Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Delta Search, Click Compare uvm.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.05.2013, 23:46   #1
Raxtasy
 
Delta Search, Click Compare uvm. - Icon16

Delta Search, Click Compare uvm.



Moin! ... oder: N'abend!

Es scheint als hätte ich ein kleines Problem mit Malware... Ich habe vor einiger Zeit den "Click Compare"-Virus auf meinem Rechner entdeckt, mir daraufhin ein paar Programme runtergelanden, darunter auch CCleaner, und mir damit den "Delta Search"-Virus ebenfalls bewerkstelligt. Allerdings sind diese 2 Kameraden nicht nur anhänglich, sondern gehen einem auch ziemlich auf die Nüsse... Ich vermute unter Umständen weitere Viren, da mein PC sich nach dem hochfahren stark verlangsamt.

Ich verwende Windows 8, benutze Avast als Virenscanner und meine Browser sind Mozilla Firefox, Internet Explorer und Lunascape, wobei ich hauptsächlich Firefox benutze.

Ich habe bereits 2 mal versucht GMER auszuführen, allerdings ist mein PC dadurch abgeschmiert und ich habe mich dann entschieden, diesen Schritt zu überspringen und hoffe, dass es die weitere zusammenarbeit nicht großartig belastet.

Falls noch Fragen offen sind, nehme ich an, dass sie mir diese sowieso stellen.
Weiter im Text: Ich hoffe sie können mir helfen.

MfG Raxes

edit:
die OTL.txt ist irgendwie zu groß. Ich hoffe das Hochladen über Speedyshare ist gestattet:
hxxp://www.speedyshare.com/QDCcZ/OTL.Txt
Angehängte Dateien
Dateityp: log defogger_disable.log (472 Bytes, 125x aufgerufen)
Dateityp: txt Extras.Txt (68,5 KB, 149x aufgerufen)

Geändert von Raxtasy (29.05.2013 um 23:53 Uhr)

Alt 30.05.2013, 06:27   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Delta Search, Click Compare uvm. - Standard

Delta Search, Click Compare uvm.



Hi,

Logfiles bitte einfach in CodeTags posten. den # Button oben in der Antwortbox drücken, es entstehen Code_boxen, dazwischen dann das Logfile
__________________

__________________

Alt 30.05.2013, 13:20   #3
Raxtasy
 
Delta Search, Click Compare uvm. - Standard

Delta Search, Click Compare uvm.



Okay!

defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:17 on 30/05/2013 (Mirco)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL.txt
Code:
ATTFilter
OTL logfile created on: 30.05.2013 00:18:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mirco\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 5,28 Gb Available Physical Memory | 66,99% Memory free
9,07 Gb Paging File | 6,34 Gb Available in Paging File | 69,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 138,03 Gb Free Space | 74,09% Space Free | Partition Type: NTFS
Drive D: | 258,15 Gb Total Space | 254,86 Gb Free Space | 98,73% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 220,67 Gb Free Space | 94,76% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 232,76 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive H: | 4,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 1,83 Gb Total Space | 0,09 Gb Free Space | 5,06% Space Free | Partition Type: FAT
 
Computer Name: SACRIFICE-PC | User Name: Mirco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.30 00:16:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirco\Downloads\OTL.exe
PRC - [2013.05.30 00:16:07 | 000,050,477 | ---- | M] () -- C:\Users\Mirco\Downloads\Defogger.exe
PRC - [2013.05.21 16:31:14 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2013.05.21 16:31:14 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2013.05.21 16:28:26 | 002,839,592 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
PRC - [2013.05.17 16:15:52 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.05.14 20:10:54 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013.05.05 19:59:06 | 001,716,224 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2013.05.01 06:11:08 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\Mirco\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013.05.01 06:11:08 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.03.07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.20 11:57:20 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012.09.29 20:18:26 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012.09.18 14:51:54 | 001,124,032 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012.09.17 11:27:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.09.14 15:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012.09.11 18:06:52 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012.09.11 16:01:34 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012.09.11 16:01:30 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012.09.11 13:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2012.08.31 21:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012.08.22 11:24:28 | 001,559,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012.07.26 05:20:55 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2012.07.17 18:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012.07.17 11:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.17 11:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.17 11:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.07.17 11:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.05.28 12:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012.05.23 02:48:42 | 000,078,352 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2012.04.13 12:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012.03.28 20:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011.11.21 16:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.30 00:16:07 | 000,050,477 | ---- | M] () -- C:\Users\Mirco\Downloads\Defogger.exe
MOD - [2013.05.29 20:53:44 | 000,013,600 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013.05.17 16:15:52 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.05.14 20:10:54 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013.05.06 01:15:12 | 001,392,640 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\DSpellCheck.dll
MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012.09.11 16:01:28 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011.09.21 22:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
MOD - [2011.07.18 23:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.11.27 14:57:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.11.27 14:56:57 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.11.27 14:56:57 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.11.27 14:56:51 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012.04.20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013.05.29 23:47:08 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Mirco\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2013.05.21 16:28:26 | 002,839,592 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013.05.17 16:15:52 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 20:10:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.02.28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.27 14:56:51 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.11.21 10:58:42 | 000,277,048 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.29 21:01:56 | 000,220,288 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012.09.29 20:18:26 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012.09.17 11:27:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.09.11 13:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.17 11:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.17 11:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.17 11:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.07.17 11:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.05.23 10:48:42 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2012.04.13 12:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011.11.21 16:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.03.07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.03.07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.03.07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.03.07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.03.07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.03.07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.03.07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.03.07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 14:56:51 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.11.27 14:56:51 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.11.27 14:56:51 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.11.27 14:56:51 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.21 10:58:32 | 005,337,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.11.20 11:57:28 | 000,062,848 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.19 01:57:58 | 003,728,384 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012.11.15 06:11:54 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.09.29 20:43:20 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.09.18 14:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012.09.14 07:15:10 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.08.02 05:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012.07.30 18:04:12 | 000,690,832 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.02 09:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.06.13 12:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2012.06.02 16:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012.06.02 16:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012.06.02 16:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012.05.31 05:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV - [2011.09.07 11:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119828&tt=gc_&babsrc=HP_ss&mntrId=54CF1ED05A59D08E
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119828&tt=gc_&babsrc=HP_ss&mntrId=54CF1ED05A59D08E
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119828&tt=gc_&babsrc=SP_ss&mntrId=54CF1ED05A59D08E
IE - HKCU\..\SearchScopes\{39926D04-A875-4025-963B-D295052EB03B}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=c7e25e44-dda3-4cf0-b843-c99ac8bb4ead&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{5A7867E8-DD08-4FC0-8D4A-35DAF276319D}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=c7e25e44-dda3-4cf0-b843-c99ac8bb4ead&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{7D5CFBF4-2427-4C45-A91D-084209EFE337}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=c7e25e44-dda3-4cf0-b843-c99ac8bb4ead&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9FD9D813-677A-4916-A9BF-51D77F153479}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=c7e25e44-dda3-4cf0-b843-c99ac8bb4ead&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C24F1A0F-A9B8-4614-87AB-998A87A5C20B}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=c7e25e44-dda3-4cf0-b843-c99ac8bb4ead&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C4CC7847-AD27-4BE6-A139-E2125126F334}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=c7e25e44-dda3-4cf0-b843-c99ac8bb4ead&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119828&tt=gc_&babsrc=HP_ss&mntrId=54CF1ED05A59D08E"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.7
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:6.21.4.1
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.20 02:34:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Users\Mirco\AppData\Roaming\Mozilla\Firefox\Profiles\fpin2e4y.default\extensions\webbooster@iminent.com [2013.05.29 23:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Mirco\AppData\Roaming\Mozilla\Firefox\Profiles\fpin2e4y.default\extensions\firejump@firejump.net [2013.05.29 23:47:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.05.29 23:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\Extensions
[2013.05.29 23:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\Firefox\Profiles\fpin2e4y.default\extensions
[2013.05.29 23:47:53 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Mirco\AppData\Roaming\mozilla\Firefox\Profiles\fpin2e4y.default\extensions\ffxtlbr@delta.com
[2013.05.29 23:47:26 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Mirco\AppData\Roaming\mozilla\Firefox\Profiles\fpin2e4y.default\extensions\firejump@firejump.net
[2013.05.05 23:43:07 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Mirco\AppData\Roaming\mozilla\Firefox\Profiles\fpin2e4y.default\extensions\plugin@yontoo.com
[2013.05.29 23:48:30 | 000,000,000 | ---D | M] (Iminent Minibar) -- C:\Users\Mirco\AppData\Roaming\mozilla\Firefox\Profiles\fpin2e4y.default\extensions\webbooster@iminent.com
[2013.04.11 17:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\extensions\ftdownloader3@ftdownloader.com.xpi
[2013.05.29 23:47:40 | 000,006,503 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\babylon.xml
[2013.05.29 23:47:53 | 000,001,294 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\delta.xml
[2013.05.29 23:47:14 | 000,001,094 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\{3BD54F02-606D-4155-9B38-093333621A6A}.xml
[2013.05.29 23:47:14 | 000,001,870 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\{51DE4F0E-6EB8-4AEA-92B4-A68AB766FFF9}.xml
[2013.05.29 23:47:14 | 000,002,522 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\{944D4CC1-2F57-4894-BA6E-56484F01E1CD}.xml
[2013.05.29 23:47:14 | 000,002,077 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\{B2AC876C-B2D3-45DA-B477-0F24B50FC799}.xml
[2013.05.29 23:47:14 | 000,002,188 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\{CE6CACB2-92E3-472B-AB03-CC6477138A64}.xml
[2013.05.29 23:47:14 | 000,024,039 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\{E56618C7-0769-4EF9-A4FF-658A123682C8}.xml
[2013.05.29 23:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2013.05.17 16:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.17 16:15:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.04.20 02:34:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Mirco\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\Mirco\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{695500E9-5790-4AA1-8392-350E0C56C8C6}: DhcpNameServer = 192.168.178.1 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.29 23:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.29 23:48:48 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Iminent
[2013.05.29 23:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013.05.29 23:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013.05.29 23:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2013.05.29 23:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013.05.29 23:48:02 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.05.29 23:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.05.29 23:47:54 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\BabSolution
[2013.05.29 23:47:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.05.29 23:47:26 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll
[2013.05.29 23:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FoxyDeal
[2013.05.29 23:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxyDeal
[2013.05.29 23:47:14 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Opera
[2013.05.29 23:47:11 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\DesktopIconForAmazon
[2013.05.29 23:47:08 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\OCS
[2013.05.29 23:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013.05.29 23:35:34 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Malwarebytes
[2013.05.29 23:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.29 23:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.29 23:35:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.29 23:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.29 17:51:43 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.05.29 17:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.05.29 17:51:42 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Notepad++
[2013.05.29 17:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013.05.29 16:12:38 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Lunascape
[2013.05.29 16:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6
[2013.05.29 16:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lunascape
[2013.05.26 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Local\TechSmith
[2013.05.26 18:02:54 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\TechSmith
[2013.05.26 18:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2013.05.26 18:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.05.26 18:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2013.05.26 18:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2013.05.25 16:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2013.05.25 16:18:54 | 000,000,000 | ---D | C] -- C:\Users\Mirco\Documents\Camtasia Studio
[2013.05.25 16:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Camtasia Studio 7
[2013.05.17 16:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.13 02:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YGOPro
[2013.05.13 02:17:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GTA San Andreas User Files
[2013.05.13 02:10:02 | 000,000,000 | ---D | C] -- C:\Users\Mirco\Documents\GTA San Andreas User Files
[2013.05.09 00:33:39 | 000,000,000 | R--D | C] -- C:\Users\Mirco\SkyDrive
[2013.05.06 00:22:37 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\LibreOffice
[2013.05.05 23:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Enterbrain
[2013.05.05 23:43:06 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Yontoo
[2013.05.05 23:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013.05.05 23:43:04 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Babylon
[2013.05.05 23:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.05.05 23:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.05.05 23:42:26 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Local\PutLockerDownloader
[2013.05.05 23:42:19 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
[2013.05.05 23:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0
[2013.05.05 23:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4.0
[2013.05.05 01:35:57 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\vlc
[2013.05.05 01:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.05.05 01:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.05.04 17:46:33 | 000,000,000 | ---D | C] -- C:\Users\Mirco\Documents\Pinnacle VideoSpin
[2013.05.04 17:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2013.05.04 17:43:19 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Local\Downloaded Installations
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.30 00:17:38 | 000,000,000 | ---- | M] () -- C:\Users\Mirco\defogger_reenable
[2013.05.30 00:11:28 | 004,320,054 | ---- | M] () -- C:\Users\Mirco\Desktop\Neue Bitmap.bmp
[2013.05.30 00:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.29 23:49:20 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.29 23:48:43 | 000,000,635 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.05.29 23:45:56 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013.05.29 23:35:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.29 19:03:20 | 000,032,847 | ---- | M] () -- C:\Users\Mirco\AppData\Local\recently-used.xbel
[2013.05.29 16:11:48 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\Lunascape6.lnk
[2013.05.29 15:30:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.29 14:16:11 | 000,000,401 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\sp_data.sys
[2013.05.29 14:13:41 | 000,338,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.29 14:13:33 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.29 14:13:23 | 2474,229,759 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.26 21:39:53 | 000,004,608 | ---- | M] () -- C:\Users\Mirco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.26 18:02:27 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
[2013.05.25 16:09:45 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.25 16:09:45 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.25 16:09:45 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.25 16:09:45 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.25 16:09:45 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.11 12:46:28 | 000,000,017 | ---- | M] () -- C:\Users\Mirco\AppData\Local\resmon.resmoncfg
[2013.05.09 00:53:19 | 000,000,367 | ---- | M] () -- C:\Users\Mirco\Heimnetzgruppe - Verknüpfung.lnk
[2013.05.06 04:19:57 | 000,001,548 | ---- | M] () -- C:\Users\Mirco\Desktop\Herunterfahren.lnk
[2013.05.06 00:51:48 | 000,664,367 | ---- | M] () -- C:\Users\Mirco\Documents\Bewerbung.odt
[2013.05.05 23:21:13 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk
[2013.05.05 01:35:50 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.30 00:17:38 | 000,000,000 | ---- | C] () -- C:\Users\Mirco\defogger_reenable
[2013.05.30 00:10:55 | 004,320,054 | ---- | C] () -- C:\Users\Mirco\Desktop\Neue Bitmap.bmp
[2013.05.29 23:49:20 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.29 23:48:34 | 000,000,635 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.05.29 23:47:27 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2013.05.29 23:45:56 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013.05.29 23:35:27 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.29 19:03:20 | 000,032,847 | ---- | C] () -- C:\Users\Mirco\AppData\Local\recently-used.xbel
[2013.05.29 16:11:48 | 000,001,205 | ---- | C] () -- C:\Users\Public\Desktop\Lunascape6.lnk
[2013.05.29 14:13:29 | 000,338,816 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.26 18:02:27 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
[2013.05.26 12:58:00 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.05.11 12:46:28 | 000,000,017 | ---- | C] () -- C:\Users\Mirco\AppData\Local\resmon.resmoncfg
[2013.05.09 00:53:19 | 000,000,367 | ---- | C] () -- C:\Users\Mirco\Heimnetzgruppe - Verknüpfung.lnk
[2013.05.09 00:33:01 | 000,000,303 | ---- | C] () -- C:\Users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heimnetzgruppe.lnk
[2013.05.06 04:19:10 | 000,001,548 | ---- | C] () -- C:\Users\Mirco\Desktop\Herunterfahren.lnk
[2013.05.05 23:21:13 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk
[2013.05.05 01:35:50 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.04 17:47:18 | 000,004,608 | ---- | C] () -- C:\Users\Mirco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.20 19:36:04 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2013.04.20 19:35:45 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2013.04.20 19:35:45 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2013.04.19 22:46:50 | 000,000,401 | ---- | C] () -- C:\Users\Mirco\AppData\Roaming\sp_data.sys
[2013.01.10 13:10:45 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013.01.10 13:10:33 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.01.10 13:10:31 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.11.27 14:56:57 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.11.27 06:08:26 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012.11.27 06:08:26 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012.11.27 06:08:26 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.07.25 22:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.07.25 22:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 30.05.2013 00:18:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mirco\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 5,28 Gb Available Physical Memory | 66,99% Memory free
9,07 Gb Paging File | 6,34 Gb Available in Paging File | 69,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 138,03 Gb Free Space | 74,09% Space Free | Partition Type: NTFS
Drive D: | 258,15 Gb Total Space | 254,86 Gb Free Space | 98,73% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 220,67 Gb Free Space | 94,76% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 232,76 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive H: | 4,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 1,83 Gb Total Space | 0,09 Gb Free Space | 5,06% Space Free | Partition Type: FAT
 
Computer Name: SACRIFICE-PC | User Name: Mirco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D8B1E0-3389-40C2-834E-FD5261857E64}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{209D8451-CC03-4F3C-BC3F-F1E4FD2E9A2F}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{2D7A0DF3-62B2-4FEB-96B8-EF335A23FEAD}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{34CBE68A-1C47-4342-A01A-6AB6C5D75FF1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{36A1881C-D672-4FAE-B417-82511114C399}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{63CE0B28-491C-4C07-B286-318220520B6C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6938ECCD-AB10-49F5-B17B-9A77DD8F73FC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{935B11C3-EC73-4E18-A0F0-BBFFD66D4FA2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9D0AB68B-CB38-4637-AEB2-75F657E10333}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe | 
"{9F3908B9-AF84-4AE4-AE0F-A3CA352764A1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A854D188-97CD-4876-B3A7-B2D1433DA39F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A862E997-BD7B-4197-B946-5F8474E283AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B1BA499D-34D7-4542-BC63-2EA7AB4F38B7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{BBDF4390-3F9D-4D63-80C5-393699DCB073}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C2F16D9D-49BB-4F7B-AEE6-2EE83811D7A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D148C07B-96B1-4D8A-97EC-07B659F3C15D}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D96FE5A9-D1E2-466F-B098-7B4796BC63A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DBDEEBF3-36CE-4F1E-BBDD-0C97A2971BBD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EB53D8FD-BC42-4440-8096-78326B08A5D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F41E0E34-6248-4C10-B342-7D4C34430CC5}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15C15828-AF64-4B07-9E68-5396A32637F6}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{167CECD2-26E2-45E9-8977-9D5AB6DD33C5}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{1CF24A99-2290-4C00-833F-1AE35B9CFB26}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{1F3E35BA-A089-4D7B-8C5E-6B516EDB422A}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe | 
"{21A08518-0E49-473A-BFA4-840923B099EE}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"{21F40D72-0C63-4A85-A97F-BD47F49DA520}" = dir=out | name=microsoft solitaire collection | 
"{23B80B67-E017-463D-960C-0D52B533B400}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe | 
"{26D61988-AF75-4500-8FF1-3246F28E91DE}" = dir=in | name=pinball fx2 | 
"{2E0D0653-1439-4C23-8BC2-F2E522F27CC5}" = dir=out | name=@{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{2E369E9C-D618-4B18-9340-A498D39D491A}" = dir=out | name=tic tac toe-spiel | 
"{2F23E26F-F1B7-43D0-9F13-371AF0F9A354}" = dir=out | name=@{microsoft.zunevideo_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{334C442F-C9FD-471F-8DC9-B4E89B6F8F55}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{35C870CC-1F2F-416E-931E-3E92691871A6}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{466CE088-C481-4860-AA68-17B4255E8270}" = dir=out | name=fresh paint | 
"{46F69229-2F3A-4968-9B86-10CE9D750F56}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4E5DB9CC-470A-4726-BB2A-1BABFB33A3A5}" = dir=out | name=windows_ie_ac_001 | 
"{6A6BF254-E456-4200-8D0B-D86FD379B6E2}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{7304C559-285B-4852-B8FB-2FCF2DC923E9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{77FA44A0-0288-479D-A668-7DB1122CB865}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{838AE872-4DFB-4024-8033-E4CF032DF15A}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{8899327C-8B26-4CDD-9FC0-9F459C038C07}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"{8AB46F7C-B43F-402A-8E2E-6CDECF9FA61F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{989E3F45-B1A6-417A-94C8-1CCC32C8B238}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{9B1560E9-FB0A-444C-94C6-1A5C2C659260}" = dir=out | name=@{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{A18C95FA-1560-4368-9D51-C6940FEA0E33}" = dir=in | name=@{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{A75FC5B2-8870-491D-A71C-DDB817197DDC}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{AC77F2E3-B062-4B1C-B0B0-82DCB688A100}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe | 
"{AE85583E-50E0-42DA-AA29-43BB82C1F337}" = dir=out | name=@{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{AF55DC36-CAD6-487D-9A8F-9198A1B1C630}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BCF59547-FE14-4D96-B5F9-DF825F56A0C1}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{BDF52252-2351-46C5-8C2C-606995FDF432}" = dir=out | name=taptiles | 
"{C0EB73AD-E2BB-4BA9-BB7F-776208D4C79A}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{C1ECFA54-29F1-4A8D-8BBC-31BA2559561E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C5CF0313-2BA2-4323-A279-567E8C1DA4A5}" = dir=out | name=@{microsoft.bingmaps_1.6.1528.2509_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{C775334D-8924-4282-844D-882E69F4A4A6}" = dir=out | name=@{microsoft.bingfinance_2.0.0.275_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{D4BD5BAB-1FE7-40C2-A9A2-5FA6900662F2}" = dir=out | name=@{microsoft.xboxlivegames_1.2.143.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{D6D1C85B-8F87-4BA6-8862-201BEFF60C5C}" = dir=out | name=adera | 
"{D7ECE886-A589-4B56-A2B5-0C5128D9AAAF}" = dir=out | name=@{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{D8B9C942-C551-40A9-B9F3-D8050A7A1510}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{DB00F028-32F8-4209-BA7D-16AB11E64B76}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | 
"{E5D5B21D-FA74-4AD1-B260-D6A258C3BE37}" = dir=out | name=browserquest | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E9C9A8C1-D821-4B1B-8BE4-15033BED2ED9}" = dir=out | name=pinball fx2 | 
"{EA7AD074-FAA6-46CB-A414-27777E065882}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{F59DC579-8E5F-4897-BE0A-0DEFBB5FC012}" = dir=out | name=@{61908richardwalters.calculator_2.9.0.1_neutral__486nvj664v5b0?ms-resource://61908richardwalters.calculator/resources/apptitle} | 
"{F73673DC-059B-41E3-8D72-6A424B89D5BA}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe | 
"{F8B98943-1B7C-4152-B785-CE5F7D3B2A26}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"TCP Query User{261197AC-C269-490E-8EC4-705E905E113E}E:\ygopro\devpro.dll" = protocol=6 | dir=in | app=e:\ygopro\devpro.dll | 
"TCP Query User{7E75A4F0-37D1-47FF-BA81-289FB7618CDA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{E74BF3CC-98EE-4317-A06A-E28608D629C0}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{51469E54-9CE3-4185-9C3B-B225CDD79ED6}E:\ygopro\devpro.dll" = protocol=17 | dir=in | app=e:\ygopro\devpro.dll | 
"UDP Query User{6E273842-BB2D-4830-B897-E67A1E51BB8A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{D66A9CB5-450A-40B8-A230-D1658143E39A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.053
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"5AB9160B769DD2E134ADCB8010377DECA2479378" = Windows Driver Package - ASUS (ATP) Mouse  (11/09/2012 1.0.0.153)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DesktopIconAmazon" = Desktop Icon für Amazon
"GIMP-2_is1" = GIMP 2.8.4
"SearchAnonymizer" = SearchAnonymizer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}" = LibreOffice 4.0.2.2
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{15F52B39-04CB-4EDB-9A8C-496C4A5588E2}" = Rayman 3
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}" = Iminent
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1" = YGOPro DevPro Version 1.8.4
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8F6F7194-0734-4CDA-8C04-6B766F2241A6}" = Camtasia Studio 8
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DC06C90B-C5BE-42F6-B74D-A9503170998C}" = ASUS Product Demo Movie 
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"avast" = avast! Free Antivirus
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"FoxyDeal_is1" = FoxyDeal version 1.0.0
"IMBoosterARP" = Iminent
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Lunascape6" = Lunascape6 (All Users)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyBitCast" = MyBitCast 2.0
"Notepad++" = Notepad++
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPGAdvocates_RTP_1.0" = Common RTP 1.0
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre 7" = PhotoFiltre 7
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.05.2013 10:17:38 | Computer Name = Sacrifice-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CamRecorder.exe, Version: 7.0.0.1501,
 Zeitstempel: 0x4bbcc4f6  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505aaa82  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00061206  ID des fehlerhaften
 Prozesses: 0x1228  Startzeit der fehlerhaften Anwendung: 0x01ce59519ae33c8b  Pfad der
 fehlerhaften Anwendung: G:\Sinnloser Müll\Gesamter Laptop Progs\TechSmith\Camtasia
 Studio 7\CamRecorder.exe  Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
 d9f281f0-c545-11e2-be95-60a44c7c7514  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 25.05.2013 10:18:43 | Computer Name = Sacrifice-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CamRecorder.exe, Version: 7.0.0.1501,
 Zeitstempel: 0x4bbcc4f6  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505aaa82  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005033b  ID des fehlerhaften
 Prozesses: 0x1704  Startzeit der fehlerhaften Anwendung: 0x01ce5952c0afc84d  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Camtasia Studio 7\CamRecorder.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 008cc24b-c546-11e2-be95-60a44c7c7514
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 25.05.2013 17:55:10 | Computer Name = Sacrifice-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: devpro.dll, Version: 0.0.0.0, Zeitstempel:
 0x519a5cf3  Name des fehlerhaften Moduls: devpro.dll, Version: 0.0.0.0, Zeitstempel:
 0x519a5cf3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x003dd327  ID des fehlerhaften Prozesses:
 0x152c  Startzeit der fehlerhaften Anwendung: 0x01ce5992853b692b  Pfad der fehlerhaften
 Anwendung: E:\YGOPro\devpro.dll  Pfad des fehlerhaften Moduls: E:\YGOPro\devpro.dll
Berichtskennung:
 c492e8ef-c585-11e2-be96-60a44c7c7514  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 25.05.2013 17:55:13 | Computer Name = Sacrifice-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: devpro.dll, Version: 0.0.0.0, Zeitstempel:
 0x519a5cf3  Name des fehlerhaften Moduls: devpro.dll, Version: 0.0.0.0, Zeitstempel:
 0x519a5cf3  Ausnahmecode: 0xc000041d  Fehleroffset: 0x003dd327  ID des fehlerhaften Prozesses:
 0x152c  Startzeit der fehlerhaften Anwendung: 0x01ce5992853b692b  Pfad der fehlerhaften
 Anwendung: E:\YGOPro\devpro.dll  Pfad des fehlerhaften Moduls: E:\YGOPro\devpro.dll
Berichtskennung:
 c631c70c-c585-11e2-be96-60a44c7c7514  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 26.05.2013 10:12:31 | Computer Name = Sacrifice-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“ wurde
 nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 26.05.2013 11:44:48 | Computer Name = Sacrifice-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CamRecorder.exe, Version: 7.0.0.1501,
 Zeitstempel: 0x4bbcc4f6  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505aaa82  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005033b  ID des fehlerhaften
 Prozesses: 0x1af4  Startzeit der fehlerhaften Anwendung: 0x01ce5a27f26b8762  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Camtasia Studio 7\CamRecorder.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 31e8c4c9-c61b-11e2-be97-60a44c7c7514
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 26.05.2013 11:45:38 | Computer Name = Sacrifice-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CamRecorder.exe, Version: 7.0.0.1501,
 Zeitstempel: 0x4bbcc4f6  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505aaa82  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005033b  ID des fehlerhaften
 Prozesses: 0x1088  Startzeit der fehlerhaften Anwendung: 0x01ce5a280c76e745  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Camtasia Studio 7\CamRecorder.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 4fc5a99c-c61b-11e2-be97-60a44c7c7514
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 26.05.2013 18:00:33 | Computer Name = Sacrifice-PC | Source = Microsoft-Windows-WMI | ID = 5601
Description = Die Repositorydateien im Verzeichnis "windir\system32\wbem\repository"
 konnten vom Windows-Verwaltungsinstrumentationsdienst (WMI-Dienst) nicht geladen
 werden. Dies kann auf eine Beschädigung der Repositorydateien, auf Sicherheitseinstellungen
 für dieses Verzeichnis, auf unzureichenden Speicherplatz oder auf andere Probleme
 mit den Systemressourcen (beispielsweise auf unzureichenden Arbeitsspeicher) zurückzuführen
 sein. Wenn dieser Fehler bei jedem Neustart des Computers auftritt, muss der Administrator
 den WMI-Dienst auf diesem Computer möglicherweise beenden, die Sicherheitseinstellung
 für diesen Ordner und die darin enthaltenen Dateien überprüfen und "WMIDiag" ausführen,
 um den Status der Windows-Verwaltungsinstrumentation zu überprüfen.
 
Error - 29.05.2013 13:36:19 | Computer Name = Sacrifice-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CamtasiaStudio.exe, Version: 8.0.4.1060,
 Zeitstempel: 0x50c57c2f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578,
 Zeitstempel: 0x515fac6e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000daa3c  ID des fehlerhaften
 Prozesses: 0x1948  Startzeit der fehlerhaften Anwendung: 0x01ce5c8a0aac721f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 4515eb35-c886-11e2-be9c-60a44c7c7514
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 29.05.2013 18:11:24 | Computer Name = Sacrifice-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
[ System Events ]
Error - 16.05.2013 08:42:21 | Computer Name = Sacrifice-PC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 16.05.2013 20:10:32 | Computer Name = Sacrifice-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 17.05.2013 08:12:14 | Computer Name = Sacrifice-PC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 17.05.2013 08:21:13 | Computer Name = Sacrifice-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 18.05.2013 17:21:26 | Computer Name = Sacrifice-PC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 18.05.2013 17:22:47 | Computer Name = Sacrifice-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 18.05.2013 17:22:47 | Computer Name = Sacrifice-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 18.05.2013 18:21:59 | Computer Name = Sacrifice-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 19.05.2013 07:23:32 | Computer Name = Sacrifice-PC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 19.05.2013 09:05:31 | Computer Name = Sacrifice-PC | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
 
< End of report >
         
__________________

Alt 30.05.2013, 13:30   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Delta Search, Click Compare uvm. - Standard

Delta Search, Click Compare uvm.



Windows-taste+R < schreibe appwiz.cpl und drücke Enter.

Deinstalliere:
Yontoo 2.053
BrowserProtect
Delta toolbar
Delta Chrome Toolbar



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Neues OTl log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.05.2013, 14:03   #5
Raxtasy
 
Delta Search, Click Compare uvm. - Standard

Delta Search, Click Compare uvm.



Sooooo, done.

ADW:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 30/05/2013 um 14:38:10 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : Mirco - SACRIFICE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mirco\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : SearchAnonymizer
Gestoppt & Gelöscht : SProtection

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
Datei Gelöscht : C:\Users\Mirco\AppData\Roaming\Mozilla\Firefox\Profiles\fpin2e4y.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Mirco\AppData\Roaming\Mozilla\Firefox\Profiles\fpin2e4y.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Mirco\AppData\Roaming\Mozilla\Firefox\Profiles\fpin2e4y.default\searchplugins\delta.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Program Files (x86)\FoxyDeal
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FoxyDeal
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Mirco\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Mirco\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Mirco\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Mirco\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Mirco\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\Mirco\AppData\Roaming\Mozilla\Firefox\Profiles\fpin2e4y.default\extensions\firejump@firejump.net
Ordner Gelöscht : C:\Users\Mirco\AppData\Roaming\Mozilla\Firefox\Profiles\fpin2e4y.default\jetpack
Ordner Gelöscht : C:\Users\Mirco\AppData\Roaming\OCS

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Umbrella
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5e28d8fe13cba47
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FoxyDeal_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [firejump@firejump.net]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=119828&tt=gc_&babsrc=HP_ss_din2g&mntrId=54CF1ED05A59D08E --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Mirco\AppData\Roaming\Mozilla\Firefox\Profiles\fpin2e4y.default\prefs.js

C:\Users\Mirco\AppData\Roaming\Mozilla\Firefox\Profiles\fpin2e4y.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.bbDpng", "30");
Gelöscht : user_pref("extensions.delta.cntry", "DE");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.hdrMd5", "FB2BF0085916ED90D92252E217DFD8A0");
Gelöscht : user_pref("extensions.delta.id", "54cfe0f60000000000001ed05a59d08e");
Gelöscht : user_pref("extensions.delta.instlDay", "15854");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.21.523:47:53");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.sg", "czb");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.523:47:53");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119828&tt=gc_");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[S1].txt - [26520 octets] - [30/05/2013 14:38:10]

########## EOF - C:\AdwCleaner[S1].txt - [26581 octets] ##########
         
[/CODE]
--- --- ---

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 x64
Ran by Mirco on 30.05.2013 at 14:44:59,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\MYBABYLONTB.EXE-B2BD98E4.pf



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\invalidprefs.js
Successfully deleted: [File] "C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\extensions\ftdownloader3@ftdownloader.com.xpi" 
Successfully deleted: [Folder] C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\jetpack
Successfully deleted: [Folder] C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\extensions\webbooster@iminent.com
Successfully deleted the following from C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\prefs.js

user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1369866493260");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.05.2013 at 14:48:37,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
neuer OTL:
Code:
ATTFilter
OTL logfile created on: 30.05.2013 14:54:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mirco\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 81,99% Memory free
15,88 Gb Paging File | 14,39 Gb Available in Paging File | 90,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 130,70 Gb Free Space | 70,16% Space Free | Partition Type: NTFS
Drive D: | 258,15 Gb Total Space | 254,86 Gb Free Space | 98,73% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 220,67 Gb Free Space | 94,76% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 232,76 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive H: | 4,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SACRIFICE-PC | User Name: Mirco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.30 00:16:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirco\Downloads\OTL.exe
PRC - [2013.03.07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.20 11:57:20 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012.09.29 20:18:26 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012.09.18 14:51:54 | 001,124,032 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012.09.17 11:27:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.09.14 15:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012.09.11 18:06:52 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012.09.11 16:01:34 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012.09.11 16:01:30 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012.09.11 13:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2012.08.31 21:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012.08.22 11:24:28 | 001,559,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012.07.17 18:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012.07.17 11:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.17 11:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.17 11:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.07.17 11:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.05.28 12:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012.05.23 02:48:42 | 000,078,352 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2012.04.13 12:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012.03.28 20:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011.11.21 16:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.11 16:01:28 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.11.27 14:57:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.11.27 14:56:57 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.11.27 14:56:57 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.11.27 14:56:51 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012.04.20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013.05.17 16:15:52 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 20:10:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.27 14:56:51 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.11.21 10:58:42 | 000,277,048 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.29 21:01:56 | 000,220,288 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012.09.29 20:18:26 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012.09.17 11:27:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.09.11 13:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.17 11:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.17 11:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.17 11:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.07.17 11:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.05.23 10:48:42 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2012.04.13 12:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011.11.21 16:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.03.07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.03.07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.03.07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.03.07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.03.07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.03.07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.03.07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.03.07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 14:56:51 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.11.27 14:56:51 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.11.27 14:56:51 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.11.27 14:56:51 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.21 10:58:32 | 005,337,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.11.20 11:57:28 | 000,062,848 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.19 01:57:58 | 003,728,384 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012.11.15 06:11:54 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.09.29 20:43:20 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.09.18 14:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012.09.14 07:15:10 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.08.02 05:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012.07.30 18:04:12 | 000,690,832 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.02 09:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.06.13 12:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2012.06.02 16:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012.06.02 16:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012.06.02 16:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012.05.31 05:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV - [2011.09.07 11:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{39926D04-A875-4025-963B-D295052EB03B}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=c7e25e44-dda3-4cf0-b843-c99ac8bb4ead&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{5A7867E8-DD08-4FC0-8D4A-35DAF276319D}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=c7e25e44-dda3-4cf0-b843-c99ac8bb4ead&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{7D5CFBF4-2427-4C45-A91D-084209EFE337}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=c7e25e44-dda3-4cf0-b843-c99ac8bb4ead&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9FD9D813-677A-4916-A9BF-51D77F153479}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=c7e25e44-dda3-4cf0-b843-c99ac8bb4ead&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C24F1A0F-A9B8-4614-87AB-998A87A5C20B}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=c7e25e44-dda3-4cf0-b843-c99ac8bb4ead&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C4CC7847-AD27-4BE6-A139-E2125126F334}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=c7e25e44-dda3-4cf0-b843-c99ac8bb4ead&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.20 02:34:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.05.29 23:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\Extensions
[2013.05.30 14:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\Firefox\Profiles\fpin2e4y.default\extensions
[2013.05.29 23:47:14 | 000,001,094 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\{3BD54F02-606D-4155-9B38-093333621A6A}.xml
[2013.05.29 23:47:14 | 000,001,870 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\{51DE4F0E-6EB8-4AEA-92B4-A68AB766FFF9}.xml
[2013.05.29 23:47:14 | 000,002,522 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\{944D4CC1-2F57-4894-BA6E-56484F01E1CD}.xml
[2013.05.29 23:47:14 | 000,002,077 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\{B2AC876C-B2D3-45DA-B477-0F24B50FC799}.xml
[2013.05.29 23:47:14 | 000,002,188 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\{CE6CACB2-92E3-472B-AB03-CC6477138A64}.xml
[2013.05.29 23:47:14 | 000,024,039 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\fpin2e4y.default\searchplugins\{E56618C7-0769-4EF9-A4FF-658A123682C8}.xml
[2013.05.29 23:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2013.05.17 16:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.17 16:15:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Mirco\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{695500E9-5790-4AA1-8392-350E0C56C8C6}: DhcpNameServer = 192.168.178.1 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.30 14:44:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.30 14:44:45 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.30 00:25:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.05.29 23:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.29 23:47:26 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll
[2013.05.29 23:47:14 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Opera
[2013.05.29 23:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013.05.29 23:35:34 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Malwarebytes
[2013.05.29 23:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.29 23:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.29 23:35:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.29 23:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.29 17:51:43 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.05.29 17:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.05.29 17:51:42 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Notepad++
[2013.05.29 17:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013.05.29 16:12:38 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Lunascape
[2013.05.29 16:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6
[2013.05.29 16:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lunascape
[2013.05.26 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Local\TechSmith
[2013.05.26 18:02:54 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\TechSmith
[2013.05.26 18:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2013.05.26 18:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.05.26 18:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2013.05.26 18:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2013.05.25 16:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2013.05.25 16:18:54 | 000,000,000 | ---D | C] -- C:\Users\Mirco\Documents\Camtasia Studio
[2013.05.25 16:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Camtasia Studio 7
[2013.05.17 16:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.13 02:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YGOPro
[2013.05.13 02:17:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GTA San Andreas User Files
[2013.05.13 02:10:02 | 000,000,000 | ---D | C] -- C:\Users\Mirco\Documents\GTA San Andreas User Files
[2013.05.09 00:33:39 | 000,000,000 | R--D | C] -- C:\Users\Mirco\SkyDrive
[2013.05.06 00:22:37 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\LibreOffice
[2013.05.05 23:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Enterbrain
[2013.05.05 23:42:19 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
[2013.05.05 23:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0
[2013.05.05 23:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4.0
[2013.05.05 01:35:57 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\vlc
[2013.05.05 01:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.05.05 01:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.05.04 17:46:33 | 000,000,000 | ---D | C] -- C:\Users\Mirco\Documents\Pinnacle VideoSpin
[2013.05.04 17:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2013.05.04 17:43:19 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Local\Downloaded Installations
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.30 14:41:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.30 14:40:37 | 000,000,401 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\sp_data.sys
[2013.05.30 14:39:17 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.30 14:39:14 | 2474,229,759 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.30 00:29:11 | 542,303,856 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.30 00:17:38 | 000,000,000 | ---- | M] () -- C:\Users\Mirco\defogger_reenable
[2013.05.30 00:11:28 | 004,320,054 | ---- | M] () -- C:\Users\Mirco\Desktop\Neue Bitmap.bmp
[2013.05.30 00:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.29 23:49:20 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.29 23:48:43 | 000,000,635 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.05.29 23:45:56 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013.05.29 23:35:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.29 19:03:20 | 000,032,847 | ---- | M] () -- C:\Users\Mirco\AppData\Local\recently-used.xbel
[2013.05.29 16:11:48 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\Lunascape6.lnk
[2013.05.29 14:13:41 | 000,338,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.26 21:39:53 | 000,004,608 | ---- | M] () -- C:\Users\Mirco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.26 18:02:27 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
[2013.05.25 16:09:45 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.25 16:09:45 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.25 16:09:45 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.25 16:09:45 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.25 16:09:45 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.11 12:46:28 | 000,000,017 | ---- | M] () -- C:\Users\Mirco\AppData\Local\resmon.resmoncfg
[2013.05.09 00:53:19 | 000,000,367 | ---- | M] () -- C:\Users\Mirco\Heimnetzgruppe - Verknüpfung.lnk
[2013.05.06 04:19:57 | 000,001,548 | ---- | M] () -- C:\Users\Mirco\Desktop\Herunterfahren.lnk
[2013.05.06 00:51:48 | 000,664,367 | ---- | M] () -- C:\Users\Mirco\Documents\Bewerbung.odt
[2013.05.05 23:21:13 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk
[2013.05.05 01:35:50 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.30 00:24:49 | 542,303,856 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.05.30 00:17:38 | 000,000,000 | ---- | C] () -- C:\Users\Mirco\defogger_reenable
[2013.05.30 00:10:55 | 004,320,054 | ---- | C] () -- C:\Users\Mirco\Desktop\Neue Bitmap.bmp
[2013.05.29 23:49:20 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.29 23:48:34 | 000,000,635 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.05.29 23:47:27 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2013.05.29 23:45:56 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013.05.29 23:35:27 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.29 19:03:20 | 000,032,847 | ---- | C] () -- C:\Users\Mirco\AppData\Local\recently-used.xbel
[2013.05.29 16:11:48 | 000,001,205 | ---- | C] () -- C:\Users\Public\Desktop\Lunascape6.lnk
[2013.05.29 14:13:29 | 000,338,816 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.26 18:02:27 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
[2013.05.26 12:58:00 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.05.11 12:46:28 | 000,000,017 | ---- | C] () -- C:\Users\Mirco\AppData\Local\resmon.resmoncfg
[2013.05.09 00:53:19 | 000,000,367 | ---- | C] () -- C:\Users\Mirco\Heimnetzgruppe - Verknüpfung.lnk
[2013.05.09 00:33:01 | 000,000,303 | ---- | C] () -- C:\Users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heimnetzgruppe.lnk
[2013.05.06 04:19:10 | 000,001,548 | ---- | C] () -- C:\Users\Mirco\Desktop\Herunterfahren.lnk
[2013.05.05 23:21:13 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk
[2013.05.05 01:35:50 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.04 17:47:18 | 000,004,608 | ---- | C] () -- C:\Users\Mirco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.20 19:36:04 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2013.04.20 19:35:45 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2013.04.20 19:35:45 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2013.04.19 22:46:50 | 000,000,401 | ---- | C] () -- C:\Users\Mirco\AppData\Roaming\sp_data.sys
[2013.01.10 13:10:45 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013.01.10 13:10:33 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.01.10 13:10:31 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.11.27 14:56:57 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.11.27 06:08:26 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012.11.27 06:08:26 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012.11.27 06:08:26 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.07.25 22:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.07.25 22:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >
         


Alt 30.05.2013, 14:25   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Delta Search, Click Compare uvm. - Standard

Delta Search, Click Compare uvm.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Noch Probleme mit dem Rechner?
__________________
--> Delta Search, Click Compare uvm.

Alt 30.05.2013, 15:57   #7
Raxtasy
 
Delta Search, Click Compare uvm. - Standard

Delta Search, Click Compare uvm.



Der Scan dauert noch ein wenig. Sieht aber gut aus! Er findet jetzt noch ein bisschen Stuff auf meiner externen, aber ich schätze, dass er das dann runtermacht. Schonmal im Voraus: Danke für deine schnelle und professionelle Hilfe, schrauber! Das Forum hat auf jeden Fall meinen Segen und ich melde mich, wenn ich zukünftig Hilfe benötige =)

Sobald der Scan durch is poste ich nochmal die Logfiles und dann sehen wir mal, ob noch was gemacht werden muss.

EDIT
Eset-log
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b3f2069c332b344aab0e1e6c080c9541
# engine=13953
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-30 03:13:09
# local_time=2013-05-30 05:13:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=774 16777214 85 91 2673466 146640261 0 0
# compatibility_mode=5893 16776574 100 94 2778364 29432900 0 0
# scanned=567618
# found=4
# cleaned=4
# scan_time=5285
sh=36A0C0F2E1A8EA40E293772F13C3AACE4B0812B8 ft=1 fh=3bf8a910dc568291 vn="probably a variant of Win32/Agent.EOYAHVV trojan (cleaned by deleting - quarantined)" ac=C fn="G:\Sinnloser Müll\Neuer Ordner\Festplatte\Alles Mögliche\gta_san_andreas_v1_1_plus_20_trainer\engine.exe"
sh=0E4FAFC29E5858701C5F573D0A96CD89A358C1D6 ft=1 fh=bc4ada37ba01731d vn="probably unknown NewHeur_PE virus (deleted - quarantined)" ac=C fn="G:\Sinnloser Müll\World of Warcraft\launcher.exe"
sh=20DE506DE5F14E04A399ED4F11F65F931AA97B16 ft=1 fh=ed69c0f9c2ab56c6 vn="probably unknown NewHeur_PE virus (cleaned by deleting - quarantined)" ac=C fn="G:\Sinnloser Müll\World of Warcraft\sblauncher.exe"
sh=97DF173B542217A3DA303C8C8A2B76EEDE4279FA ft=1 fh=2478213a602e2f10 vn="probably unknown NewHeur_PE virus (deleted - quarantined)" ac=C fn="G:\Sinnloser Müll\World of Warcraft\updater.exe"
         
Security check
Code:
ATTFilter
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
Naja ^^
Wie bereits erwähnt: Vielen Dank.
Ich melde mich nochmal wenn weitere Probleme auftreten sollten.

Geändert von Raxtasy (30.05.2013 um 16:21 Uhr)

Alt 30.05.2013, 17:05   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Delta Search, Click Compare uvm. - Standard

Delta Search, Click Compare uvm.



Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob/Kritik loswerden möchtest:
http://www.trojaner-board.de/lob-kritik-wuensche/


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.05.2013, 17:56   #9
Raxtasy
 
Delta Search, Click Compare uvm. - Standard

Delta Search, Click Compare uvm.



Dankeschön!

Hab soweit alles erledigt und keine weiteren Fragen mehr!

Alt 30.05.2013, 19:05   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Delta Search, Click Compare uvm. - Standard

Delta Search, Click Compare uvm.



Büdde
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Delta Search, Click Compare uvm.
avast, browser, ccleaner, compare, ebenfalls, entdeck, explorer, firefox, frage, hochfahren, internet, internet explorer, kleines, offen, problem, programme, rechner, scanner, viren, virenscanner, win32/agent.eoyahvv, windows



Ähnliche Themen: Delta Search, Click Compare uvm.


  1. Trojanerbeseitigung click compare MAC
    Log-Analyse und Auswertung - 08.09.2014 (3)
  2. Click Compare Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.07.2014 (3)
  3. Click Compare Trojaner entfernen
    Log-Analyse und Auswertung - 18.02.2014 (12)
  4. Click Compare im Firefox
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (2)
  5. Click Compare Virus
    Log-Analyse und Auswertung - 19.08.2013 (8)
  6. click compare aus Chrome entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (11)
  7. Click Compare und Windows 8
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (2)
  8. Click-Compare professionell beseitigt
    Lob, Kritik und Wünsche - 24.05.2013 (0)
  9. click compare - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (12)
  10. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  11. Click Compare Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (9)
  12. Click compare / Firefox
    Log-Analyse und Auswertung - 10.04.2013 (6)
  13. Click compare trojaner
    Log-Analyse und Auswertung - 29.03.2013 (2)
  14. Click Compare Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (11)
  15. Click Compare Trojaner entfernen?!
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (11)
  16. Click Compare auf dem Laptop
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (2)
  17. Click Compare in Browser
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (5)

Zum Thema Delta Search, Click Compare uvm. - Moin! ... oder: N'abend! Es scheint als hätte ich ein kleines Problem mit Malware... Ich habe vor einiger Zeit den "Click Compare"-Virus auf meinem Rechner entdeckt, mir daraufhin ein paar - Delta Search, Click Compare uvm....
Archiv
Du betrachtest: Delta Search, Click Compare uvm. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.