Iminent wurde automatisch heruntergeladen und installiert - Wie kann ich es wieder deinstallieren?

nightflight · 11.06.2013, 23:13

Guten Abend,

ich habe mir ein Programm aus dem Internet heruntergeladen und mir dabei unwissentlich das Programm "Iminent" auf dem PC installiert.

Ich habe dann zuerst in in Google nach "Iminent" gesucht und bin in diesem Forum darauf gestoßen das eben dieses Programm große Probleme was das deinstallieren angeht verursachen kann. Daraufhin habe ich dies gar nicht erst versucht (ich hoffe dies war jetzt besser so?!) und habe, wie auf dieser Seite beschrieben, die Programme Defoggr, OTL und GMER heruntergeladen und bin ebenfalls wie auf dieser Seite beschrieben vorgegangen.

Nachfolgend nun die Ergebnisse der Scans von OTL und Gmer:

OTL.Txt:

OTL logfile created on: 6/11/2013 10:27:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nightflight\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.97 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 67.12% Memory free
5.93 Gb Paging File | 4.88 Gb Available in Paging File | 82.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 100.57 Gb Free Space | 44.63% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 52.47 Gb Free Space | 23.29% Space Free | Partition Type: NTFS

Computer Name: NIGHTFLIGHT-PC | User Name: nightflight | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/11 22:18:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nightflight\Desktop\OTL.exe
PRC - [2013/06/11 22:13:52 | 000,050,477 | ---- | M] () -- C:\Users\nightflight\Desktop\Defogger.exe
PRC - [2013/06/07 10:59:54 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.exe
PRC - [2013/06/07 10:59:54 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.Messengers.exe
PRC - [2013/06/06 08:17:28 | 002,715,176 | ---- | M] (Iminent) -- C:\Program Files\Common Files\Umbrella\umbrella.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/29 22:12:38 | 000,070,144 | ---- | M] (AlcaTech) -- C:\Windows\System32\mmrtkrnl.exe
PRC - [2010/03/28 16:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010/01/19 11:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/20 11:12:58 | 000,013,312 | ---- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLangApp.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2008/10/24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/11 22:13:52 | 000,050,477 | ---- | M] () -- C:\Users\nightflight\Desktop\Defogger.exe
MOD - [2013/05/21 21:50:08 | 018,080,256 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll
MOD - [2013/05/21 21:49:46 | 001,078,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef\System.IdentityModel.ni.dll
MOD - [2013/05/21 21:48:13 | 001,021,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/21 21:48:12 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll
MOD - [2013/05/20 13:11:42 | 018,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013/05/20 13:11:17 | 006,815,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6f120c76113dc5166d2a5a5d21900f39\System.Data.ni.dll
MOD - [2013/05/20 13:10:58 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013/05/20 13:10:44 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013/05/20 13:10:07 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013/05/20 13:10:02 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/05/20 13:09:44 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/02/15 19:48:49 | 000,148,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll
MOD - [2013/01/12 19:10:02 | 001,885,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ddbbfda715843c275166d3867d28e67a\System.Web.Services.ni.dll
MOD - [2013/01/12 19:05:54 | 000,787,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll
MOD - [2013/01/12 19:05:54 | 000,236,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll
MOD - [2013/01/12 19:05:52 | 000,649,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll
MOD - [2013/01/12 19:05:49 | 000,143,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/01/12 19:05:42 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/12 04:08:18 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/12 04:08:11 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/12 04:08:04 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/12 04:07:56 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

========== Services (SafeList) ==========

SRV - [2013/06/11 22:21:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/06 08:17:28 | 002,715,176 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013/05/24 20:39:51 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2010/03/28 16:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008/10/24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)

========== Driver Services (SafeList) ==========

DRV - [2013/05/31 18:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20130531.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/22 19:15:37 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20130611.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/22 19:15:37 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20130611.003\NAVENG.SYS -- (NAVENG)
DRV - [2013/02/27 22:54:34 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/02/27 22:54:34 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/02/27 22:10:58 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/02/26 17:47:50 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20130608.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/04/21 03:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys -- (SymNetS)
DRV - [2011/03/31 05:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 05:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/15 04:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 08:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 07:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/11/06 22:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/11/06 06:07:10 | 009,923,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/27 16:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde206
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=060612_5_&babsrc=SP_ss&mntrId=78635dfc000000000000f67bcb2c4a1a
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE392
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "FBDownloader Search"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "hxxp://search.fbdownloader.com/?channel=sfde206"
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:6.21.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=112555&tt=060612_5_&babsrc=KW_ss&mntrId=78635dfc000000000000f67bcb2c4a1a&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2013/06/11 18:13:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_13_2 [2013/06/11 18:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Users\nightflight\AppData\Roaming\Mozilla\Firefox\Profiles\ewgkopok.default\extensions\webbooster@iminent.com [2013/06/11 21:50:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/24 20:39:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/24 20:39:43 | 000,000,000 | ---D | M]

[2010/08/10 23:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\Extensions
[2013/06/11 21:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\Firefox\Profiles\ewgkopok.default\extensions
[2012/04/03 18:16:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\nightflight\AppData\Roaming\mozilla\Firefox\Profiles\ewgkopok.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2013/02/09 07:07:15 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\nightflight\AppData\Roaming\mozilla\Firefox\Profiles\ewgkopok.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/03/22 17:40:56 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\nightflight\AppData\Roaming\mozilla\Firefox\Profiles\ewgkopok.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2013/06/11 21:50:50 | 000,000,000 | ---D | M] (Iminent Minibar) -- C:\Users\nightflight\AppData\Roaming\mozilla\Firefox\Profiles\ewgkopok.default\extensions\webbooster@iminent.com
[2012/12/12 19:25:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/06/02 20:13:05 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/24 19:40:57 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/06/11 21:43:47 | 000,007,190 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\fbdownloader_search.xml
[2013/06/10 22:13:15 | 000,000,950 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\icqplugin-1.xml
[2010/10/23 12:44:33 | 000,000,950 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\icqplugin-2.xml
[2010/10/30 19:55:14 | 000,000,950 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\icqplugin-3.xml
[2010/12/12 14:47:46 | 000,000,950 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\icqplugin-4.xml
[2011/03/07 13:33:32 | 000,000,950 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\icqplugin-5.xml
[2011/03/25 02:17:11 | 000,000,950 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\icqplugin-6.xml
[2011/05/01 16:02:51 | 000,000,000 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\icqplugin-7.xml
[2011/06/22 18:27:34 | 000,000,950 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\icqplugin-8.xml
[2010/09/18 00:42:27 | 000,001,056 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\icqplugin.xml
[2010/12/31 08:12:59 | 000,001,218 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\kikin-search.xml
[2011/08/17 20:25:43 | 000,002,449 | ---- | M] () -- C:\Users\nightflight\AppData\Roaming\mozilla\firefox\profiles\ewgkopok.default\searchplugins\safesearch.xml
[2013/05/24 20:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013/05/24 20:39:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/06 22:01:22 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\windows\System32\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DataMgr] C:\Users\nightflight\AppData\Roaming\DataMgr\DataMgr.exe (HTTO Group, Ltd.)
O4 - HKCU..\Run: [Intermediate] C:\Users\nightflight\AppData\Roaming\Intermediate\Intermediate.exe ()
O4 - HKCU..\Run: [Personal ID] C:\PROGRA~1\COOLSP~1\PERSON~1\PID.EXE (coolspot AG, Düsseldorf)
O4 - HKCU..\Run: [SCheck] C:\Users\nightflight\AppData\Roaming\SCheck\SCheck.exe ()
O4 - HKCU..\Run: [SSync] C:\Users\nightflight\AppData\Roaming\SSync\SSync.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6740F581-8B96-4B73-9C1B-74E80ABB4E31}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FDA3D46-535B-4CBC-8179-3B7BAD411078}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACFAC4C8-7E04-4795-B689-B2AF31876156}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9336cb9b-147a-11e1-9b3f-0024546e784a}\Shell - "" = AutoRun
O33 - MountPoints2\{9336cb9b-147a-11e1-9b3f-0024546e784a}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/11 22:18:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nightflight\Desktop\OTL.exe
[2013/06/11 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\Iminent
[2013/06/11 21:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013/06/11 21:50:57 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
[2013/06/11 21:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Umbrella
[2013/06/11 21:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013/06/11 21:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
[2013/06/11 21:43:37 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\SSync
[2013/06/11 21:43:37 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\Intermediate
[2013/06/11 21:43:37 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\DataMgr
[2013/06/11 21:43:36 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\SCheck
[2013/06/11 21:43:36 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fbDownloader
[2013/06/11 21:43:35 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\FBDownloader
[2013/06/11 21:43:35 | 000,000,000 | ---D | C] -- C:\Users\nightflight\AppData\Roaming\Common
[2013/06/11 21:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFTK Builder
[2013/06/11 21:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\PDFTK Builder
[2013/05/29 09:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/05/29 09:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013/05/29 09:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013/05/24 20:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/01 23:22:44 | 000,247,120 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\nightflight\RdLang32k
[2007/08/13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\nightflight\AppData\Local\CDRip.dll
[2007/01/18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\nightflight\AppData\Local\No23 Recorder.exe
[2006/12/11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\nightflight\AppData\Local\basscd.dll
[2006/12/11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\nightflight\AppData\Local\bass.dll
[1 C:\Users\nightflight\Desktop\*.tmp files -> C:\Users\nightflight\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/11 22:23:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/11 22:21:33 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/06/11 22:18:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nightflight\Desktop\OTL.exe
[2013/06/11 22:16:18 | 000,000,000 | ---- | M] () -- C:\Users\nightflight\defogger_reenable
[2013/06/11 22:13:52 | 000,050,477 | ---- | M] () -- C:\Users\nightflight\Desktop\Defogger.exe
[2013/06/11 21:51:04 | 000,000,611 | ---- | M] () -- C:\windows\System32\InstallUtil.InstallLog
[2013/06/11 21:43:36 | 000,001,958 | ---- | M] () -- C:\Users\nightflight\Desktop\fbDownloader.lnk
[2013/06/11 21:42:46 | 002,790,572 | ---- | M] ( ) -- C:\Users\nightflight\Desktop\pdftkb_setup_3.6.exe
[2013/06/11 21:17:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/11 19:23:00 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/11 18:21:50 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 18:21:50 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 18:13:36 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/09 19:50:55 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2013/05/29 09:44:21 | 000,001,360 | ---- | M] () -- C:\Users\nightflight\Desktop\Free YouTube to MP3 Converter.lnk
[2013/05/20 13:31:20 | 000,389,504 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/05/20 13:07:06 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/05/20 13:07:06 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/05/20 13:07:06 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/05/20 13:07:06 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat
[1 C:\Users\nightflight\Desktop\*.tmp files -> C:\Users\nightflight\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/11 22:16:18 | 000,000,000 | ---- | C] () -- C:\Users\nightflight\defogger_reenable
[2013/06/11 22:13:52 | 000,050,477 | ---- | C] () -- C:\Users\nightflight\Desktop\Defogger.exe
[2013/06/11 21:50:47 | 000,000,611 | ---- | C] () -- C:\windows\System32\InstallUtil.InstallLog
[2013/06/11 21:43:36 | 000,001,958 | ---- | C] () -- C:\Users\nightflight\Desktop\fbDownloader.lnk
[2013/06/11 21:42:06 | 002,790,572 | ---- | C] ( ) -- C:\Users\nightflight\Desktop\pdftkb_setup_3.6.exe
[2013/06/09 19:50:55 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2013/05/29 09:44:21 | 000,001,360 | ---- | C] () -- C:\Users\nightflight\Desktop\Free YouTube to MP3 Converter.lnk
[2010/12/03 19:17:47 | 001,310,720 | ---- | C] () -- C:\Users\nightflight\AcroRd32k
[2010/08/12 19:50:53 | 000,001,501 | ---- | C] () -- C:\Users\nightflight\AppData\Local\RecConfig.xml
[2010/08/10 15:21:31 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2007/08/13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\nightflight\AppData\Local\lame_enc.dll
[2006/10/26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\nightflight\AppData\Local\vorbisenc.dll
[2006/10/26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\nightflight\AppData\Local\vorbisfile.dll
[2006/10/26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\nightflight\AppData\Local\vorbis.dll
[2006/10/26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\nightflight\AppData\Local\ogg.dll
[2005/08/23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\nightflight\AppData\Local\no23xwrapper.dll

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/10/15 00:13:03 | 000,000,000 | -HSD | M] -- C:\Users\nightflight\AppData\Roaming\.#
[2010/11/25 20:36:28 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\AlcaTech
[2012/06/06 22:01:07 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\Babylon
[2012/06/06 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\BabylonToolbar
[2013/06/11 21:43:35 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\Common
[2013/06/11 21:43:37 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\DataMgr
[2013/05/29 09:43:47 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\DVDVideoSoft
[2010/11/28 19:21:43 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\EPSON
[2013/06/11 21:43:36 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\FBDownloader
[2010/09/16 18:07:30 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\GameConsole
[2013/03/07 23:22:18 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\ICQ
[2013/06/11 22:06:06 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
[2013/06/11 21:51:18 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\Iminent
[2013/06/11 21:43:37 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\Intermediate
[2010/10/15 00:11:21 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\kikin
[2010/10/15 00:04:34 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\PlayFirst
[2013/06/11 21:43:36 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\SCheck
[2013/06/11 21:43:37 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\SSync
[2011/08/15 21:36:48 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\Tific
[2011/12/11 17:28:57 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\Utherverse
[2010/11/11 23:47:34 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\Wargaming.Net
[2012/06/06 22:01:03 | 000,000,000 | ---D | M] -- C:\Users\nightflight\AppData\Roaming\YourFileDownloader

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >

Extras.Txt:

OTL Extras logfile created on: 6/11/2013 10:27:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nightflight\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.97 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 67.12% Memory free
5.93 Gb Paging File | 4.88 Gb Available in Paging File | 82.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 100.57 Gb Free Space | 44.63% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 52.47 Gb Free Space | 23.29% Space Free | Partition Type: NTFS

Computer Name: NIGHTFLIGHT-PC | User Name: nightflight | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12650E80-432B-45B4-8E93-787FCBD611F1}" = lport=445 | protocol=6 | dir=in | app=system |
"{12AFA8F1-5038-4BCC-B83C-93358FFB8A87}" = rport=139 | protocol=6 | dir=out | app=system |
"{22D614AD-9D2C-427E-A0C4-AC0A7640002F}" = lport=138 | protocol=17 | dir=in | app=system |
"{6882BF0D-29BB-47FE-9539-9C94F2A06196}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{69602ACA-E7E8-4D83-B419-9AD56023F2D4}" = rport=138 | protocol=17 | dir=out | app=system |
"{8164C2DD-E42C-44F6-B097-6C203D6087E1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{84573A3C-B22B-44C1-8A66-21EE82C3D30A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{89BDDA84-D493-4419-BEB6-2B81C485F501}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FAAA6CE-7CEA-4D05-811B-77401B96121A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{90643D26-E3B4-4A68-B2B4-E661E8610B04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9996150D-BD90-42DB-8C2F-8C9B59D89CAE}" = lport=137 | protocol=17 | dir=in | app=system |
"{9AB1462F-6333-4994-A1BE-B74A30BB40B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD77EAFD-9E6A-4B9E-AA6A-622B5DD32F8D}" = rport=445 | protocol=6 | dir=out | app=system |
"{E707D949-21B7-4DDB-AB15-18F9DACE9149}" = lport=139 | protocol=6 | dir=in | app=system |
"{F0AFA054-05CD-4EA9-BBA3-1652941CBECE}" = rport=137 | protocol=17 | dir=out | app=system |
"{FB278F6B-870D-40A5-A1EB-ABDF9805F64D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C101FB2-09A8-4E7E-B0F3-F22B3EDB5AEE}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{17456B29-ECAB-40CF-B4F7-AC870848BD84}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{1B4A8D63-D7D1-415C-803A-98E0DFD28F92}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{1D215658-7341-431F-902C-94068F9D5FEC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3AC6BC6C-E406-4327-A1FA-20945C9CA885}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3D45A4E5-8E11-49E3-8F32-7F0882C53D55}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe |
"{3D711B02-0E76-4C84-841E-972D5BCD416E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{412FB67D-3F97-427E-93F6-CE38411B3CEC}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4543F1F8-2B36-4772-B1B0-3EA07234883E}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{5977D9A8-40E3-4E9A-816A-3CC36B859269}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6602002B-4EE9-4787-8D56-A478BCFCA44F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D874A16-1BB2-4815-8AC8-D0186B969299}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{7C8817A0-7E0E-4D97-8CEA-32EA6802A1BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{80763932-6272-4EC3-922F-91E8FFCFF411}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{863D3934-1C3B-47C0-AB25-2DF68D42B921}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A3FE5E3-6194-4642-968D-9C3BAC133319}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8DB98CE2-EF7E-4A98-A035-6620D2F5B0C2}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{932575EF-F27D-4AA3-82B5-5EE97E40CF6E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9933C107-4091-4822-A2CE-D5EFA9C26B4E}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{9A8A30A7-DA08-4F58-AEC4-9E5BDA8D2E35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3B16705-D4A6-45D1-8F1B-544F5290AB3D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A622E7E4-3474-4CF4-8D6F-9E4D0A8ED352}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{AFA5D793-F35C-48C7-B711-1E4E5E3CD481}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B29C97D4-C960-4220-91AC-F33C36F0717C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C2D48996-7144-4C18-BF54-3280353A7CAC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CF86C34F-C3AA-48A0-8695-30FC9707F3BD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D74B8C42-19D1-442B-874C-F954CFEF9621}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D8AABC73-EB37-4062-82CF-E334CAFD07E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E6D47B44-8B2E-4B3A-9E16-0403D0966EC9}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{E6FB9371-0582-4CE4-AE3E-2B39C583DBBE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E7D94AE4-3B5E-45DF-8620-EB77FAF1835E}" = dir=in | app=c:\program files\iminent\iminent.exe |
"{EDF44AE9-AC13-4076-B3C7-A4A7CFE05609}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FC6F62A6-50C2-4EF5-96DF-8501F792EE9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF9FC9D6-D175-4F2F-9207-3D32F2EC24B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{7708C4FA-3B70-4260-A705-2E360E4FAFC2}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{F3F49EAE-8C84-4E15-9EE4-2C46BC6146DF}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1837A345-0C6D-42AE-ACD6-6C4F5FF490BA}" = Iminent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A3CD1582-E5D5-4E84-5FD3-6E2F3622F41F}_is1" = ORDER OF WAR (DEMO) 1.0
"{A5675A9E-F073-414A-9A04-F9BCD50459D7}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"BabylonToolbar" = Babylon toolbar on IE
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESDX3800 Benutzerhandbuch" = ESDX3800 Benutzerhandbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"IMBoosterARP" = Iminent
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"kikin Plugin (NO23 Edition)" = kikin Plugin (NO23 Edition) 1.11
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Secret City" = Secret City
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Casino Tropez" = Casino Tropez
"EuroGrand Casino" = EuroGrand Casino
"fbDownloader" = FBDownloader
"Joyland Casino" = Joyland Casino
"YourFileDownloader" = YourFileDownloader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2013 12:48:53 AM | Computer Name = nightflight-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3027

Error - 4/21/2013 12:48:53 AM | Computer Name = nightflight-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3027

Error - 4/21/2013 12:48:54 AM | Computer Name = nightflight-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/21/2013 12:48:54 AM | Computer Name = nightflight-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4041

Error - 4/21/2013 12:48:54 AM | Computer Name = nightflight-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4041

Error - 4/21/2013 12:48:56 AM | Computer Name = nightflight-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/21/2013 12:48:56 AM | Computer Name = nightflight-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5491

Error - 4/21/2013 12:48:56 AM | Computer Name = nightflight-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5491

Error - 4/21/2013 12:48:57 AM | Computer Name = nightflight-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/21/2013 12:48:57 AM | Computer Name = nightflight-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6537

[ Media Center Events ]
Error - 1/29/2013 7:40:11 PM | Computer Name = nightflight-PC | Source = MCUpdate | ID = 0
Description = 00:40:11 - Fehler beim Herstellen der Internetverbindung. 00:40:11
- Serververbindung konnte nicht hergestellt werden..

Error - 1/29/2013 7:40:20 PM | Computer Name = nightflight-PC | Source = MCUpdate | ID = 0
Description = 00:40:16 - Fehler beim Herstellen der Internetverbindung. 00:40:16
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 6/3/2013 5:34:07 PM | Computer Name = nightflight-PC | Source = bowser | ID = 8003
Description =

Error - 6/4/2013 12:35:57 PM | Computer Name = nightflight-PC | Source = bowser | ID = 8003
Description =

Error - 6/5/2013 2:41:31 PM | Computer Name = nightflight-PC | Source = bowser | ID = 8003
Description =

Error - 6/6/2013 3:37:51 PM | Computer Name = nightflight-PC | Source = bowser | ID = 8003
Description =

Error - 6/7/2013 2:01:13 PM | Computer Name = nightflight-PC | Source = bowser | ID = 8003
Description =

Error - 6/7/2013 5:52:22 PM | Computer Name = nightflight-PC | Source = bowser | ID = 8003
Description =

Error - 6/9/2013 1:40:54 PM | Computer Name = nightflight-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?06.?2013 um 00:23:11 unerwartet heruntergefahren.

Error - 6/9/2013 5:02:45 PM | Computer Name = nightflight-PC | Source = bowser | ID = 8003
Description =

Error - 6/11/2013 3:19:15 PM | Computer Name = nightflight-PC | Source = bowser | ID = 8003
Description =

Error - 6/11/2013 3:50:36 PM | Computer Name = nightflight-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

< End of report >

Gmer.txt:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-11 23:35:08
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\NIGHTF~1\AppData\Local\Temp\axliqkod.sys

---- System - GMER 2.1 ----

SSDT 874819A0 ZwAlertResumeThread
SSDT 87BFF338 ZwAlertThread
SSDT 87C15980 ZwAllocateVirtualMemory
SSDT 87567600 ZwAlpcConnectPort
SSDT 87C12290 ZwAssignProcessToJobObject
SSDT 87C12720 ZwCreateMutant
SSDT 87C11008 ZwCreateSymbolicLinkObject
SSDT 87BFAD28 ZwCreateThread
SSDT 87C120E0 ZwCreateThreadEx
SSDT 87C12350 ZwDebugActiveProcess
SSDT 87BFAA70 ZwDuplicateObject
SSDT 87C15798 ZwFreeVirtualMemory
SSDT 87485DE0 ZwImpersonateAnonymousToken
SSDT 87C0C1D0 ZwImpersonateThread
SSDT 87562640 ZwLoadDriver
SSDT 87C156B8 ZwMapViewOfSection
SSDT 86364340 ZwOpenEvent
SSDT 87BFAC10 ZwOpenProcess
SSDT 87BB0280 ZwOpenProcessToken
SSDT 87C12518 ZwOpenSection
SSDT 87BFAB40 ZwOpenThread
SSDT 87C121C0 ZwProtectVirtualMemory
SSDT 87BEF4C0 ZwResumeThread
SSDT 87BDF178 ZwSetContextThread
SSDT 87C15358 ZwSetInformationProcess
SSDT 87C12410 ZwSetSystemInformation
SSDT 87C125D8 ZwSuspendProcess
SSDT 87BE7838 ZwSuspendThread
SSDT 87BAF280 ZwTerminateProcess
SSDT 87BEC150 ZwTerminateThread
SSDT 87BD7048 ZwUnmapViewOfSection
SSDT 87C15868 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text ntoskrnl.exe!ZwRollbackEnlistment + 140D 8347E9A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8349E4F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 13A3 834A5778 8 Bytes [A0, 19, 48, 87, 38, F3, BF, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 834A5790 4 Bytes [80, 59, C1, 87] {SBB BYTE [ECX-0x3f], 0x87}
.text ntoskrnl.exe!KeRemoveQueueEx + 13C7 834A579C 4 Bytes [00, 76, 56, 87]
.text ntoskrnl.exe!KeRemoveQueueEx + 141B 834A57F0 4 Bytes [90, 22, C1, 87]
.text ntoskrnl.exe!KeRemoveQueueEx + 1497 834A586C 4 Bytes [20, 27, C1, 87]
.text ...

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Ich hoffe ich habe nun alles richtig gemacht und hoffe ebenfalls das mir hier jemand weiterhelfen kann.
Sollten noch weitere Infos oder Schritte zur Bearbeitung meiner Frage nötig sein, bin ich natürlich jederzeit bereit diese schnellstmöglich nachzureichen/auszuführen.

Im Voraus schonmal vielen Dank!!

Liebe Grüße nightflight

Iminent wurde automatisch heruntergeladen und installiert - Wie kann ich es wieder deinstallieren?

Log-Analyse und Auswertung: Iminent wurde automatisch heruntergeladen und installiert - Wie kann ich es wieder deinstallieren?

Iminent wurde automatisch heruntergeladen und installiert - Wie kann ich es wieder deinstallieren?

Ähnliche Themen: Iminent wurde automatisch heruntergeladen und installiert - Wie kann ich es wieder deinstallieren?