Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 und W32/Patched.UC gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.05.2013, 14:55   #1
Sniperwurst
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



Einen wunderschönen guten Tag,

auch ich bin Opfer geworden der jetzt auf professionelle Hilfe angewiesen ist.

Avira findet des öfteren:

W32/Pached.UC

TR/ATRAPS.Gen2

Außerdem habe ich diesen Pfad:

C:\Windows\Installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000064.@

Ich habe als normale Reaktion Malwarebytes / Spybot gestartet und diese zeigen das gleiche Problem.

Und da ich im Internet herausgefunden habe das dieser Trojaner etwas hartnäckig ist, hoffe ich das ich hier mit einem posetiven Gedanken wieder an meinem Pc arbeiten kann.

Und eine Frage: Hat der Trojaner irgentwelche Auswirkungen auf meine Festplatte D ?????

Ich danke im voraus!

Mit freundlichen Grüßen

Sniperwurst

Alt 09.05.2013, 16:05   #2
smeenk
/// Malwareteam / Visitor
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



Hi Sniperwurst

Ich bin Smeenk und ich werde versuchen Dir zu helfen


Systemscan mit ZOEK

Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    chromelook;
    autoclean;
    startupall;
    filesrcm;
    firefoxlook;
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log

Bitte alles nach Möglichkeit hier in CODE-Tags posten: [code] Dein Log hier [/code]
__________________


Alt 09.05.2013, 18:28   #3
Sniperwurst
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



Soo bevor ich deine Anleitung angefangen habe, konnte nochmal Kaspersky zeigen was er kann und nach einem vollständigen Scan (neustart und mit Malewarebytes kontrolliert) hat er anscheinend alle Viren oder ähnliches entfernt!!! Juhuuu

Soll ich trotzdem deine Schritte machen??

Lg

Sniperwurst
__________________

Alt 09.05.2013, 18:32   #4
smeenk
/// Malwareteam / Visitor
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



Kannst Du mal probieren.

Vielleicht wird Zoek noch einige überbleibsel löschen/anzeigen

Alt 09.05.2013, 19:03   #5
Sniperwurst
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



Okee ich danke dir trotzdem für deine Hilfe und wenn doch noch Probleme bekomme, melde ich mich!!

Mit freundlichen Grüßen

Sniperwurst


Alt 09.05.2013, 19:51   #6
smeenk
/// Malwareteam / Visitor
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



OK ich bin gespannt

Alt 11.05.2013, 10:18   #7
Sniperwurst
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



So nach 1-2 Tagen "Pause" hat mein Malewarebytes doch noch mal zugeschlagen. von daher werde ich jetzt deine Anleitung einfach ausführen damit du das restliche vernichten kannst. In so fern das es klappt.(Wäre auch zu schön gewesen, wenn alles weg wäre)

Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 06-May-2013
Tool run by Yannick on 11.05.2013 at 10:26:24,48.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results11.05.2013-1022.log	212 bytes

==== Possible Rootkit Infection ======================

C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\L
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\@
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\L\00000004.@
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\00000004.@
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\00000008.@
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000000.@
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000032.@
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000064.@
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{649EEE5D-0087-4F3E-8EBD-550A99AFA562} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrowserProtect deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default

---- Lines BabylonToolbar removed from prefs.js ----

user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "ec2cad0a0000000000006cf0497afa88");
user_pref("extensions.BabylonToolbar.instlDay", "15624");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=ec2cad0a0000000000006cf0497afa88&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "");
user_pref("extensions.BabylonToolbar_i.hardId", "ec2cad0a0000000000000001360c73de");
user_pref("extensions.BabylonToolbar_i.id", "ec2cad0a0000000000000001360c73de");
user_pref("extensions.BabylonToolbar_i.instlDay", "15535");
user_pref("extensions.BabylonToolbar_i.instlRef", "std");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.721:54:01");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

---- Lines BabylonToolbar modified from prefs.js ----


---- Lines BabylonToolbar removed from user.js ----

user_pref("extensions.BabylonToolbar_i.id", "ec2cad0a0000000000000001360c73de");
user_pref("extensions.BabylonToolbar_i.hardId", "ec2cad0a0000000000000001360c73de");
user_pref("extensions.BabylonToolbar_i.instlDay", "15535");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "");
user_pref("extensions.BabylonToolbar_i.instlRef", "std");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=ec2cad0a0000000000006cf0497afa88&q=");
user_pref("extensions.BabylonToolbar.id", "ec2cad0a0000000000006cf0497afa88");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.instlDay", "15624");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.721:54:01");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.admin", false);

---- Lines delta removed from prefs.js ----


---- Lines delta modified from prefs.js ----


---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "aef049c200000000000000ff07b976a4");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15806");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsni", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1615:02:22");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);

---- Lines funmoods removed from prefs.js ----


---- Lines funmoods modified from prefs.js ----


---- Lines funmoods removed from user.js ----

user_pref("extensions.funmoods.hmpg", false);
user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDzy0FtA0Bzy0D0A0DtD0AtN0D0Tzu0CtAtDtCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=433880554");
user_pref("extensions.funmoods.dfltSrch", false);
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods_i.newTab", false);
user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDzy0FtA0Bzy0D0A0DtD0AtN0D0Tzu0CtAtDtCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=433880554");
user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDzy0FtA0Bzy0D0A0DtD0AtN0D0Tzu0CtAtDtCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=433880554&q=");
user_pref("extensions.funmoods.id", "7A79059F3B9DAD0A");
user_pref("extensions.funmoods.instlDay", "15640");
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:5:7");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.aflt", "orgnl");
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.instlRef", "");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.excTlbr", true);
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

---- Lines incredibar removed from prefs.js ----


---- Lines incredibar modified from prefs.js ----


---- Lines incredibar removed from user.js ----

user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8elkk4d8&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.id", "ec2cad0a0000000000000001360c73de");
user_pref("extensions.incredibar_i.hardId", "ec2cad0a0000000000000001360c73de");
user_pref("extensions.incredibar_i.instlDay", "15328");
user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2718:05:37");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.excTlbr", "false");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.upn2", "6R8elkk4d8");
user_pref("extensions.incredibar_i.upn2n", "92823532532827582");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.did", "10556");
user_pref("extensions.incredibar_i.ppd", "1000");

---- Lines searchya removed from prefs.js ----


---- Lines searchya modified from prefs.js ----


---- Lines searchya removed from user.js ----

user_pref("extensions.searchya_i.hmpg", true);
user_pref("extensions.searchya_i.hmpgUrl", "hxxp://searchya.com/?chnl=ft-100&s=0&cr=1256175982&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzzyBtAzz0CyE0C0A0DtD0AtN0D0TzutBtDtCtBtDtBtCtC");
user_pref("extensions.searchya_i.dfltSrch", true);
user_pref("extensions.searchya_i.srchPrvdr", "SearchYa!");
user_pref("extensions.searchya_i.dnsErr", true);
user_pref("extensions.searchya_i.newTab", true);
user_pref("extensions.searchya_i.newTabUrl", "hxxp://searchya.com/?chnl=ft-100&s=2&cr=1256175982&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzzyBtAzz0CyE0C0A0DtD0AtN0D0TzutBtDtCtBtDtBtCtC");

---- Lines CT2269050 removed from prefs.js ----


---- Lines CT2269050 modified from prefs.js ----


---- Lines CT2269050 removed from user.js ----


---- Lines mystart removed from prefs.js ----


---- Lines mystart modified from prefs.js ----


---- Lines mystart removed from user.js ----


---- Lines iminent removed from prefs.js ----


---- Lines iminent modified from prefs.js ----


---- Lines iminent removed from user.js ----


---- Lines search.com removed from prefs.js ----


---- Lines search.com modified from prefs.js ----


---- Lines search.com removed from user.js ----


---- Lines imbooster removed from prefs.js ----


---- Lines imbooster modified from prefs.js ----


---- Lines imbooster removed from user.js ----


---- Lines defaulttab removed from prefs.js ----


---- Lines defaulttab modified from prefs.js ----


---- Lines defaulttab removed from user.js ----


---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from prefs.js ----


---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 modified from prefs.js ----


---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from user.js ----


---- FireFox user.js and prefs.js backups ---- 

user__1035_.backup
prefs__1035_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-

==== Deleting Files \ Folders ======================

"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\delta.xml" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\addon@defaulttab.com.xpi" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" not deleted
"C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data" deleted
"C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted
"C:\END" deleted
"C:\Windows\Launcher.exe" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\browsemngr.xml" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\BrowserProtect.xml" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\babylon.xml" not deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\askcom.xml" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\search-here-1.xml" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\search-here.xml" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\bProtector_extensions.rdf" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\bprotector_extensions.sqlite" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\bprotector_prefs.js" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\addon@defaulttab.com.xpi" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\@" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\L\00000004.@" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\L\201d3dde" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\L\76603ac3" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\00000004.@" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\00000008.@" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000000.@" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000032.@" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000064.@" deleted
"C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe" deleted
"C:\Program Files (x86)\Protected Search\InstallHelper.dll" deleted
"C:\Program Files (x86)\Protected Search\ProtectedSearch.exe" deleted
"C:\Program Files (x86)\Protected Search\System.Data.SQLite.dll" deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-20.0.dll" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\L" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U" deleted
"C:\Program Files (x86)\Delta" deleted
"C:\Program Files (x86)\FilesFrog Update Checker" deleted
"C:\Program Files (x86)\DefaultTab" deleted
"C:\Program Files (x86)\GoforFiles" deleted
"C:\Program Files (x86)\Protected Search" deleted
"C:\Users\Yannick\AppData\Roaming\OCS" deleted
"C:\Users\Yannick\AppData\Roaming\DesktopIconForAmazon" deleted
"C:\Users\Yannick\AppData\Roaming\GoforFiles" deleted
"C:\Users\Yannick\AppData\Roaming\B1Toolbar" deleted
"C:\Users\Yannick\AppData\Roaming\DealPly" deleted
"C:\Users\Yannick\AppData\Roaming\DefaultTab" deleted
"C:\Users\Yannick\AppData\Roaming\Delta" deleted
"C:\Users\Yannick\AppData\Roaming\YourFileDownloader" deleted
"C:\Users\Yannick\AppData\Roaming\Media Finder" deleted
"C:\ProgramData\BrowserProtect" not deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder" deleted
"C:\Users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly" deleted
"C:\Users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect" deleted
"C:\Users\Yannick\AppData\Local\B1E" deleted
"C:\Users\Yannick\AppData\Local\PackageAware" deleted
"C:\Users\Yannick\AppData\Local\SwvUpdater" deleted
"C:\Users\Yannick\AppData\LocalLow\Delta" deleted
"C:\Users\Yannick\AppData\LocalLow\SimplyTech" deleted
"C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}" deleted
"C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda" deleted
"C:\Windows\SysWow64\searchplugins" deleted
"C:\Windows\SysWow64\Extensions" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\jetpack" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\CT2269050" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\ffxtlbr@delta.com" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\CT2269050" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\ffxtlbr@delta.com" deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-05-08 15:29:57	E2F956C95D5B6888B948FCDEB1056272	5683	----a-w-	C:\Windows\wininit.ini
====== C:\Users\Yannick\AppData\Local\Temp ====
2013-05-10 14:26:53	E4EC57E8508C5C4040383EBE6D367928	34308	----a-w-	C:\Users\Yannick\AppData\Local\Temp\bassmod.dll
====== C:\Windows\SysWOW64 =====
2013-05-10 17:55:51	72FB00BE9AE93D7F445ACBBAAE43EFB1	1431552	----a-w-	C:\Windows\SysWOW64\rewire.dll
2013-05-10 17:55:28	9033DAF3277F0498BC86C8D4566C25CE	1554944	----a-w-	C:\Windows\SysWOW64\vorbis.acm
2013-04-30 13:56:39	D017BF8D92938EEB9B3A1D1C53FDA152	14323200	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2013-04-30 13:56:39	CFE0CEE587F9CEA4C29DEEC6D85FC91C	1766912	----a-w-	C:\Windows\SysWOW64\wininet.dll
2013-04-30 13:56:39	C28A634CF127DA67D566B5E14D0A0170	719360	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-30 13:56:39	C225E5307D8D4982A1687F2702C37C78	158720	----a-w-	C:\Windows\SysWOW64\msls31.dll
2013-04-30 13:56:39	B96C13B5C85AC4240FE95DE115945D59	38400	----a-w-	C:\Windows\SysWOW64\imgutil.dll
2013-04-30 13:56:39	B5DEC0D4CBBC333CA99FE10B06D4747E	2046464	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2013-04-30 13:56:39	B5D742C535D37A7DA0649E03B32CAD80	493056	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2013-04-30 13:56:39	AF0332E09DDBE0172237D1958A7DADB8	79872	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2013-04-30 13:56:39	A7E8E3A9F92D9B0D495F636A1D282883	48640	----a-w-	C:\Windows\SysWOW64\mshtmler.dll
2013-04-30 13:56:39	A7CFDA703AF9AD409DAA521487E0CB53	109056	----a-w-	C:\Windows\SysWOW64\iesysprep.dll
2013-04-30 13:56:39	9DF7A7C74D8632CB5EBD37E3A374825E	204800	----a-w-	C:\Windows\SysWOW64\webcheck.dll
2013-04-30 13:56:39	9B59687619B27CDA24638CDC3AF079FB	2877440	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2013-04-30 13:56:39	96E0F0BED5D9EBABB899D8CA83C36A7E	523264	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2013-04-30 13:56:39	90F785F7594E3AF23D4392677042BE9A	391168	----a-w-	C:\Windows\SysWOW64\ieui.dll
2013-04-30 13:56:39	8A45166CD9874463AB76B552C9C2D3AD	110592	----a-w-	C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-30 13:56:39	87E71F2A83681F41B796CA685818EF2D	163840	----a-w-	C:\Windows\SysWOW64\msrating.dll
2013-04-30 13:56:39	87B775A458A73BB7381E5B67B5652496	39424	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2013-04-30 13:56:39	828B4A41BE891A7AEC07E693422B4A3A	117248	----a-w-	C:\Windows\SysWOW64\iepeers.dll
2013-04-30 13:56:39	81C4D657D37C3A5418B54BFECE821B84	57344	----a-w-	C:\Windows\SysWOW64\pngfilt.dll
2013-04-30 13:56:39	80B47F0F45C3EBF41C30E0BA367D25D3	125440	----a-w-	C:\Windows\SysWOW64\occache.dll
2013-04-30 13:56:39	6EF6B6EACCA13DD6131624E0DD5C14A3	690688	----a-w-	C:\Windows\SysWOW64\jscript.dll
2013-04-30 13:56:39	6DF2C6438CFF6EFCBBB88AEE01795501	73728	----a-w-	C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-30 13:56:39	69CB1A65B835EE6ADF9E16ED6D443072	1129984	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2013-04-30 13:56:39	56E51C26745FF7413514EA4DDF33BC6C	11776	----a-w-	C:\Windows\SysWOW64\msfeedssync.exe
2013-04-30 13:56:39	52A7D73D5570F757D865DDECD087FB41	138752	----a-w-	C:\Windows\SysWOW64\wextract.exe
2013-04-30 13:56:39	3AB2A38F7EA9E62D176A78FB58761E24	12800	----a-w-	C:\Windows\SysWOW64\mshta.exe
2013-04-30 13:56:39	338520304B99471BD0ED121954FE7863	82432	----a-w-	C:\Windows\SysWOW64\inseng.dll
2013-04-30 13:56:39	3275F17533CB1599841AAABA3C8D3E8E	2706432	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2013-04-30 13:56:39	2D7A29C35D0894481A69FA3AC45F18F0	41984	----a-w-	C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-30 13:56:39	260D83B1B3696DFA30E33E015C30E12C	137216	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2013-04-30 13:56:39	1B6A7D965462BE6220727721A4CDB247	71680	----a-w-	C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-30 13:56:39	0B6118058942961D504AAEA04FECB116	13761024	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2013-04-30 13:56:39	0402BFC25AB49E02256BC24E32829773	185344	----a-w-	C:\Windows\SysWOW64\elshyph.dll
2013-04-30 13:56:39	038F76279EC64878A072D988DE13C7B2	150528	----a-w-	C:\Windows\SysWOW64\iexpress.exe
2013-04-30 13:56:38	F0D4AE074D9BC0741DC6E91C741F2F8C	23040	----a-w-	C:\Windows\SysWOW64\licmgr10.dll
2013-04-30 13:56:38	E14A07B768EC49D382CABCE2F078D576	232960	----a-w-	C:\Windows\SysWOW64\url.dll
2013-04-30 13:56:38	DEFB55D4FF094673DF31FA89A8A8A2F0	226816	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2013-04-30 13:56:38	C68FBBF01E86CB6CF0B797748FBD6C1A	357888	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2013-04-30 13:56:38	BFDD0C5F3E435596F197F003609989C4	61440	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2013-04-30 13:56:38	9D9AC6CE9A9D951AC40DE91CD6F0A620	1441280	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2013-04-30 13:56:38	932571EFF79B93F94E84ADF4989A277F	69120	----a-w-	C:\Windows\SysWOW64\icardie.dll
2013-04-30 13:56:38	8C3D32A4A46326031309A43C52539D7F	1400416	----a-w-	C:\Windows\SysWOW64\ieapfltr.dat
2013-04-30 13:56:38	4A47CAEA8D3B82DE439A79771ECED4B1	361984	----a-w-	C:\Windows\SysWOW64\html.iec
2013-04-30 13:56:38	414A3D9AAE072CDEFE0B64C2EBEE18D2	61952	----a-w-	C:\Windows\SysWOW64\tdc.ocx
2013-04-30 13:56:38	404FAD93ABFBD86D1AAAB47D5DFA6505	242200	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2013-04-30 13:56:38	3FA7F736B877B46EDF1EE6BE6051848D	33280	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2013-04-30 13:56:38	1FF56AC32B38A94C3C88497BD6E00C96	25185	----a-w-	C:\Windows\SysWOW64\ieuinit.inf
2013-04-30 13:56:38	0F44172A5B34E8F208CD0F209EDD4A73	629248	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-05-08 14:59:39	23948829C6D049B8ADE0E0FB87305AC3	17272	----a-w-	C:\Windows\Sysnative\sdnclean64.exe
2013-04-30 13:56:39	5051BB40FFB2BA4870C0A059CA03294F	1054720	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2013-04-30 13:56:39	3531FA12A76A32ECECD972196775DF7C	226304	----a-w-	C:\Windows\Sysnative\elshyph.dll
2013-04-30 13:56:38	FC6B4D5450871A4D5CB344AFF6C090EF	281600	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2013-04-30 13:56:38	F651D95B5043EFC20A6108A853553984	92160	----a-w-	C:\Windows\Sysnative\SetIEInstalledDate.exe
2013-04-30 13:56:38	F2F5667BBD2864938C82EB3B6773D9D2	173568	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2013-04-30 13:56:38	F03E5925B7E99800B8BFE1332556E1E2	89600	----a-w-	C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-04-30 13:56:38	F021824E70447D98DB6CCED4456A0891	39936	----a-w-	C:\Windows\Sysnative\iernonce.dll
2013-04-30 13:56:38	EC08E38751854C5B8899139B7DD29FF9	197120	----a-w-	C:\Windows\Sysnative\msrating.dll
2013-04-30 13:56:38	E965529C43D25F2BDA77D705098BF777	135680	----a-w-	C:\Windows\Sysnative\IEAdvpack.dll
2013-04-30 13:56:38	E198851141465033273480C5EEAD5DE5	2706432	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2013-04-30 13:56:38	E1055A7FAD39F1F7C44F6152044056EA	905728	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2013-04-30 13:56:38	DE3C3B1B4FA5FBF1F17BCD3B3AE1ED15	3958784	----a-w-	C:\Windows\Sysnative\jscript9.dll
2013-04-30 13:56:38	D9C10A4A0B3411146E6FC8936B079934	167424	----a-w-	C:\Windows\Sysnative\iexpress.exe
2013-04-30 13:56:38	D8DD5CBB9668EEE98915EA49C72F78FA	441856	----a-w-	C:\Windows\Sysnative\html.iec
2013-04-30 13:56:38	D8076F8A3C34064582035AE6696DC34A	27648	----a-w-	C:\Windows\Sysnative\licmgr10.dll
2013-04-30 13:56:38	D744D5B8145C2303B19A288AF695E9AD	15404544	----a-w-	C:\Windows\Sysnative\ieframe.dll
2013-04-30 13:56:38	D0F66CFAED5B85543216EF526D380B8B	270848	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2013-04-30 13:56:38	D0D4CE6C6CE87269A34A184356475D17	149504	----a-w-	C:\Windows\Sysnative\occache.dll
2013-04-30 13:56:38	C2F21E3059AFF5E616F3E361D9FA10CD	62976	----a-w-	C:\Windows\Sysnative\pngfilt.dll
2013-04-30 13:56:38	BC0D4AFBE94D8E1F81C8926D805C3366	247296	----a-w-	C:\Windows\Sysnative\webcheck.dll
2013-04-30 13:56:38	ADE73A865A5F136E84F49BB6B1627C6E	1509376	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2013-04-30 13:56:38	A89103864B67CE1ED3BB5D48569D3D94	51712	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2013-04-30 13:56:38	942E110384668EEFF44751A02EDDF5E4	48640	----a-w-	C:\Windows\Sysnative\mshtmler.dll
2013-04-30 13:56:38	8C3D32A4A46326031309A43C52539D7F	1400416	----a-w-	C:\Windows\Sysnative\ieapfltr.dat
2013-04-30 13:56:38	8C1EFE99D4C9462EF2E10E7140B44D4A	855552	----a-w-	C:\Windows\Sysnative\jscript.dll
2013-04-30 13:56:38	85F1FE2D5EDBFD26066F5ABB9504A69C	2647040	----a-w-	C:\Windows\Sysnative\iertutil.dll
2013-04-30 13:56:38	82F604599DE379AA539EE2DF48399DC5	67072	----a-w-	C:\Windows\Sysnative\iesetup.dll
2013-04-30 13:56:38	82D602EBBBA6D08E4691F32269FD3494	12800	----a-w-	C:\Windows\Sysnative\msfeedssync.exe
2013-04-30 13:56:38	7EC25F7ABF7CE6B0FE93787524EE537B	452096	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2013-04-30 13:56:38	753C0848AE7872A3F59663078A517293	2240512	----a-w-	C:\Windows\Sysnative\wininet.dll
2013-04-30 13:56:38	658E8FEC79A4AB5BFDE032627B5C9667	13824	----a-w-	C:\Windows\Sysnative\mshta.exe
2013-04-30 13:56:38	63CAE56FE4215F98FEB0188748A99378	52224	----a-w-	C:\Windows\Sysnative\msfeedsbs.dll
2013-04-30 13:56:38	5B15164486C66B76699E1CD2CD2F3A2A	51200	----a-w-	C:\Windows\Sysnative\imgutil.dll
2013-04-30 13:56:38	4E426A67C46379B75A5E671B46FC07F6	102912	----a-w-	C:\Windows\Sysnative\inseng.dll
2013-04-30 13:56:38	4CFBEC37E4FAD530E623E1541E1EA958	599552	----a-w-	C:\Windows\Sysnative\vbscript.dll
2013-04-30 13:56:38	440104AEB9DAF8AC9842080AE59740FA	77312	----a-w-	C:\Windows\Sysnative\tdc.ocx
2013-04-30 13:56:38	40738329209CBE2C9B48F7E30F7C1414	144896	----a-w-	C:\Windows\Sysnative\wextract.exe
2013-04-30 13:56:38	402D797A7905DC3C6FE11E75CD5252EB	235008	----a-w-	C:\Windows\Sysnative\url.dll
2013-04-30 13:56:38	394ECD933CD66BADF97EA85A183B9E1E	19230208	----a-w-	C:\Windows\Sysnative\mshtml.dll
2013-04-30 13:56:38	38BEBBC4CF9FE6566262F0037DF843BF	136704	----a-w-	C:\Windows\Sysnative\iesysprep.dll
2013-04-30 13:56:38	2AAE2B8FED8390879C2369FC63F7001F	97280	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2013-04-30 13:56:38	29812E9971077BE3F8B9DC225CF9D454	1365504	----a-w-	C:\Windows\Sysnative\urlmon.dll
2013-04-30 13:56:38	268E23EAEDF3FAF87A7A87F0257C9E87	603136	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2013-04-30 13:56:38	23556D116D5FB93395B2A648EEB24251	81408	----a-w-	C:\Windows\Sysnative\icardie.dll
2013-04-30 13:56:38	1FF56AC32B38A94C3C88497BD6E00C96	25185	----a-w-	C:\Windows\Sysnative\ieuinit.inf
2013-04-30 13:56:38	1C3C4D34DCF354620B76B42620B4DFAD	526336	----a-w-	C:\Windows\Sysnative\ieui.dll
2013-04-30 13:56:38	194125E7839D4902F2490A70049E8F78	53248	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2013-04-30 13:56:38	18A94D6E9D27D169D38DAB91F6A97518	136192	----a-w-	C:\Windows\Sysnative\iepeers.dll
2013-04-30 13:56:38	1456EECCB5CF6B91513200F95D61706E	762368	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2013-04-30 13:56:38	112183DF91C9BAECB498E4A86ECDE598	216064	----a-w-	C:\Windows\Sysnative\msls31.dll
====== C:\Windows\Sysnative\drivers =====
2013-05-08 15:06:16	0BB97D43299910CBFBA59C461B99B910	25928	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2013-05-08 13:19:37	4BDDB42CB6BF46452FA7155EA5381576	83160	----a-w-	C:\Windows\Sysnative\drivers\avnetflt.sys
2013-04-24 12:00:48	B98F8C6E31CD07B2E6F71F7F648E38C0	1656680	----a-w-	C:\Windows\Sysnative\drivers\ntfs.sys
2013-04-11 12:40:23	8F6322049018354F45F05A2FD2D4E5E0	223752	----a-w-	C:\Windows\Sysnative\drivers\fvevol.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-05-10 17:55:36	--------	d-----w-	C:\Program Files\Image-Line
2013-05-08 13:33:05	--------	d-----w-	C:\Program Files\Common Files\Wondershare
======= C:\Program Files (x86) =====
2013-05-10 17:56:15	--------	d-----w-	C:\Program Files (x86)\ASIO4ALL v2
2013-05-10 17:55:51	--------	d-----w-	C:\Program Files (x86)\VstPlugins
2013-05-10 17:55:27	--------	d-----w-	C:\Program Files (x86)\DSPRobotics
2013-05-10 17:52:59	--------	d-----w-	C:\Program Files (x86)\Image-Line
2013-05-09 13:25:48	--------	d-----w-	C:\Program Files (x86)\Kaspersky Lab
2013-05-08 14:59:36	--------	d-----w-	C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-08 13:39:19	--------	d-----w-	C:\Program Files (x86)\Free HD Converter
2013-05-08 13:32:46	--------	d-----w-	C:\Program Files (x86)\Wondershare
2013-05-07 12:31:00	--------	d-----w-	C:\Program Files (x86)\GutscheinFinder
2013-05-07 12:30:54	--------	d-----w-	C:\Program Files (x86)\HomeTab
2013-05-07 12:30:43	--------	d-----w-	C:\Program Files (x86)\Browser Updater
2013-05-07 12:17:00	--------	d-----w-	C:\Program Files (x86)\Covus Freemium
2013-04-28 13:06:19	--------	d-----w-	C:\Program Files (x86)\MSI Afterburner
2013-04-27 18:37:09	--------	d-----w-	C:\Program Files (x86)\Red Kawa
2013-04-11 13:02:43	--------	d-----w-	C:\Program Files (x86)\Cheat Engine 6.2
======= C: =====
====== C:\Users\Yannick\AppData\Roaming ======
2013-05-10 17:58:30	--------	d-----w-	C:\users\Yannick\AppData\Roaming\SongManager
2013-05-10 17:56:15	--------	d-----w-	C:\users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2013-05-10 17:55:37	--------	d-----w-	C:\users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2013-05-10 17:55:37	--------	d-----w-	C:\users\Yannick\AppData\Roaming\Image-Line
2013-05-10 17:55:27	--------	d-----w-	C:\users\Yannick\AppData\Roaming\FlowStone
2013-05-10 14:36:52	--------	d-----w-	C:\users\Yannick\AppData\Roaming\Sony Creative Software Inc
2013-05-08 14:40:13	--------	d-----w-	C:\users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2013-05-08 13:33:32	--------	d-----w-	C:\users\Yannick\AppData\Roaming\Wondershare Video Converter Ultimate
2013-05-08 13:33:16	--------	d-----w-	C:\users\Yannick\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2013-05-08 13:33:06	--------	d-----w-	C:\users\Yannick\AppData\Local\Wondershare
2013-05-07 12:30:54	--------	d-----w-	C:\users\Yannick\AppData\Roaming\SimplyTech
2013-05-07 12:30:54	--------	d-----w-	C:\users\Yannick\AppData\Roaming\HomeTab
2013-05-07 12:30:52	--------	d-----w-	C:\users\Yannick\AppData\Locallow\HomeTab
2013-05-07 12:14:14	--------	d-----w-	C:\users\Yannick\AppData\Local\DownloadGuide
2013-04-28 13:06:26	--------	d-----w-	C:\users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2013-04-27 18:37:33	--------	d-----w-	C:\users\Yannick\AppData\Local\Geckofx
2013-04-11 16:16:39	--------	d-----w-	C:\users\Yannick\AppData\Locallow\Google
====== C:\Users\Yannick ======
2013-05-10 17:55:36	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2013-05-09 13:25:48	--------	d-----w-	C:\ProgramData\Kaspersky Lab
2013-05-09 13:04:25	--------	d-----w-	C:\ProgramData\Kaspersky Lab Setup Files
2013-05-08 14:59:48	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2013-05-08 14:59:43	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2013-05-08 14:40:22	--------	d-----w-	C:\Users\Yannick\Local Settings
2013-05-08 14:40:18	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2013-05-08 13:36:38	--------	d-----w-	C:\ProgramData\xml_param
2013-05-08 13:32:49	--------	d-----w-	C:\ProgramData\Wondershare Video Converter Ultimate
2013-05-07 12:17:00	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium
2013-05-07 12:17:00	--------	d-----w-	C:\ProgramData\FreeSystemUtilities
2013-04-27 18:37:10	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Kawa
2013-04-11 16:30:45	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1942
2013-04-11 16:16:27	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2013-04-11 13:02:45	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
2013-04-11 13:02:34	--------	d-----w-	C:\ProgramData\BrowserProtect

====== C: exe-files ==
2013-05-10 17:58:26	7BC34350BC675C40D6A246A4ED764B70	375220	----a-w-	C:\Program Files (x86)\VstPlugins\Image-Line\Deckadance2\Uninstall.exe
2013-05-10 17:56:15	27F9C23AF8DB5E8205607B2988FC0D0C	44702	----a-w-	C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
2013-05-10 17:55:37	2A0E2D81052B016C84CC80D12F7FB818	426976	----a-w-	C:\Program Files (x86)\Image-Line\Downloader\Uninstall.exe
2013-05-10 17:55:28	E3420E1FE7444CABA7D02E126BC6E9CD	718885	----a-w-	C:\Program Files (x86)\Image-Line\FL Studio 11\Uninstall.exe
2013-05-10 17:55:27	967CA03D349C4ECE12B8597EFAC46080	61799	----a-w-	C:\Program Files (x86)\DSPRobotics\FlowStone\uninstall fl version.exe
2013-05-10 17:53:01	D63F6F89B6650B28C6CB74682D596E3F	368815	----a-w-	C:\Program Files (x86)\Image-Line\Shared\Uninstall.exe
2013-05-10 17:32:37	E94E642DC1D35E257032FCBF73CC1082	307359850	----a-w-	C:\Users\Yannick\AppData\Local\Temp\OCS\Downloads\705f49176579a643660bff5ff6ae3956\28d1ba05ae70cdae8139822b64f69df6\fl11.exe
2013-05-10 17:32:17	5B122B28A113E7CB9250E260EB23D173	339968	----a-w-	C:\Users\Yannick\AppData\Local\Temp\OCS\ocs_v7a.exe
2013-05-10 17:32:01	8FAA9B80DB43F5F5A01802D080B00BF0	613216	----a-w-	C:\Users\Yannick\Downloads\fl11.exe
2013-05-10 14:03:17	FC646896BAB849F86A5FC6282D4E3DAD	393040	----a-w-	C:\Users\Yannick\Downloads\SoftonicDownloader_fuer_vegas-pro.exe
2013-05-10 13:18:27	417E02108D0B7CC4EA7790C8609C739C	61345792	----a-w-	C:\Users\Yannick\Documents\MAGIX Downloads\Installationsmanager\Video_deluxe_2013_Premium_DvdMenus1_INT_120821_13-23_1_0_0_0.exe
2013-05-10 13:14:03	78B0F491DA6D87AB2F451500FE5F82CE	140203840	----a-w-	C:\Users\Yannick\Documents\MAGIX Downloads\Installationsmanager\Video_deluxe_2013_Premium_FadeEffects_INT_120821_13-39_1_0_0_0.exe
2013-05-08 14:59:42	CB63BDB77BB86549FC3303C2F11EDC18	168384	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
2013-05-08 14:59:41	E3947C81667D9A6957379C7AC1878700	3044904	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPrepPos.exe
2013-05-08 14:59:41	A529CFE32565C0B145578FFB2B32C9A5	1369624	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
2013-05-08 14:59:41	452DB84283EB2F043827AC95D62CE19C	3487240	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
2013-05-08 14:59:40	E5B08C76D70149D83C70524BD6A9BB2A	3208736	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDBootCD.exe
2013-05-08 14:59:40	6DA79FBD5004D058822D7FFB4E6FC668	4939800	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSBIEdit.exe
2013-05-08 14:59:40	3DF5CA3E4BDA7354D908C96536F20BD0	2768416	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPEStart.exe
2013-05-08 14:59:40	2184F839E2CE175323326E24E4926EEC	3984912	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
2013-05-08 14:59:40	215DB59AE80A17F6603F1ED56890A944	222744	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPESetup.exe
2013-05-08 14:59:40	1E5AEF78349B28B346C7F8B96C46143E	4201504	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScript.exe
2013-05-08 14:59:39	E4A0900CF535888DDD85B10040CA3E34	3906584	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
2013-05-08 14:59:39	E4A0900CF535888DDD85B10040CA3E34	3906584	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
2013-05-08 14:59:39	DF90E955A74D16DF44BDD08BA9F815E4	204896	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFileScanHelper.exe
2013-05-08 14:59:39	36A82C214B46787385F3B0CD02ECAA88	3653656	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
2013-05-08 14:59:39	23948829C6D049B8ADE0E0FB87305AC3	17272	----a-w-	C:\Windows\System32\sdnclean64.exe
2013-05-08 14:59:39	206387AB881E93A1A6EB89966C8651F1	1103392	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
2013-05-08 14:59:39	1B2B3215F4B6B735813844AC1769E239	3713032	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
2013-05-08 14:59:39	08EAD3366AB556F9C014EE6A0AD3FB75	3828768	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
2013-05-08 14:59:38	B5A4EBA9487F08BECC843A87422B8052	3825176	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
2013-05-08 14:59:38	79A1D2AAB399849D0307325D24C2595A	3764248	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe
2013-05-08 14:59:38	1E95079AFDB035878460D797BE585D3D	3500568	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
2013-05-08 14:59:37	92161F1EE9DF9F7F5E4A0FF553055C46	3211288	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDShred.exe
2013-05-08 14:59:37	3492434F098E2DD918F264CF0042B1E0	3571224	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSysRepair.exe
2013-05-08 14:59:37	046606A36202B6C15D515F3FFD800391	2876984	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPRE.exe
2013-05-08 14:59:36	DA15D9D80D2E27845C2C6A8F8CCE644A	2710040	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
2013-05-08 14:59:36	98F2272A7D1BA8E3155FBEA167BCC613	91648	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\xcacls.exe
2013-05-08 14:59:36	43EA4CE22183E3E76BE235A459F376B0	3495464	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPhoneScan.exe
2013-05-08 14:59:36	3EA8740BD2371CC255EF46D8500C8A43	1265480	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe
2013-05-08 14:59:36	30665EF9A00E926D2FC81398616EBB21	4494368	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe
2013-05-08 14:59:36	23132C88F03BAE38A3C62468ABFD63D2	132120	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\blindman.exe
2013-05-08 14:59:36	0B8FB4EFC5518BEF358E684F4C2D397A	3397648	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDQuarantine.exe
2013-05-08 14:40:22	92C732231B7909EDEFF180174C6EF499	230480	----a-w-	C:\Users\Yannick\Local Settings\Application Data\Bundled software uninstaller\biclient.exe
2013-05-08 13:39:51	D2D875CBED2C746D7D06282A9415089B	77477	----a-w-	C:\Program Files (x86)\Free HD Converter\Uninstall.exe
2013-05-08 13:33:47	7F5973607C528C4357C3E65E3DF0B882	18084936	----a-w-	C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\Temp\player_full1374.exe
2013-05-08 13:33:05	F14E3661A1383E7F03905054EF1F8AA0	1742624	----a-w-	C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
2013-05-08 13:33:05	DC328AA9CD4A1D0507399478E5242BC2	2136576	----a-w-	C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\UpLoad.exe
2013-05-08 13:33:05	A4A1B98720FA70874D30DE97F079F516	723294	----a-w-	C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\unins000.exe
2013-05-08 13:19:37	ADA0D1407E2C328FB95686E9D5AB88B5	111328	----a-w-	C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe
2013-05-08 13:19:37	5FF8FFD589DA25F43C4FE944A4B2AE0A	775224	----a-w-	C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
2013-05-08 13:17:03	8C2C2E5119E844B43085CBC73106754B	597560	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
2013-05-08 13:17:03	22DC787A09D2EC7E3F1138A26C41083C	46960	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
2013-05-07 12:31:00	154C739D234C8A0C1050E1A7745B5DEE	47467	----a-w-	C:\Program Files (x86)\GutscheinFinder\Uninst.exe
2013-05-07 12:30:55	FD7C8C48FE5391462962B16AA1401BF4	4608	----a-w-	C:\Program Files (x86)\HomeTab\ToolbarUninstall.exe
2013-05-07 12:30:54	5C3D3175BF94A9F7BD5978F4E1E6A84E	1180061	----a-w-	C:\Program Files (x86)\HomeTab\unins000.exe
2013-05-07 12:30:43	F9F626ECEB08B648829C73C6B79A6F9F	13824	----a-w-	C:\Program Files (x86)\Browser Updater\TaskSchedulerCreator.exe
2013-05-07 12:30:43	AF48FF0B0F98FAC08ADBFE9E3F0CD726	1183089	----a-w-	C:\Program Files (x86)\Browser Updater\unins000.exe
2013-05-07 12:16:43	EAB530CF752823049115CD4A8E526DBE	432200	------w-	C:\ProgramData\Package Cache\{f8cd9221-848c-45fb-a509-fa75dea3a22f}\free-system-utilities_Setup_product-website.exe
2013-05-07 12:16:13	CE7A9FD0AE36639AD8DEAAA7B997D4DA	526080	----a-w-	C:\Users\Yannick\AppData\Local\DownloadGuide\Offers\gutscheincodes.exe
2013-05-07 12:16:11	8DF7B1551E877F84476FBB3D52D42419	1164896	----a-w-	C:\Users\Yannick\AppData\Local\DownloadGuide\Offers\autocompletepro.exe
2013-05-07 12:16:09	2F46A2E37FB05642A0E859545D6B09F7	854848	----a-w-	C:\Users\Yannick\AppData\Local\DownloadGuide\Offers\iminent.exe
2013-05-07 12:15:43	5142B19EB991CEDEB67EBEEE455C16EA	12854872	----a-w-	C:\Users\Yannick\AppData\Local\DownloadGuide\FreeSystemUtilities.exe
2013-05-07 12:15:24	3A15ECD6D26800B98C6A7153222355C9	5136072	----a-w-	C:\Users\Yannick\AppData\Local\DownloadGuide\Offers\HomeTab.exe
=== C: other files ==
2013-05-10 13:46:49	C5999314C962E9259FD07880149FC038	21989	----a-w-	C:\Users\Yannick\Downloads\MVD 2013 Crack for boerse.bz.zip
2013-05-08 15:06:16	0BB97D43299910CBFBA59C461B99B910	25928	----a-w-	C:\Windows\System32\drivers\mbam.sys
2013-05-08 13:19:37	4BDDB42CB6BF46452FA7155EA5381576	83160	----a-w-	C:\Windows\System32\drivers\avnetflt.sys
2013-05-08 13:19:37	4BDDB42CB6BF46452FA7155EA5381576	83160	----a-w-	C:\Program Files (x86)\Avira\AntiVir Desktop\avnetflt.sys
2013-05-07 12:30:54	63F8CBFC591892AC457EA159D369A0A3	1002478	----a-w-	C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx
2013-05-04 19:12:10	A1225AE4117444D48FA35C014B03F296	9102591	----a-w-	C:\ProgramData\TrackMania\Cache\96F2034B015CA38FD4447411E45A22A1_ice-servers.info.tm%5crav%5cfuulspeed.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"SDP"="C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto "

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"SDP"="C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ApnUpdater"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgnt"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCSSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ocs_SM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ocs_SM"
"hkey"="HKLM"
"command"="C:\\Users\\Yannick\\AppData\\Roaming\\OCS\\SM\\SearchAnonymizer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDFPrint]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDFPrint"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PDF24\\pdf24.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SweetIM"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\SweetIM\\Messenger\\SweetIM.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Sweetpacks Communicator"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TkBellExe"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Real\\RealPlayer\\update\\realsched.exe\"  -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinampAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Winamp\\winampa.exe\""


==== Startup Folders ======================

2013-01-21 16:45:31	2091	----a-w-	C:\users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
2012-12-27 18:15:34	1064	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IEEE 802.11g USB Adapter Utility.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12.04.2013 16:58]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21.12.2012 14:59]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21.12.2012 14:59]
C:\Windows\tasks\SmartPCFix Task.job --a------ C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default
- DealPly Shopping - %ProfilePath%\extensions\amo@dealplyshopping.com
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
- Battlefield Play4Free - %ProfilePath%\extensions\battlefieldplay4free@ea.com
- GutscheinCodes.de GutscheinFinder - %ProfilePath%\extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack
- Better Battlelog BBLog - %ProfilePath%\extensions\jid1-qQSMEVsYTOjgYA@jetpack
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
- HomeTab - %ProfilePath%\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}
- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
- FoxTab - %ProfilePath%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default
F7E72D3A281F922BACEC1A71A826D4C2	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll -	Shockwave Flash
7D35CB60201CED2F01AE06F1816231E2	- C:\Windows\SysWOW64\npDeployJava1.dll -	Java Deployment Toolkit 7.0.100.18
FEF9ECECFA177AEC0F7564A08394D2C8	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -	RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll -	RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -	RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll -	RealDownloader Plugin
7C0C6F7B9C0CD4162D33276FDEBC86F7	- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll -	EA Battlefield Heroes Updater
2B737A92C7C327E48C735B3060DB85A8	- C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll -	PDF-XChange Viewer
6846D2CA7E1D5937AEE3F99BB7F5464B	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll -	Shockwave for Director / Shockwave for Director
BF6273472DCAD201B029131D4AC6DDE3	- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll -	Battlefield Play4Free Updater
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
didlmjkkjfegblmkekbhgpefajgikncm - C:\Program Files (x86)\GutscheinFinder\gutscheincodes.crx[19.03.2013 18:07]
djbdlklldbflagkkpaljamjfbpefcbpf - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx[24.03.2013 05:22]
dlfienamagdnkekbbbocojppncdambda - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx[]
hahpjplbmicfkmoccokbjejahjjpnena - C:\Users\Yannick\AppData\Local\B1E\B1Tool.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29.11.2012 21:35]
jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[]
ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx[]
pgafcinpmmpklohkojmllohdhomoefph - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx[04.03.2013 14:32]

Google Drive - Yannick - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Yannick - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Yannick - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Yannick - Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
GutscheinCodes.de GutscheinFinder - Yannick - Default\Extensions\didlmjkkjfegblmkekbhgpefajgikncm
HomeTab - Yannick - Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf
Delta Toolbar - Yannick - Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Improved Search - Yannick - Default\Extensions\hahpjplbmicfkmoccokbjejahjjpnena
Safe Money - Yannick - Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Yannick - Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
RealDownloader - Yannick - Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Virtual Keyboard - Yannick - Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
SweetIM for Facebook - Yannick - Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
SmallringFX DarkBlue Theme - Yannick - Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk
SweetPacks Chrome Extension - Yannick - Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
BrowserProtect - Yannick - Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Gmail - Yannick - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Yannick - Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== Chrome Fix ======================

C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hahpjplbmicfkmoccokbjejahjjpnena deleted successfully
C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page Before"="hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={983FCE92-5A59-11E2-B581-6CF0497AFA88}"
"Search Page"="hxxp://search.b1.org/?bsrc=4hixr&chid=c167991"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://newtab.certified-toolbar.com/nie?si=43169&tid=3580&st=newtab&ts=1367929852375&tguid=43169-3580-1367929845032-236673"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://newtab.certified-toolbar.com/nie?si=43169&tid=3580&st=newtab&ts=1367929852375&tguid=43169-3580-1367929845032-236673"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page Before"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Delta Search Url="hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=AEF000FF07B976A4"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hahpjplbmicfkmoccokbjejahjjpnena deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Yannick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\users\Yannick\AppData\Local\Mozilla\Firefox\Profiles\5tuanbyy.default\Cache emptied successfully
C:\users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\personas\cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Yannick\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"  not found
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\babylon.xml"  deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-20.0.dll"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js"  not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul"  not found
"C:\ProgramData\BrowserProtect"  not found
         

Alt 11.05.2013, 12:08   #8
smeenk
/// Malwareteam / Visitor
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



ZeroAcces war immer noch aktiv auf dein Rechner

Der GutscheinFinder hast Du bewusst installiert?
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    C:\Windows\wininit.ini;f
    DealPly Shopping;firefoxlook;
    eooncjejnppfjjklapaamhcdmjbilmde;chr
    pgafcinpmmpklohkojmllohdhomoefph;chr
    HomeTab;firefoxlook;
    {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9};c
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator];r64
    C:\Windows\tasks\SmartPCFix Task.job;f
    C:\Program Files (x86)\SmartPCFix;fs
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM];r64
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater];r64
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ocs_SM];r64
    C:\users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker;fs
    C:\Users\Yannick\AppData\Local\DownloadGuide;fs
    C:\Users\Yannick\Local Settings\Application Data\Bundled software uninstaller;fs
    C:\Users\Yannick\Downloads\SoftonicDownloader_fuer_vegas-pro.exe;f
    C:\Users\Yannick\Downloads\fl11.exe;f
    C:\users\Yannick\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A};fs
    C:\users\Yannick\AppData\Local\Wondershare;fs
    C:\Program Files (x86)\wondershare;fs
    C:\Program Files (x86)\Common Files\Wondershare;fs
    C:\users\Yannick\AppData\Roaming\SimplyTech;fs
    C:\users\Yannick\AppData\Roaming\HomeTab;fs
    C:\users\Yannick\AppData\Locallow\HomeTab;fs
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log

Alt 11.05.2013, 12:32   #9
Sniperwurst
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



Ach verdammt,

Nein es war nicht beabsichtigt, das gutscheinfinder auf meinem Pc ist!!!!!

Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 06-May-2013
Tool run by Yannick on 11.05.2013 at 12:19:56,53.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results11.05.2013-1022.log	212 bytes
C:\zoek-results11.05.2013-1047.log	69032 bytes

==== Possible Rootkit Infection ======================

C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ocs_SM] 

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\SmartPCFix" not found 
"C:\Program Files (x86)\Common Files\Wondershare" not found 
"C:\Windows\wininit.ini" deleted
"C:\Windows\tasks\SmartPCFix Task.job" deleted
"C:\Users\Yannick\Downloads\SoftonicDownloader_fuer_vegas-pro.exe" deleted
"C:\Users\Yannick\Downloads\fl11.exe" deleted
"C:\users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker" deleted
"C:\Users\Yannick\AppData\Local\DownloadGuide" deleted
"C:\Users\Yannick\Local Settings\Application Data\Bundled software uninstaller" deleted
"C:\users\Yannick\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}" deleted
"C:\users\Yannick\AppData\Local\Wondershare" deleted
"C:\Program Files (x86)\Wondershare" deleted
"C:\users\Yannick\AppData\Roaming\SimplyTech" deleted
"C:\users\Yannick\AppData\Roaming\HomeTab" deleted
"C:\users\Yannick\AppData\Locallow\HomeTab" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default
- DealPly Shopping - %ProfilePath%\extensions\amo@dealplyshopping.com
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
- Battlefield Play4Free - %ProfilePath%\extensions\battlefieldplay4free@ea.com
- GutscheinCodes.de GutscheinFinder - %ProfilePath%\extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack
- Better Battlelog BBLog - %ProfilePath%\extensions\jid1-qQSMEVsYTOjgYA@jetpack
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
- HomeTab - %ProfilePath%\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}
- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
- FoxTab - %ProfilePath%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default
F7E72D3A281F922BACEC1A71A826D4C2	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll -	Shockwave Flash
7D35CB60201CED2F01AE06F1816231E2	- C:\Windows\SysWOW64\npDeployJava1.dll -	Java Deployment Toolkit 7.0.100.18
FEF9ECECFA177AEC0F7564A08394D2C8	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -	RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll -	RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -	RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll -	RealDownloader Plugin
7C0C6F7B9C0CD4162D33276FDEBC86F7	- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll -	EA Battlefield Heroes Updater
2B737A92C7C327E48C735B3060DB85A8	- C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll -	PDF-XChange Viewer
6846D2CA7E1D5937AEE3F99BB7F5464B	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll -	Shockwave for Director / Shockwave for Director
BF6273472DCAD201B029131D4AC6DDE3	- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll -	Battlefield Play4Free Updater
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Deleting Files \ Folders ======================

"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\amo@dealplyshopping.com" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
didlmjkkjfegblmkekbhgpefajgikncm - C:\Program Files (x86)\GutscheinFinder\gutscheincodes.crx[19.03.2013 18:07]
djbdlklldbflagkkpaljamjfbpefcbpf - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx[24.03.2013 05:22]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29.11.2012 21:35]
pgafcinpmmpklohkojmllohdhomoefph - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx[]

Google Drive - Yannick - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Yannick - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Yannick - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Yannick - Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
GutscheinCodes.de GutscheinFinder - Yannick - Default\Extensions\didlmjkkjfegblmkekbhgpefajgikncm
HomeTab - Yannick - Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf
Delta Toolbar - Yannick - Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Safe Money - Yannick - Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Yannick - Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
RealDownloader - Yannick - Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Virtual Keyboard - Yannick - Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
SmallringFX DarkBlue Theme - Yannick - Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk
BrowserProtect - Yannick - Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Gmail - Yannick - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Yannick - Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== Chrome Fix ======================

C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully
C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph deleted successfully
         

Alt 11.05.2013, 12:50   #10
smeenk
/// Malwareteam / Visitor
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    C:\Program Files (x86)\GutscheinFinder;fs
    C:\Program Files (x86)\Free HD Converter;fs
    C:\Program Files\Common Files\Wondershare;fs
    GutscheinCodes.de GutscheinFinder;firefoxlook;
    chrdefaults;
    didlmjkkjfegblmkekbhgpefajgikncm;chr
    djbdlklldbflagkkpaljamjfbpefcbpf;chr
    hakdifolhalapjijoafobooafbilfakh;chr
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log



Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Alt 11.05.2013, 14:58   #11
Sniperwurst
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 06-May-2013
Tool run by Yannick on 11.05.2013 at 14:47:38,76.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results11.05.2013-1022.log	212 bytes
C:\zoek-results11.05.2013-1047.log	69032 bytes
C:\zoek-results11.05.2013-1223.log	8767 bytes

==== Possible Rootkit Infection ======================

C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\GutscheinFinder" deleted
"C:\Program Files (x86)\Free HD Converter" deleted
"C:\Program Files\Common Files\Wondershare" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
- Battlefield Play4Free - %ProfilePath%\extensions\battlefieldplay4free@ea.com
- GutscheinCodes.de GutscheinFinder - %ProfilePath%\extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack
- Better Battlelog BBLog - %ProfilePath%\extensions\jid1-qQSMEVsYTOjgYA@jetpack
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
- FoxTab - %ProfilePath%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default
F7E72D3A281F922BACEC1A71A826D4C2	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll -	Shockwave Flash
7D35CB60201CED2F01AE06F1816231E2	- C:\Windows\SysWOW64\npDeployJava1.dll -	Java Deployment Toolkit 7.0.100.18
FEF9ECECFA177AEC0F7564A08394D2C8	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -	RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll -	RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -	RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll -	RealDownloader Plugin
7C0C6F7B9C0CD4162D33276FDEBC86F7	- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll -	EA Battlefield Heroes Updater
2B737A92C7C327E48C735B3060DB85A8	- C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll -	PDF-XChange Viewer
6846D2CA7E1D5937AEE3F99BB7F5464B	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll -	Shockwave for Director / Shockwave for Director
BF6273472DCAD201B029131D4AC6DDE3	- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll -	Battlefield Play4Free Updater
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Deleting Files \ Folders ======================

"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
didlmjkkjfegblmkekbhgpefajgikncm - C:\Program Files (x86)\GutscheinFinder\gutscheincodes.crx[]
djbdlklldbflagkkpaljamjfbpefcbpf - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx[24.03.2013 05:22]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29.11.2012 21:35]

Google Drive - Yannick - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Yannick - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Yannick - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Yannick - Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
GutscheinCodes.de GutscheinFinder - Yannick - Default\Extensions\didlmjkkjfegblmkekbhgpefajgikncm
HomeTab - Yannick - Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf
Safe Money - Yannick - Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Yannick - Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
RealDownloader - Yannick - Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Virtual Keyboard - Yannick - Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
SmallringFX DarkBlue Theme - Yannick - Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk
Gmail - Yannick - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Yannick - Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== Chrome Fix ======================

C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx deleted successfully
C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\didlmjkkjfegblmkekbhgpefajgikncm deleted successfully
C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf deleted successfully
C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh deleted successfully

==== Reset Google Chrome ======================

C:\users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\didlmjkkjfegblmkekbhgpefajgikncm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf deleted successfully
         
Die TDSSKiller.exe hat nix gefunden!!

Alt 11.05.2013, 15:26   #12
smeenk
/// Malwareteam / Visitor
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    C:\Windows\assembly\GAC_32\Desktop.ini;f
    C:\Windows\assembly\GAC_64\Desktop.ini;f
    C:\Program Files (x86)\HomeTab;fs
    uninstall-list;
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log



Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Alt 11.05.2013, 16:22   #13
Sniperwurst
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



Zoek.exe
Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 06-May-2013
Tool run by Yannick on 11.05.2013 at 15:44:37,72.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results11.05.2013-1022.log	212 bytes
C:\zoek-results11.05.2013-1047.log	69032 bytes
C:\zoek-results11.05.2013-1223.log	8767 bytes
C:\zoek-results11.05.2013-1449.log	6435 bytes

==== Possible Rootkit Infection ======================

C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

==== Deleting Files \ Folders ======================

"C:\Windows\assembly\GAC_32\Desktop.ini" not deleted
"C:\Windows\assembly\GAC_64\Desktop.ini" not deleted
"C:\Program Files (x86)\HomeTab" deleted

==== Uninstall List x64 ======================

Ableton Live 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DF0C0EB1-6940-4B18-A3AB-014F28A5028C}]
Adobe Flash Player 11 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Flash Player 11 Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Adobe Shockwave Player 11.6 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player]
AMD Accelerated Video Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{504184A2-1B0E-5D93-603A-517E93E7EDB3}]
AMD APP SDK Runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{503F672D-6C84-448A-8F8F-4BC35AC83441}]
AMD Catalyst Install Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}]
AMD Drag and Drop Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0407893F-352C-B182-E04A-A8C3333DA29B}]
AMD Fuel [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{042B10AA-8233-A9E0-4DEB-B7253C686DBB}]
AMD Media Foundation Decoders [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}]
AMD VISION Engine Control Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86095E92-1959-8364-920E-82E81F64F8FB}]
Apple Application Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}]
Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}]
Arctic Combat [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 212370]
ASIO4ALL  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL]
Assassin's Creed II [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 33230]
Automap 4.7 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Automap Universal_is1]
Avira Free Antivirus [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira AntiVir Desktop]
Battlefield 1942T [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}]
Battlefield 3T [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{76285C16-411A-488A-BCE3-C83CB933D8CF}]
Battlefield Heroes [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}]
BioShock  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 7670]
BioShock 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 8850]
Bonjour  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07287123-B8AC-41CE-8346-3D777245C35B}]
BRAdmin Professional 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{75C885D4-C758-4896-A3B4-90DA34B44C31}]
Browser Updater 1.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Browser Updater_is1]
BrowserProtect  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]
Bundled software uninstaller [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller]
Catalyst Control Center - Branding [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}]
Catalyst Control Center Graphics Previews Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{210DFA65-F805-1A2B-4F83-8E27279AE385}]
Catalyst Control Center InstallProxy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{47416F0B-6589-591E-C6F8-4235D2230B14}]
Catalyst Control Center Localization All [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B55FB422-B803-11F5-5582-B3666EA1B9AC}]
ccc-utility64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{57580625-C673-7FEA-8791-E84B7AAF5069}]
CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ACEF4078-9B86-2455-E18D-34D52D37D9D5}]
CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}]
CCC Help Czech [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{959E4378-CCA1-E4E4-2425-793DA92E8D95}]
CCC Help Danish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{974F4B73-2017-E174-9070-3F58F01B341F}]
CCC Help Dutch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}]
CCC Help English [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}]
CCC Help Finnish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1342411-5A98-DE8A-5629-D0C518E1C280}]
CCC Help French [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{89D05F35-933A-89C0-B935-C92BEE4229BD}]
CCC Help German [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}]
CCC Help Greek [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{29822CAD-C76A-0BEE-55F5-AAA524DA814F}]
CCC Help Hungarian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98E20A18-3C29-86FA-50B4-918C2B34A082}]
CCC Help Italian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}]
CCC Help Japanese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAACC0A5-4382-04D0-C75E-0669C7B949B6}]
CCC Help Korean [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D34A6029-FB1A-9EA8-A938-5393F82A3A00}]
CCC Help Norwegian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}]
CCC Help Polish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}]
CCC Help Portuguese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F172E34-4107-8964-6AEA-5051FFD265FF}]
CCC Help Russian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B8010864-15F8-613B-20EF-AC35B14B3E0D}]
CCC Help Spanish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}]
CCC Help Swedish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F2C35491-9323-3AE7-6023-6B4128045153}]
CCC Help Thai [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D08B4177-5160-6B66-8934-2F9012134D61}]
CCC Help Turkish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}]
CCleaner  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
CDBurnerXP  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1]
Cheat Engine 6.2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Cheat Engine 6.2_is1]
ClassicPro¸ v2.01 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ClassicPro]
Colin McRae Rally 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D26D1A53-D8A2-4004-BC98-0642B4EEAAB2}]
D3DX10  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
Deckadance 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Deckadance 2]
Defraggler  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Defraggler]
Delta toolbar   [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\delta]
Desktop Icon fr Amazon [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon]
ESN Sonar [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ESN Sonar-0.70.4]
F.E.A.R. 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 21100]
FilesFrog Update Checker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker]
FileZilla Client 3.6.0.2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Client]
Firebird SQL Server - MAGIX Edition [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C5F8503-55D2-4398-858C-362B7A7AF51C}]
FireJump  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1]
FL Studio 11 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FL Studio 11]
FlowStone FL 3.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FlowStone]
Fotogalerie  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}]
Fraps (remove only) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fraps]
Free System Utilities [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f8cd9221-848c-45fb-a509-fa75dea3a22f}]
Free SystemUtilities [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AE9EBE85-F0BA-476B-8BC9-B9705918C823}]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Earth [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
Grand Theft Auto IV [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D8301}]
Grand Theft Auto IV [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 12210]
GTA IV Vehicle Mod Installer v1.3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GTA IV Vehicle Mod Installer v1.3_is1]
GutscheinFinder  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GutscheinFinder]
HomeTab 2.7 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{c5eac06d-16a7-4836-866d-ebf3ecfdcdaa}_is1]
IEEE 802.11g Wireless USB Adapter [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19867A28-6B4D-4C72-9106-82B0DFE33234}]
IL Download Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IL Download Manager]
IL Shared Libraries [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IL Shared Libraries]
Internet Explorer Toolbar 4.6 by SweetPacks [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}]
IrfanView (remove only) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IrfanView]
iScreensaver Designer 4.4.4.380 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iScreensaverDesigner4_is1]
Java 7 Update 11 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86417011FF}]
Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}]
Left 4 Dead 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 550]
LogMeIn Hamachi [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{106B4413-ACBB-4CDE-8707-587DB9BD77EC}]
LogMeIn Hamachi [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LogMeIn Hamachi]
MAGIX Speed burnR (MSI) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F30AE017-6791-43F1-8591-D31EDDDDFF1A}]
MAGIX Speed burnR (MSI) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MAGIX_{F30AE017-6791-43F1-8591-D31EDDDDFF1A}]
MAGIX Video deluxe 2013 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}]
MAGIX Video deluxe 2013 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MAGIX_{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}]
MAGIX Video deluxe 2013 Premium [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{47E960B1-A285-4D31-87BA-4D2936FC8FF1}]
MAGIX Video deluxe 2013 Premium [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MAGIX_{47E960B1-A285-4D31-87BA-4D2936FC8FF1}]
Malwarebytes Anti-Malware Version 1.75.0.1300 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1]
McAfee Security Scan Plus [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
Media Go [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7A6C3344-5CF9-4B83-959C-6576C5B27D09}]
Media Go Video Playback Engine 1.96.115.08260 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{065DBB54-6E55-A609-2E1E-F0617E827D53}]
MediaCoder x64 0.8.18.5348 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaCoder x64]
Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]
Microsoft Games for Windows - LIVE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}]
Microsoft Games for Windows - LIVE Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}]
Microsoft Office Professional Plus 2010 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A49F249F-0C91-497F-86DF-B2585E8E76B7}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}]
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}]
Minecraft Texturepack Editor [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Minecraft Texturepack Editor]
MorphVOX Junior [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}]
Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}]
Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}]
MozBackup 1.5.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozBackup]
Mozilla Firefox 20.0.1 (x86 de) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 20.0.1 (x86 de)]
Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
MSI Afterburner 2.3.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Afterburner]
MSVCRT  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
MSVCRT Redists [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7E708ADE-6575-11E2-8713-F04DA23A5C58}]
MSVCRT_amd64  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}]
MSVCRT110  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}]
MSVCRT110_amd64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9FA781F-3E80-4399-825A-AD3E11C28C77}]
MSXML 4.0 SP3 Parser [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{196467F1-C11F-4F76-858B-5812ADC83B94}]
Need For SpeedT World [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}]
NetSpeedMonitor 2.5.4.0 x64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}]
Novation USB Audio Driver 2.3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Novation USB Audio Driver_is1]
ObjectDock Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C13F8C1-570B-42A9-87B4-8C7903ECD602}]
ObjectDock Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ObjectDock Free]
ObjectDock Plus 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ObjectDock Plus 2]
Odyssey Client [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99D42EC7-652B-4819-B3E6-6450C815E03F}]
Origin  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Origin]
Pack 500 track [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pack 500 track]
PartitionMagic  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}]
PDF-Viewer  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1]
PDF24 Creator 5.2.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1]
Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}]
Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30F99474-EBE3-4134-A02B-F6CD38CFE243}]
PlayStation(R)Network Downloader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}]
PlayStation(R)Store  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}]
PowerQuest PartitionMagic 8.0 Demo [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}]
Preispilot fr Firefox [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0D8E6567-7082-48DB-A305-293873AC8B39}_is1]
Protected Search 1.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1]
QuickTime  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}]
RaceRoom Racing Experience  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 211500]
RealDownloader  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}]
RealNetworks - Microsoft Visual C++ 2008 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}]
RealNetworks - Microsoft Visual C++ 2010 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}]
RealPlayer  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 16.0]
RealUpgrade 1.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}]
SkypeT 6.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}]
Speccy  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Speccy]
Spybot - Search & Destroy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1]
Stardock Software [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CF91A5A9-F10D-433D-A677-9505B84EAF1B}]
Steam  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{048298C9-A4D3-490B-9FF9-AB023A9238F3}]
swMSM  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}]
TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TeamSpeak 3 Client]
TeamViewer 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TeamViewer 8]
TmNationsForever  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TmNationsForever_is1]
TrackMania 2 - Canyon [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6DF1B3E4-3EF6-4BFD-8C60-ABBCD423B5A6}_is1]
TrackMania Nations ESWC 0.1.7.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TmNations_is1]
TubeBox  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD5AA756-2E57-4AE2-BAB2-3A54DA1C50F4}]
TubeBox  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{bfc92a01-1ae1-4375-befa-7e090bff5f6a}]
Ubisoft Game Launcher [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{888F1505-C2B3-4FDE-835D-36353EBD4754}]
Update Manager for SweetPacks 1.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}]
Vegas Pro 12.0 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7A0D09B0-6575-11E2-89D5-F04DA23A5C58}]
VideoDesktop 3.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoDesktop_is1]
VirtualDJ Home FREE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5E1375CB-6792-4464-8715-CC3EC83D48FA}]
VirtualDJ PRO Full [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{82BEEB3F-D0BF-42EE-8739-F4827C4805B7}]
VLC media player 2.0.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player]
Wallpaperio Zune HD Maker 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wallpaperio Zune HD Maker]
Winamp  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp]
Winamp Erkennungs-Plug-in [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Detect]
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0454BB9A-2A7A-4214-BDFF-937F7A711A44}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite]
Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE52672C-A0E9-4450-8875-88A221D5CD50}]
Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15F3A6F5-06AE-4332-AE3E-21CD0416827A}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{70854FE6-3BF1-4C69-94D0-BEB821102E34}]
Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}]
Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}]
Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE7C0B3D-50B9-4951-BE78-A321CBF86552}]
Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}]
Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CCBD1F4-CEEC-452A-9CB8-46564B501315}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2C146B1-948D-47EF-8387-5D1C6B980F7C}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}]
WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]

After Reboot

==== Deleting Files / Folders ======================

"C:\Windows\assembly\GAC_32\Desktop.ini"  not deleted
"C:\Windows\assembly\GAC_64\Desktop.ini"  not deleted
         
mbar.exe (1)
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Yannick :: YANNICK-PC [administrator]

11.05.2013 16:09:31
mbar-log-2013-05-11 (16-09-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31105
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.
c:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.

(end)
         
mbar.exe (2)
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Yannick :: YANNICK-PC [administrator]

11.05.2013 16:19:32
mbar-log-2013-05-11 (16-19-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31070
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 11.05.2013, 17:14   #14
smeenk
/// Malwareteam / Visitor
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



Es hat prima gelaufen

Dieser Programme kannst Du deinstallieren:
BrowserProtect
Bundled software uninstaller
Delta toolbar
FilesFrog Update Checker
GutscheinFinder
HomeTab 2.7
Internet Explorer Toolbar 4.6 by SweetPacks
Protected Search 1.1
Update Manager for SweetPacks 1.1

Wie deinstalliere ich Programme bei Windows 7?
Wenn deinstallieren unmöglich ist einfach mit den nächsten weitermachen.

Öffne nochmal ZOEK und kopiere untenstehende Code in das Textfeld:

Code:
ATTFilter
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}];r64
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1];r64
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}];r64
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GutscheinFinder];r64
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{c5eac06d-16a7-4836-866d-ebf3ecfdcdaa}_is1];r64
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker];r64
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller];r64
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}];r64
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\delta];r64
         
Drucke "Run Script".

Poste mir das Logfile.



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Alt 11.05.2013, 17:39   #15
Sniperwurst
 
TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Standard

TR/ATRAPS.Gen2 und W32/Patched.UC gefunden



Zoek.exe
Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 06-May-2013
Tool run by Yannick on 11.05.2013 at 17:25:39,42.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results11.05.2013-1022.log	212 bytes
C:\zoek-results11.05.2013-1047.log	69032 bytes
C:\zoek-results11.05.2013-1223.log	8767 bytes
C:\zoek-results11.05.2013-1449.log	6435 bytes
C:\zoek-results11.05.2013-1559.log	29730 bytes

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}] 
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1] 
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}] 
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GutscheinFinder] 
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{c5eac06d-16a7-4836-866d-ebf3ecfdcdaa}_is1] 
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker] 
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller] 
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] 
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\delta]
         
adwcleaner.exe
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 11/05/2013 um 17:32:02 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Yannick - YANNICK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Yannick\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Yannick\AppData\LocalLow\simplytech
Ordner Gelöscht : C:\Users\Yannick\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Yannick\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Complitly
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\Default Tab
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\ProtectedSearch
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\a5388d9b035bf43
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.Band
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.Band.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SimplyGen
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\a5388d9b035bf43
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [firejump@firejump.net]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\prefs.js

C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [20055 octets] - [11/05/2013 17:32:02]

########## EOF - C:\AdwCleaner[S1].txt - [20116 octets] ##########
         
--- --- ---

Antwort

Themen zu TR/ATRAPS.Gen2 und W32/Patched.UC gefunden
arbeiten, auswirkungen, festplatte, frage, gefunde, gestartet, guten, hartnäckig, hoffe, installer, inter, interne, internet, malwarebytes, normale, opfer, platte, professionelle, reaktion, spybot, tr/atraps.gen, troja, trojaner, windows



Ähnliche Themen: TR/ATRAPS.Gen2 und W32/Patched.UC gefunden


  1. TR/ATRAPS.Gen - TR/ATRAPS.Gen2 - W32/Patched.UA - BDS/ZeroAccess.Gen
    Log-Analyse und Auswertung - 20.09.2013 (5)
  2. W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (14)
  3. TR/ATRAPS.Gen2 sowie W32/Patched.UC
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (23)
  4. TR/ATRAPS.Gen2 und W32/Patched.UC gefunden
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (10)
  5. Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (23)
  6. W32/Patched.UA, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in System 32
    Log-Analyse und Auswertung - 09.11.2012 (7)
  7. services.exe mit "W32/Patched.UC" infiziert || TR/ATRAPS.GEN2 und TR/Sirefref.W.16896 gefunden
    Log-Analyse und Auswertung - 18.10.2012 (1)
  8. TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (36)
  9. W32/Patched.UA roootkit zero access + TR/ATRAPS.Gen2 TR/Sirefef.
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (2)
  10. W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (2)
  11. (2x) W32/Patched.UA TR/ATRAPS.Gen TR/ATRAPS.Gen2
    Mülltonne - 07.08.2012 (2)
  12. Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA
    Log-Analyse und Auswertung - 11.07.2012 (28)
  13. TR/Small.FI, TR/ATRAPS.Gen, TR/ATRAPS.GEN2 und W32/Patched.UA in "C:\Windows\System32\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (15)
  14. W32/Patched.UA, TR/ATRAPS.GEN und GEN2
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  15. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
  16. Atraps.gen2 und W32/patched.ub durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (1)
  17. Auch hier W32/Patched.UA, ATRAPS.Gen2 und weitere.
    Log-Analyse und Auswertung - 26.06.2012 (4)

Zum Thema TR/ATRAPS.Gen2 und W32/Patched.UC gefunden - Einen wunderschönen guten Tag, auch ich bin Opfer geworden der jetzt auf professionelle Hilfe angewiesen ist. Avira findet des öfteren: W32/Pached.UC TR/ATRAPS.Gen2 Außerdem habe ich diesen Pfad: C:\Windows\Installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000064.@ Ich habe - TR/ATRAPS.Gen2 und W32/Patched.UC gefunden...
Archiv
Du betrachtest: TR/ATRAPS.Gen2 und W32/Patched.UC gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.