Trojaner! Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block
hallo, leider habe ich mir soeben einen trojaner eingefangen und nun kann ich im normalen modus nichts mehr machen :(.
Deshalb hab ich auf einem anderen Rechner mal bisschen gesurft was ich so dagegen machen kann. Da schien mir diese Community äußerst hilfreich :).
Also laut einiger thread soll ich hier die logs posten wenn ich das richtig verstanden habe. Sorry bin ein totaler anfänger was dies angeht usw. Hoffe mir kann einer helfen :(
Malwarebytes Anti-Malware log
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.08.02.07
Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
xxx :: NOOB [Administrator]
Schutz: Deaktiviert
02.08.2012 18:30:55
mbam-log-2012-08-02 (18-30-55).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197775
Laufzeit: 11 Minute(n), 7 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|lyotu.exe (Trojan.Apppatch) -> Daten: C:\Users\xxx\AppData\Roaming\Edteib\lyotu.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\xxx\AppData\Local\195c7d71\X -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 1
C:\Users\xxx\M-1-74-6482-7942-8945 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 8
C:\Users\xxx\AppData\Roaming\Edteib\lyotu.exe (Trojan.Apppatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx\AppData\Roaming\478E.tmp (Trojan.Agent.CoXGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx\AppData\Local\Temp\0.1418363536874363.exe (Trojan.Inject.adb) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx\AppData\Local\Temp\4462.tmp (Rogue.PrivacyProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx\AppData\Local\Temp\51DB.tmp (Rogue.PrivacyProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx\AppData\Local\Temp\~!#3DDE.tmp (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx\AppData\Local\Temp\~!#6951.tmp (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx\Downloads\Facemoods.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
OTL LOGOTL Logfile: Code:
OTL logfile created on: 02.08.2012 18:52:58 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Duci\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,75 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 76,50% Memory free
7,49 Gb Paging File | 6,63 Gb Available in Paging File | 88,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,99 Gb Total Space | 74,03 Gb Free Space | 26,07% Space Free | Partition Type: NTFS
Drive D: | 317,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: NOOB | User Name: Duci | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Duci\Desktop\OTL.exe (OldTimer Tools)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SearchAnonymizer) -- C:\Users\Duci\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5552&r=273612100705l0494z195v47321080
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5552&r=273612100705l0494z195v47321080
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5552&r=273612100705l0494z195v47321080
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5552&r=273612100705l0494z195v47321080
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5552&r=273612100705l0494z195v47321080
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=wbst
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=a4c46583-6929-497c-9ba4-d6ec595bea44&pid=icqt&k=1
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\SearchScopes\{0D92D42B-4D6E-43B9-B65C-2BB2D67B33EB}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=a4c46583-6929-497c-9ba4-d6ec595bea44&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D314937414341575F6465&st={searchTerms}&clid=a4c46583-6929-497c-9ba4-d6ec595bea44&pid=icqt&k=1
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D314937414341575F64654445343039&st={searchTerms}&clid=a4c46583-6929-497c-9ba4-d6ec595bea44&pid=icqt&k=1
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\SearchScopes\{975F4AB3-3EE6-4EFF-82B0-17D54EC90DD8}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=a4c46583-6929-497c-9ba4-d6ec595bea44&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\SearchScopes\{B65F0DF9-8442-4E35-905E-66EE8ED130E1}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=a4c46583-6929-497c-9ba4-d6ec595bea44&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\SearchScopes\{C6D2AB00-9FDE-4BEC-B322-E97F997DCDD3}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=a4c46583-6929-497c-9ba4-d6ec595bea44&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\SearchScopes\{D63030C3-6438-4F0F-9689-8F24183AF4D1}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=a4c46583-6929-497c-9ba4-d6ec595bea44&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\SearchScopes\{E581318D-4739-4039-A233-EED18830D815}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=a4c46583-6929-497c-9ba4-d6ec595bea44&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}:3.2.5.2
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: ciuvo-extension@icq.de:1.2.662
FF - prefs.js..extensions.enabledItems: stealthyextension@gmail.com:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.10 02:44:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 23:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.22 00:16:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011.05.30 22:23:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 23:41:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.22 00:16:01 | 000,000,000 | ---D | M]
[2010.12.07 02:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Duci\AppData\Roaming\mozilla\Extensions
[2012.08.02 18:29:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions
[2010.12.07 02:18:26 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2012.07.17 13:57:48 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2012.07.16 14:28:02 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012.07.25 22:31:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.07.16 14:27:45 | 000,000,000 | ---D | M] (PageRage Community Toolbar) -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2012.01.22 22:44:23 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.12.06 22:03:08 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.07 02:16:41 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2012.08.02 18:29:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.01.22 00:17:10 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\bug489729@alice0775
[2010.12.08 18:33:55 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\engine@conduit.com
[2012.01.11 22:54:09 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\ffxtlbr@Facemoods.com
[2011.06.12 16:49:42 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\plugin@yontoo.com
[2012.08.02 18:29:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Duci\AppData\Roaming\mozilla\Firefox\Profiles\nc5djqxk.default\extensions\staged
[2011.05.18 18:01:02 | 000,000,919 | ---- | M] () -- C:\Users\Duci\AppData\Roaming\Mozilla\Firefox\Profiles\nc5djqxk.default\searchplugins\conduit.xml
[2011.03.13 21:37:30 | 000,001,097 | ---- | M] () -- C:\Users\Duci\AppData\Roaming\Mozilla\Firefox\Profiles\nc5djqxk.default\searchplugins\icqplugin-1.xml
[2011.05.30 22:23:52 | 000,001,097 | ---- | M] () -- C:\Users\Duci\AppData\Roaming\Mozilla\Firefox\Profiles\nc5djqxk.default\searchplugins\icqplugin-2.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Duci\AppData\Roaming\Mozilla\Firefox\Profiles\nc5djqxk.default\searchplugins\icqplugin.xml
[2011.03.13 21:37:30 | 000,001,630 | ---- | M] () -- C:\Users\Duci\AppData\Roaming\Mozilla\Firefox\Profiles\nc5djqxk.default\searchplugins\kikin-search.xml
[2011.05.30 22:23:52 | 000,001,088 | ---- | M] () -- C:\Users\Duci\AppData\Roaming\Mozilla\Firefox\Profiles\nc5djqxk.default\searchplugins\{0F1016C4-6D22-4450-A894-3DD605490377}.xml
[2011.03.13 21:37:30 | 000,002,071 | ---- | M] () -- C:\Users\Duci\AppData\Roaming\Mozilla\Firefox\Profiles\nc5djqxk.default\searchplugins\{2B6D28FA-C945-4295-9B00-A89A2FC1B004}.xml
[2011.03.13 21:37:30 | 000,001,864 | ---- | M] () -- C:\Users\Duci\AppData\Roaming\Mozilla\Firefox\Profiles\nc5djqxk.default\searchplugins\{2E52D113-2F74-4069-B003-16A9F0BBAF8A}.xml
[2011.03.13 21:37:30 | 000,002,182 | ---- | M] () -- C:\Users\Duci\AppData\Roaming\Mozilla\Firefox\Profiles\nc5djqxk.default\searchplugins\{4A8328C3-986B-4EAD-831D-5316761258AD}.xml
[2012.01.22 00:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.28 23:51:46 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\DUCI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NC5DJQXK.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012.07.27 02:35:15 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\DUCI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NC5DJQXK.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.07.18 23:41:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.12 20:44:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.12 20:44:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.12 20:44:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.11 22:54:12 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.12 20:44:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.12 20:44:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.12 20:44:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Duci\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Duci\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Duci\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Facemoods = C:\Users\Duci\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\
CHR - Extension: Facemoods = C:\Users\Duci\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\facemoods\
CHR - Extension: preisspion.de = C:\Users\Duci\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\3.0.2_0\
CHR - Extension: ICQ Sparberater = C:\Users\Duci\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.678_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Duci\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Duci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3101850831-4055913004-685445163-1001\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Duci\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3101850831-4055913004-685445163-1001..\Run: [Akamai NetSession Interface] C:\Users\Duci\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3101850831-4055913004-685445163-1001..\Run: [EA Core] C:\Program Files (x86)\Origin\LegacyPM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-3101850831-4055913004-685445163-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3101850831-4055913004-685445163-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3101850831-4055913004-685445163-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3101850831-4055913004-685445163-1001..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-3101850831-4055913004-685445163-1001..\Run: [shellstyle] C:\Users\Duci\AppData\Local\Microsoft\Windows\383\shellstyle.exe ()
O4 - HKU\S-1-5-21-3101850831-4055913004-685445163-1001..\Run: [Spotify] C:\Users\Duci\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3101850831-4055913004-685445163-1001..\Run: [Spotify Web Helper] C:\Users\Duci\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3101850831-4055913004-685445163-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Duci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Duci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Duci\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Duci\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Duci\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Duci\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEE12FD5-609F-4D80-9B93-93B5FDD3CF9D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.21 16:32:23 | 000,000,040 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1729a5c4-b9d8-11df-866d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1729a5c4-b9d8-11df-866d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2009.07.21 12:28:36 | 000,041,792 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.02 18:30:00 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Roaming\Malwarebytes
[2012.08.02 18:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.02 18:29:53 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.02 18:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.02 18:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.02 18:29:00 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Duci\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.02 18:09:29 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Duci\Desktop\OTL.exe
[2012.08.02 17:51:53 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Roaming\hellomoto
[2012.07.28 00:18:47 | 000,000,000 | ---D | C] -- C:\Users\Duci\Desktop\negativ
[2012.07.18 17:17:15 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012.07.18 17:17:15 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012.07.17 13:39:35 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Local\{2A427181-7B95-45F3-96FA-240A537BFB59}
[2012.07.17 13:39:07 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Local\{06410D9C-AA16-4357-AE8A-26F6C0327252}
[2012.07.16 21:44:20 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Roaming\Ymudoz
[2012.07.16 21:44:20 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Roaming\Edteib
[2012.07.16 14:30:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.16 14:30:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.16 14:30:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.16 14:30:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.16 14:30:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.16 14:30:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.16 14:30:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.16 14:30:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.16 14:30:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.16 14:30:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.16 14:30:45 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.16 14:30:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.16 14:30:43 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.16 14:19:55 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Local\{74B2653A-34A9-49A3-AC20-A78C179B1E3C}
[2012.07.16 14:19:25 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Local\{BEB83ECC-C19A-49C9-BD05-E6E195C3DFB9}
[2012.07.15 11:12:14 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.15 11:03:52 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Local\{F19C7688-3662-4F19-BB7A-937F60145969}
[2012.07.15 11:03:23 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Local\{72F0E69A-1611-412E-9244-0CA6A6A23E79}
[2012.07.08 15:49:06 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Local\{7D10F1B5-68C1-4DD9-8803-CF2DC3087CDC}
[2012.07.08 15:48:39 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Local\{912AE4D8-977B-4D6B-A959-F82117D6DE94}
[2012.07.05 20:31:24 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Local\{BDB0C54C-D5E9-469F-8FCF-8EB601EB3298}
[2012.07.05 20:31:02 | 000,000,000 | ---D | C] -- C:\Users\Duci\AppData\Local\{8EE0CDD3-5D8E-4FA6-A72C-AC994EBAC179}
[2011.10.09 20:31:40 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Duci\taskmgr.exe
[1 C:\Users\Duci\AppData\Local\*.tmp files -> C:\Users\Duci\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.02 18:50:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.02 18:50:26 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.02 18:46:38 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.02 18:31:17 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.02 18:31:17 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.02 18:31:17 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.02 18:31:17 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.02 18:31:17 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.02 18:29:54 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.02 18:08:12 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Duci\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.02 18:04:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Duci\Desktop\OTL.exe
[2012.08.02 17:33:31 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.02 14:34:04 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.26 00:18:34 | 004,887,360 | ---- | M] () -- C:\Users\Duci\Desktop\Michael Warren - You Aint Welcome.mp3
[2012.07.18 17:23:32 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 17:23:32 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 21:43:29 | 365,718,116 | ---- | M] () -- C:\Users\Duci\Desktop\Gute_Zeiten_schlechte_Zeiten_12.07.16_19-40_rtl_35_TVOON_DE.mpg.avi
[2012.07.16 20:40:37 | 004,871,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.16 14:23:58 | 000,001,331 | ---- | M] () -- C:\Windows\wininit.ini
[1 C:\Users\Duci\AppData\Local\*.tmp files -> C:\Users\Duci\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.02 18:29:54 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.26 00:18:09 | 004,887,360 | ---- | C] () -- C:\Users\Duci\Desktop\Michael Warren - You Aint Welcome.mp3
[2012.07.17 21:41:57 | 365,718,116 | ---- | C] () -- C:\Users\Duci\Desktop\Gute_Zeiten_schlechte_Zeiten_12.07.16_19-40_rtl_35_TVOON_DE.mpg.avi
[2012.07.02 20:05:10 | 000,000,836 | ---- | C] () -- C:\Users\Duci\.recently-used.xbel
[2012.05.16 00:12:16 | 000,000,044 | ---- | C] () -- C:\Users\Duci\jagex_cl_runescape_LIVE1.dat
[2012.02.24 18:07:30 | 000,000,132 | ---- | C] () -- C:\Users\Duci\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.11.25 01:12:20 | 000,000,040 | ---- | C] () -- C:\Users\Duci\jagex_cl_runescape_LIVE.dat
[2011.11.06 16:03:06 | 000,030,720 | ---- | C] () -- C:\Users\Duci\AppData\Local\195c7d71\U\800000cf.@
[2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.10.31 00:56:06 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.10.17 17:14:10 | 000,016,384 | ---- | C] () -- C:\Users\Duci\AppData\Local\195c7d71\U\80000000.@
[2011.10.09 20:31:37 | 000,002,048 | -HS- | C] () -- C:\Users\Duci\AppData\Local\195c7d71\@
[2011.08.08 21:37:56 | 000,007,168 | ---- | C] () -- C:\Users\Duci\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.26 17:45:31 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll
[2011.01.05 18:30:01 | 000,000,129 | ---- | C] () -- C:\Users\Duci\jagex_runescape_preferences2.dat
[2011.01.05 18:28:51 | 000,000,035 | ---- | C] () -- C:\Users\Duci\jagex_runescape_preferences.dat
[2010.12.10 20:21:39 | 000,001,331 | ---- | C] () -- C:\Windows\wininit.ini
[2010.12.07 02:10:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.06 19:26:15 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.09.06 19:26:15 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2010.09.06 19:26:15 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010.09.06 19:26:15 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010.09.06 19:08:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.05 05:36:18 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.07.14 12:20:19 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2007.07.12 12:51:25 | 000,061,440 | ---- | C] () -- C:\Program Files (x86)\RGSGrowBounds.aex
========== LOP Check ==========
[2012.07.08 03:24:44 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\BitTorrent
[2012.02.01 20:39:01 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.09.19 19:02:30 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\DAEMON Tools Pro
[2012.06.24 16:16:03 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011.07.15 07:24:22 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\DVDVideoSoft
[2010.12.06 22:04:15 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.02 18:43:38 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\Edteib
[2012.08.02 17:53:16 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\hellomoto
[2011.07.03 23:58:14 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\Hi-Rez Studios
[2012.07.28 16:51:47 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\ICQ
[2011.05.30 22:32:03 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\ICQ-Tools.de
[2011.03.22 23:50:04 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\kikin
[2011.09.24 10:15:45 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\Leadertech
[2011.09.18 11:27:00 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\LolClient
[2012.05.24 23:47:47 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\LolClient2
[2011.03.13 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\OCS
[2011.09.25 19:44:07 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\OpenOffice.org
[2011.09.12 19:17:18 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\Opera
[2011.09.22 16:47:26 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\Origin
[2011.01.27 19:58:44 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\Publish Providers
[2011.12.04 16:47:30 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\Samsung
[2011.05.23 23:37:42 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\Sony
[2012.08.02 17:58:19 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\Spotify
[2011.12.04 17:30:21 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\Temp
[2010.12.29 00:28:58 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\TS3Client
[2011.12.30 20:44:39 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\Windows Live Writer
[2012.08.02 18:19:58 | 000,000,000 | ---D | M] -- C:\Users\Duci\AppData\Roaming\Ymudoz
[2011.04.10 14:38:39 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- --- |
