04-20 14:59	--------	d-----w-	c:\program files (x86)\Resource Hacker
2013-04-20 13:55 . 2013-04-20 13:55	--------	d-----w-	c:\users\***\AppData\Roaming\WinArchiver
2013-04-20 13:50 . 2013-04-16 07:51	140184	----a-w-	c:\windows\system32\drivers\waemu.sys
2013-04-20 13:50 . 2013-04-20 13:50	--------	d-----w-	c:\program files (x86)\WinArchiver
2013-04-10 20:42 . 2013-02-21 10:30	1766912	----a-w-	c:\windows\SysWow64\wininet.dll
2013-04-10 20:42 . 2013-02-21 10:15	2240512	----a-w-	c:\windows\system32\wininet.dll
2013-04-10 20:42 . 2013-02-21 10:14	53248	----a-w-	c:\windows\system32\jsproxy.dll
2013-04-10 20:42 . 2013-02-21 10:14	15404544	----a-w-	c:\windows\system32\ieframe.dll
2013-04-10 20:42 . 2013-02-21 10:14	19230208	----a-w-	c:\windows\system32\mshtml.dll
2013-04-10 19:05 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 19:00 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-10 19:00 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 19:00 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 19:00 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 19:00 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 19:00 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-10 19:00 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-08 17:16 . 2013-04-08 17:16	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-04-07 14:07 . 2013-04-07 14:07	--------	d-----w-	c:\users\***\AppData\Roaming\.terasology
2013-04-06 14:35 . 2013-04-11 16:53	--------	d-----w-	c:\users\***\AppData\Roaming\Minecraft Version Changer
2013-04-02 19:38 . 2012-08-23 15:09	3584	----a-w-	c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 20:43 . 2011-01-19 14:24	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-24 16:34 . 2012-07-11 17:28	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2013-03-24 16:34 . 2012-07-11 17:28	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-03-14 16:51 . 2012-07-13 13:13	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-14 16:51 . 2011-10-09 09:38	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-13 17:52 . 2012-04-08 13:49	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 17:52 . 2011-05-18 05:08	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-25 22:32 . 2013-02-25 22:32	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2012-10-10 20:22	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2012-10-10 20:22	15129960	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2012-10-10 20:23	6262608	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2010-07-09 22:38	2826040	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32	18055184	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2012-02-09 20:43	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	2720544	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	26929440	----a-w-	c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32	7932256	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	2346784	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	11036448	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	2904352	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	20449056	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2012-10-10 20:23	15053264	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	7564040	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	1985824	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2012-10-10 20:23	12641992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32	9390760	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-18 07:22 . 2013-02-18 07:22	31080	----a-w-	c:\windows\system32\nvhdap64.dll
2013-02-18 07:22 . 2013-02-18 07:22	1472360	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 07:22 . 2013-02-18 07:22	189288	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-03-13 18:03	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 18:03	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 18:03	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 18:03	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 18:03	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 18:03	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-26 10:39	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}]
2011-08-25 07:15	50240	----a-w-	c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\***\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-04-03 4288048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-24 295512]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"WAHELPER.EXE"="c:\program files (x86)\WinArchiver\WAHELPER.EXE" [2013-04-16 480792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam-DE\GameGuard\dump_wmimmc.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;c:\windows\system32\DRIVERS\libusb0.sys [2006-08-27 31744]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 40464]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2012-02-07 51776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-04-19 736104]
R4 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120]
S0 waemu;waemu;c:\windows\system32\Drivers\waemu.sys [2013-04-16 140184]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-04-12 1390680]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-05 283200]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130426.001\IDSvia64.sys [2012-09-01 513184]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-19 2320920]
S2 WinArchiver Service;WinArchiver Service;c:\program files (x86)\WinArchiver\WAService.exe [2013-04-16 202264]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-02-16 138912]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2012-02-01 694376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 04:30	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 17:52]
.
2013-04-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-694020154-2073930874-1152709320-1001Core.job
- c:\users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 16:11]
.
2013-04-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-694020154-2073930874-1152709320-1001UA.job
- c:\users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 16:11]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 06:14]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 06:14]
.
2013-04-28 c:\windows\Tasks\Norton Security Scan for Antonio.job
- c:\progra~2\NORTON~2\Engine\351~1.10\Nss.exe [2012-01-19 00:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Free YouTube to MP3 Converter - c:\users\Antonio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-03-17 09:02; jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack; c:\users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\il9pkm6c.default-1355332750268\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi
FF - ExtSQL: 2013-03-24 17:35; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{6b9c3e37-fcbd-4834-a71a-fa45c106a001} - (no file)
URLSearchHooks-{88ac3cb6-596b-4217-964c-b6757ef9602d} - (no file)
Toolbar-Locked - (no file)
Toolbar-!{338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)
Toolbar-!{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
Wow6432Node-HKCU-Run-Phrozen Mon_KP - c:\users\Antonio\AppData\Roaming\PhrozenSoft\PKLL\pkllagent.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-!{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
WebBrowser-{6B9C3E37-FCBD-4834-A71A-FA45C106A001} - (no file)
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-694020154-2073930874-1152709320-1001\Software\SecuROM\License information*]
"datasecu"=hex:d3,88,71,78,4d,26,f0,4a,02,13,62,d7,e4,2a,c5,b1,d3,79,d6,ab,ef,
   17,b2,bb,0e,23,ed,47,4a,48,86,cf,96,a8,00,af,6f,6b,47,b3,19,5e,3f,cb,1c,09,\
"rkeysecu"=hex:2f,20,05,df,a2,92,8b,f3,ae,d7,c1,81,bf,ba,1a,b8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-30  17:46:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-30 15:46
.
Vor Suchlauf: 24 Verzeichnis(se), 363.897.495.552 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 367.439.040.512 Bytes frei
.
- - End Of File - - FBA43EE23448A065E29ECFC11A4952E7
         



So danke für Deine Hilfe der Task-Manager und die Regedit lassen sich wieder öffnen, gibt es denn noch etwas was ich noch tun muss, damit sowas nicht nochmal passiert?

EDIT: Ist denn jetzt alles wieder behoben? Weil der Task-Manager und die Regedit gehen ja wieder?

Geändert von DerAmpelmeis (30.04.2013 um 17:20 Uhr)

Alt 30.04.2013, 17:44   #12
aharonov
/// TB-Ausbilder
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



Wir sind noch nicht ganz durch.


Hinweis: Deaktivierte Benutzerkontensteuerung

Ich sehe, dass die Benutzerkontensteuerung (UAC) bei dir deaktiviert ist. Hast du sie bewusst selbst ausgeschaltet?
Aus der Sicherheitsperspektive her gesehen sollte man die Benutzerkontensteuerung eingeschaltet lassen, auch wenn sie manchmal etwas mühsam ist.

Ich empfehle dir, sie gemäss dieser Anleitung wieder zu aktivieren.



Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-694020154-2073930874-1152709320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

:commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 4

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
__________________
cheers,
Leo

Alt 30.04.2013, 18:13   #13
DerAmpelmeis
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



Das ist schon mal der erste schritt:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-694020154-2073930874-1152709320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10510 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 16651894 bytes
->Flash cache emptied: 56468 bytes
 
User: All Users
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 20831573 bytes
->Java cache emptied: 2453878 bytes
->FireFox cache emptied: 14229954 bytes
->Google Chrome cache emptied: 424766567 bytes
->Opera cache emptied: 87447715 bytes
->Flash cache emptied: 56996 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59549321 bytes
->Flash cache emptied: 57345 bytes
 
User: ***
->Temp folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 331762503 bytes
->Flash cache emptied: 56468 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95538 bytes
RecycleBin emptied: 210726 bytes
 
Total Files Cleaned = 914,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04302013_185113

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Die anderen folgen noch!

Was genau war denn jetzt falsch gelaufeen bei mir das sowas passiert ist?

Schritt 2:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
*** :: ***-PC [Administrator]

30.04.2013 19:10:55
mbam-log-2013-04-30 (19-10-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335752
Laufzeit: 4 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phrozen Keylogger Lite (Keylogger.PKL) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Users\***\Desktop\PhrozenKeyloggerLite1-0R2_setup.exe (Keylogger.PKL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phrozen Keylogger Lite\Phrozen Keylogger Lite.lnk (Keylogger.PKL) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Schritt 3:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7882294819b98e4686002bf492078684
# engine=13729
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-30 09:28:42
# local_time=2013-04-30 11:28:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 16 1 23882549 23882549 0 0
# compatibility_mode=3591 16777213 100 95 2391641 129953907 0 0
# compatibility_mode=5893 16776574 100 94 23887466 118987172 0 0
# scanned=386674
# found=1
# cleaned=0
# scan_time=13537
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\Users\Antonio\Desktop\REST!!\Alte Firefox-Daten\extensions\plugin@yontoo.com\content\overlay.js"
         
Schritt 4:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1) 
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
So hab alles gemacht ist denn mein System wieder rein?

Alt 30.04.2013, 22:47   #14
aharonov
/// TB-Ausbilder
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



Hi,

ja das sieht wieder gut aus. Ich kann dir auch nicht sagen, was da genau passiert ist.
Räumen wir auf.


Schritt 1

Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.



Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
  1. Falls zu Beginn defogger verwendet wurde, dann starte defogger und drücke den Button Re-enable.
  2. Falls Combofix eingesetzt wurde, dann deaktiviere jetzt temporär das Antivirenprogramm, benenne bei der auf dem Desktop vorhandenen Combofix.exe das "Combofix" im Dateinamen um in Uninstall und führe sie mit Doppelklick aus.
  3. Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
  4. Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
  5. Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
    • Schliesse alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
  6. Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.




>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
  • Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
  • Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
  • Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________
cheers,
Leo

Alt 01.05.2013, 10:16   #15
DerAmpelmeis
 
Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Standard

Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.



Hier noch der Letzte Log von DelFix:

Code:
ATTFilter
# DelFix v10.2 - Datei am 01/05/2013 um 11:08:33 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Benutzer : *** - ***-PC

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\_OTL
Gelöscht : C:\AdwCleaner[S1].txt
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Users\***\Desktop\adwcleaner.exe
Gelöscht : C:\Users\***\Desktop\Defogger.exe
Gelöscht : C:\Users\***\Desktop\defogger_enable.log
Gelöscht : C:\Users\***\Desktop\HijackThis.exe
Gelöscht : C:\Users\***\Desktop\OTL.exe
Gelöscht : C:\Users\***\Desktop\SecurityCheck.exe
Gelöscht : HKLM\SOFTWARE\OldTimer Tools
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware
Gelöscht : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #372 [ComboFix created restore point | 05/01/2013 09:06:32]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########
         
Okay also, hab alles gemacht was du gesagt hast. Nur war eiben mein C:\ gesperrt? Habe es dann im Administartorkonto wieder für mich Freigeschaltet (Mir die rechte gegeben). Eine frage hätte ich noch: War sowas eher das werk eines Viruses oder ein Programmfehler? (Nachdem ich alles Deinstalliert hatte [Die toolbars] ging es ja wieder). Der Wiederherstellungspunkt den DelFix erstellt hat ist jetzt ein komplett Cleaner punkt? Ansonsten, ein großes Dankeschön an euch Trojaner-Board das ihr solch gut helfer habt und hoffentlich passiert das nicht nochmal, weil dann weiß ich wo ich hingehn muss Danke euch

EDIT: Wenn ich jetzt noch nach resten suchen will, wo muss ich das suchen? (Dateipfade)

EDIT2: Gibt es denn noch Programme mit denen ich unbenutzte Dateien und Ordner löschen kann? Bzw. das mein PC ansich vlt. ein bisschen schneller läuft?

EDIT3: Ich hab mal mit Everything mein C:\ laufwerk durch sucht nach OTL usw. habe noch ein ordner gefunden von Gmer (denke mal er ist davon wegen dem "AppHang_gmer_2.1.19169.e... und da ist eine datei die "Report.wer" heißt darf ich die Löschen wenn ja, haben die anderen Programme auch noch solche Ordner bzw. Dateien hinterlassen und wo muss ich die dann suchen? [Siehe EDIT:]
Code:
ATTFilter
C:\Users\***\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_gmer_2.1.19163.e_b12896ccdb18929833cd696511d80a27d7c236_19fd0072
         

Geändert von DerAmpelmeis (01.05.2013 um 10:56 Uhr)

Antwort

Themen zu Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.
acrobat update, adobe, akamai, bho, bingbar, converter, desktop, explorer, firefox, flash player, google, hijack, hijackthis, internet, internet explorer, mozilla, mp3, object, pando media booster, pricepeep, registry, scan, search results toolbar, security, software, starten, sweetpacks, symantec, task-manager, temp, windows, winload toolbar



Ähnliche Themen: Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert.


  1. Internet extrem langsam, TaskMgr & RegEdit deaktiviert, Sicherheitscenter ebenso.
    Plagegeister aller Art und deren Bekämpfung - 09.07.2014 (13)
  2. Taskmanager , RegEdit sowie GPEdit.msc wurden von einem bösartigem Programm deaktiviert.
    Plagegeister aller Art und deren Bekämpfung - 18.06.2014 (1)
  3. Virus: Task-Manager vom Administrator deaktiviert
    Log-Analyse und Auswertung - 09.04.2012 (1)
  4. Screen durch unbekanntes Programm blockiert; Taskmgr und Regedit blockiert.
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (14)
  5. PC bzw.Screen durch Virus/Malware blockiert; Taskmgr und Regedit blockiert nur MS-Dos funktioniert
    Plagegeister aller Art und deren Bekämpfung - 24.12.2011 (14)
  6. Screen durch unbekanntes Programm blockiert; Taskmgr und Regedit blockiert.
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (2)
  7. taskmanager wurde durch den administrator deaktiviert, "regedit" läßt sich auch nicht starten
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (4)
  8. Der Taskmanager wurde vom Administrator Deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 18.12.2010 (1)
  9. REGEDIT: Das Bearbeiten der Registrierung wurde durch den Administrator deaktiviert
    Log-Analyse und Auswertung - 14.06.2010 (6)
  10. REGEDIT--> Das Bearbeiten der Registrierung wurde durch den Administrator deaktiviert
    Log-Analyse und Auswertung - 06.11.2009 (18)
  11. Taskmanager wurde durch den Administrator Deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 28.08.2008 (9)
  12. Virus eingefangen - Taskmgr und Regedit deaktiviert
    Log-Analyse und Auswertung - 07.08.2008 (15)
  13. taskmgr, cmd, und regedit laufen schon und PC langsam
    Plagegeister aller Art und deren Bekämpfung - 15.12.2007 (3)
  14. taskmgr und regedit funktionieren nicht HILFE
    Plagegeister aller Art und deren Bekämpfung - 12.03.2007 (8)
  15. HiJack Log - Taskmgr, Regedit schliessen sofort wieder, kein Internetzugang mehr
    Log-Analyse und Auswertung - 07.01.2007 (6)
  16. ... wurde vom Administrator deaktiviert.
    Plagegeister aller Art und deren Bekämpfung - 18.07.2006 (1)
  17. msconfig, regedit, edit schließen sich automatisch, taskmgr nicht
    Log-Analyse und Auswertung - 20.11.2004 (8)

Zum Thema Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. - Folgendes: Ich wollte den Taskmgr starten (mit dem 3 Tastengriff "Strg+Shift+Esc"), aber er startete nicht und ich probierte es dann noch mal mit Strg+Alt+Entf und der "Task-Manager" wurde mir nicht - Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert....
Archiv
Du betrachtest: Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.