Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundestrojaner sicher und endgültig entfernen (https://www.trojaner-board.de/121103-bundestrojaner-sicher-endgueltig-entfernen.html)

MarcS 02.08.2012 21:41
Bundestrojaner sicher und endgültig entfernen
 
Guten Abend,

Ich habe mir einen Ukash-Trojaner eingefangen. Dieser sperrt das System und verlangt für die Entsperrung 100€ in Form von Ukash. Durch eine Systemwiederherstellung zu einem früheren Zeitpunkt (im Abgesicherten Modus, Windows 7, 64-bit) verscwand der Virus zumindest für einen Tag, doch inzwischen ist er wieder da :(
Rescue-Disk von Avira und Kaspersky hatten keinen Erfolg gebracht. Also Versuchte ich die Anleitung dieser Seite*hxxp://www.redirect301.de/bundespolizei-trojaner-entfernen.html . Ich kam bis zu dem Regestry-Eintrag "shell" jedoch stand dort als Dateikennung "explorer.exe"
Und jetzt weiß ich nicht weiter. Der PC ist ja sozusagen gesperrt und von daher kann ich die 3 Schritte bon den Verhaltensregeln schlecht anwenden

Um Hilfe würde ich mich sehr freuen

MarcS

t'john 03.08.2012 14:58
:hallo:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

MarcS 03.08.2012 22:56
Hallo,

also Schritt 1 habe ich eben abgeschlossen, Log-File im Anhang. Schritt 2 war leider noch nicht möglich da die Seite zur Zeit offline ist...werde ich jedoch morgen sobald wie möglich nachliefern. Vielen dank für deine schnelle und ausführliche Antwort.

lg
MarcS

MarcS 04.08.2012 13:21
Hier die 2 Logfiles von OTL

lg
MarcS

OTL Logfile:
Code:
OTL logfile created on: 04.08.2012 13:54:28 - Run 1
OTL by OldTimer - Version 3.2.43.0    Folder = F:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 80,70% Memory free
6,00 Gb Paging File | 5,44 Gb Available in Paging File | 90,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,16 Gb Total Space | 15,89 Gb Free Space | 2,66% Space Free | Partition Type: NTFS
Drive F: | 247,21 Mb Total Space | 187,68 Mb Free Space | 75,92% Space Free | Partition Type: FAT
 
Computer Name: MARC-PC | User Name: Marc | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TDslMgrService) -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\drivers\l160x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (XENfiltv) -- C:\Windows\SysNative\drivers\XENfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (avfwot) -- C:\Windows\SysWOW64\drivers\avfwot.sys (Avira GmbH)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://battlelog.battlefield.com/bf3/
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 4C 83 9B 25 0F CC 01  [binary data]
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.0
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {D249FD00-4DF9-11D9-9FDC-0080481ADA61}:1.5
FF - prefs.js..extensions.enabledItems: amin.eft_Shutdown@gmail.com:3.6.2D
FF - prefs.js..extensions.enabledItems: {4b0a905d-b508-4574-8d12-b8fe120ace09}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Marc\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi [2012.03.15 21:37:23 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 22:20:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.05.07 14:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Extensions
[2012.07.29 20:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2012.07.29 20:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions
[2012.07.09 16:22:23 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.07.04 18:26:28 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2011.12.30 17:17:14 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011.05.07 14:08:44 | 000,000,000 | ---D | M] (Faark's Grepolis Bericht 2 Image - Exporter) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{4b0a905d-b508-4574-8d12-b8fe120ace09}
[2012.05.17 15:41:30 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.05.28 14:35:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.20 11:38:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.05.07 14:08:44 | 000,000,000 | ---D | M] (Auto Shutdown) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\amin.eft_Shutdown@gmail.com
[2012.07.04 18:26:28 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\battlefieldheroespatcher@ea.com
[2012.05.17 15:41:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\ich@maltegoetz.de
[2011.05.07 14:08:44 | 000,000,000 | ---D | M] (Flash Video Resources Downloader) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\max@subfighter.com
[2012.07.29 20:19:07 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\OneClickDownload@OneClickDownload.com
[2012.03.15 21:37:58 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\plugin@yontoo.com
[2011.05.07 14:08:44 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\vshare@toolbar
[2012.06.29 10:51:13 | 000,000,853 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\11-suche.xml
[2011.03.15 13:22:18 | 000,000,923 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\conduit.xml
[2012.06.29 10:51:13 | 000,002,209 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\englische-ergebnisse.xml
[2012.06.29 10:51:13 | 000,010,506 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\gmx-suche.xml
[2012.06.29 10:51:13 | 000,002,368 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\lastminute.xml
[2012.06.29 10:51:13 | 000,005,489 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\webde-suche.xml
[2012.03.16 00:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.07 13:02:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.11 19:30:32 | 000,061,228 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2011.07.13 01:03:41 | 000,065,236 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}.XPI
[2011.10.29 23:40:30 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.07.21 23:55:51 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.02.11 22:59:59 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.05.20 18:24:36 | 000,048,903 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.XPI
[2012.03.29 17:43:48 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011.05.03 23:08:41 | 000,105,386 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
[2012.02.14 19:53:30 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2011.10.19 01:08:29 | 000,174,405 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\GUICONFIG@SLOSD.NET.XPI
[2012.04.26 19:51:57 | 000,003,284 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\NOGROOVESHARKADS@TOBBI.TK.XPI
[2011.03.13 23:11:49 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012.07.27 15:45:14 | 000,324,456 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2011.06.21 14:54:45 | 000,040,924 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\SPARWELTGUTSCHEINE@SPARWELT.DE.XPI
[2012.06.29 10:50:36 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.07.20 22:20:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.20 22:20:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.20 22:20:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.20 22:20:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.20 22:20:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.20 22:20:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.20 22:20:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [Ahrugii] C:\Users\Marc\AppData\Roaming\Xokyo\gucer.exe File not found
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [Spotify] C:\Users\Marc\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [Spotify Web Helper] C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [StructuredQuery] C:\Users\Marc\AppData\Local\Microsoft\Windows\3273\StructuredQuery.exe ()
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [Wiexavk] C:\Users\Marc\AppData\Roaming\Lityo\yqsyd.exe File not found
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [WLAN Optimizer] C:\Daten\wopt021\WLAN Optimizer.exe (none)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0CBEEB8-087D-4CC7-9C22-54A8FD55D6CA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e5f98a99-a21f-11e0-929b-00040ec3f84d}\Shell - "" = AutoRun
O33 - MountPoints2\{e5f98a99-a21f-11e0-929b-00040ec3f84d}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.03 19:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.03 19:33:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.03 19:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.03 19:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.03 19:33:15 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Marc\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.03 19:33:15 | 007,196,192 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Marc\Desktop\mbam-rules.exe
[2012.08.02 17:19:37 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.29 20:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012.07.24 16:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.24 16:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.24 16:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.07.24 16:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.24 16:29:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.20 14:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2012.07.18 14:44:21 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012.07.18 14:44:21 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012.07.18 14:44:19 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012.07.18 12:14:27 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\hellomoto
[2012.07.16 01:17:55 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Dust
[2012.07.15 18:11:59 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\CrashRpt
[2012.07.13 14:27:28 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\SCE
[2012.07.12 03:02:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 03:02:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 03:02:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 03:02:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 03:02:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 03:02:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 03:02:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 03:02:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 03:02:14 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 03:02:14 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 03:02:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 03:02:14 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 03:02:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 15:11:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 15:11:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 15:11:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 15:11:07 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 15:11:06 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.08 23:01:03 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Xokyo
[2012.07.08 23:01:03 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Ikro
[2012.07.08 23:01:03 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Dyowmy
[2012.07.08 22:59:07 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Ricaas
[2012.07.08 22:59:07 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Lityo
[2012.07.08 22:59:07 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Fozo
[2012.07.07 20:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrickForce
[2012.07.07 20:45:00 | 000,000,000 | ---D | C] -- C:\BrickForce
[2012.07.07 18:58:35 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Square Enix
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.04 13:53:27 | 001,613,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.04 13:53:27 | 000,696,878 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.04 13:53:27 | 000,652,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.04 13:53:27 | 000,148,174 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.04 13:53:27 | 000,121,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.04 13:46:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.04 13:46:23 | 2415,222,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.04 13:45:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 13:45:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 23:48:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.03 19:33:37 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.03 19:32:12 | 007,196,192 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Marc\Desktop\mbam-rules.exe
[2012.08.03 19:28:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Marc\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.02 20:23:33 | 000,454,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.28 23:22:30 | 000,007,594 | ---- | M] () -- C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
[2012.07.28 00:48:54 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.28 00:48:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.24 16:33:20 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.20 02:43:14 | 000,000,219 | ---- | M] () -- C:\Users\Marc\Desktop\Left 4 Dead 2.url
[2012.07.17 01:05:00 | 000,000,221 | ---- | M] () -- C:\Users\Marc\Desktop\Red Faction Guerrilla.url
[2012.07.15 01:06:21 | 000,000,221 | ---- | M] () -- C:\Users\Marc\Desktop\From Dust.url
[2012.07.13 19:51:53 | 000,000,219 | ---- | M] () -- C:\Users\Marc\Desktop\Portal 2.url
[2012.07.13 19:51:53 | 000,000,203 | ---- | M] () -- C:\Users\Marc\Desktop\Portal 2 Publishing Tool.url
[2012.07.09 22:00:48 | 000,000,221 | ---- | M] () -- C:\Users\Marc\Desktop\DC Universe Online.url
[2012.07.07 20:45:02 | 000,000,630 | ---- | M] () -- C:\Users\Public\Desktop\BrickForce.lnk
[2012.07.07 18:43:53 | 000,000,700 | ---- | M] () -- C:\Users\Marc\Desktop\Just Cause 2.lnk
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.03 19:33:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.24 16:33:20 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.20 14:03:27 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.07.20 02:43:14 | 000,000,219 | ---- | C] () -- C:\Users\Marc\Desktop\Left 4 Dead 2.url
[2012.07.17 01:04:59 | 000,000,221 | ---- | C] () -- C:\Users\Marc\Desktop\Red Faction Guerrilla.url
[2012.07.15 01:06:21 | 000,000,221 | ---- | C] () -- C:\Users\Marc\Desktop\From Dust.url
[2012.07.13 19:51:53 | 000,000,203 | ---- | C] () -- C:\Users\Marc\Desktop\Portal 2 Publishing Tool.url
[2012.07.13 19:51:52 | 000,000,219 | ---- | C] () -- C:\Users\Marc\Desktop\Portal 2.url
[2012.07.09 22:00:48 | 000,000,221 | ---- | C] () -- C:\Users\Marc\Desktop\DC Universe Online.url
[2012.07.07 20:45:02 | 000,000,630 | ---- | C] () -- C:\Users\Public\Desktop\BrickForce.lnk
[2012.07.07 18:43:53 | 000,000,700 | ---- | C] () -- C:\Users\Marc\Desktop\Just Cause 2.lnk
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.05 17:26:08 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.05 17:25:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.06 19:58:04 | 000,004,608 | ---- | C] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.26 14:11:54 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.07.26 14:11:54 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.07.02 00:31:57 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.06.25 16:12:14 | 001,590,498 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.22 15:02:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.07 20:20:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.07 19:29:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.05.07 13:52:52 | 000,007,594 | ---- | C] () -- C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
[2011.05.07 13:52:52 | 000,000,000 | ---- | C] () -- C:\Users\Marc\AppData\Local\Xzuritu.bin
[2011.05.07 13:52:51 | 000,000,120 | ---- | C] () -- C:\Users\Marc\AppData\Local\Gnovo.dat
[2011.05.07 13:52:51 | 000,000,092 | ---- | C] () -- C:\Users\Marc\AppData\Local\fusioncache.dat
[2011.03.31 08:59:24 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini
 
========== LOP Check ==========
 
[2012.04.14 12:06:14 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\.minecraft
[2012.04.12 18:24:52 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\.techniclauncher
[2011.05.07 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Alliance
[2011.08.20 17:01:20 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011.05.07 14:08:22 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DAEMON Tools Lite
[2011.05.07 14:08:22 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.05.07 14:08:26 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DNA
[2011.05.28 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.18 12:21:11 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DynaGeo
[2012.07.11 09:39:50 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dyowmy
[2011.05.07 14:08:26 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Engelmann Media
[2011.05.07 14:08:26 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\FarmingSimulator2008
[2012.07.08 23:01:07 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Fozo
[2011.05.07 14:08:27 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\GetRightToGo
[2011.05.30 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\go
[2011.05.07 14:08:28 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Grand Ages Rome
[2011.05.28 14:47:19 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\gtk-2.0
[2011.05.07 14:08:28 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\hdbADS
[2012.08.01 20:20:35 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\hellomoto
[2012.08.03 19:15:03 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ICQ
[2012.07.08 23:01:03 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Ikro
[2011.05.07 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ImgBurn
[2011.05.07 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Imperium Romanum
[2011.08.14 14:30:12 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\klett
[2011.05.07 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Leadertech
[2012.07.10 01:54:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Lityo
[2011.05.17 12:41:08 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\LolClient
[2012.05.24 13:14:36 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\LolClient2
[2011.05.07 14:08:37 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\MAGIX
[2011.05.07 14:08:37 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2011.05.07 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\MrJobs
[2011.05.07 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\OCS
[2011.05.07 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Opera
[2011.10.26 12:37:11 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Origin
[2011.05.07 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PunkBuster
[2012.07.08 22:59:07 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Ricaas
[2011.05.07 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Sierra
[2011.12.06 19:57:52 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Solveig Multimedia
[2012.08.03 19:15:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Spotify
[2011.05.07 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\T-Online
[2011.05.07 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Talkative IRC
[2012.05.20 15:57:14 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TeamViewer
[2011.05.07 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Teeworlds
[2011.05.07 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\The Creative Assembly
[2011.09.17 12:31:47 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Tropico 3
[2012.06.15 17:31:09 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TS3Client
[2011.05.07 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TubeBox
[2011.05.07 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Tunngle
[2012.02.21 17:26:20 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Ubisoft
[2011.05.07 14:08:51 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\UltimateZip
[2012.04.12 18:11:39 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\uTorrent
[2012.07.07 20:04:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\wargaming.net
[2011.01.01 17:05:31 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Windows Live Writer
[2012.07.13 10:19:28 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Xokyo
[2012.05.02 17:19:12 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---



OTL Logfile:
Code:
OTL Extras logfile created on: 04.08.2012 13:54:28 - Run 1
OTL by OldTimer - Version 3.2.43.0    Folder = F:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 80,70% Memory free
6,00 Gb Paging File | 5,44 Gb Available in Paging File | 90,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,16 Gb Total Space | 15,89 Gb Free Space | 2,66% Space Free | Partition Type: NTFS
Drive F: | 247,21 Mb Total Space | 187,68 Mb Free Space | 75,92% Space Free | Partition Type: FAT
 
Computer Name: MARC-PC | User Name: Marc | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A1A923-2F3B-480B-A9CF-4E87CF9DFBC4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0702342E-0FF0-449A-B364-845FF8A5D3F3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{097B61A8-F4FC-49B4-B8B7-4FFF01D97D9A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{130524F5-8674-49C8-8260-877B00AC3820}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{13638EBA-69CA-43F1-A030-86E9DAFA7375}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{14758913-0909-4D7C-B3FB-322909CA4DC7}" = lport=6937 | protocol=6 | dir=in | name=league of legends launcher |
"{15C4EB91-114F-443A-8360-DD87B8863814}" = lport=6941 | protocol=17 | dir=in | name=league of legends launcher |
"{1CFF5C8D-6FA3-4572-AD20-E30E825F70A1}" = lport=6991 | protocol=6 | dir=in | name=league of legends launcher |
"{1DEE5871-ED04-4CBF-A4B9-81B69B943211}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2284A990-8E97-44C6-90A2-4A5063B7F40F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2440C897-1BB9-4D4D-81DF-0970902D3D07}" = lport=6990 | protocol=6 | dir=in | name=league of legends launcher |
"{2972969E-B60B-49A3-BDBD-FF4BCCC1846C}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{2DB4CD4D-94BB-476B-8573-513C1B67BA9A}" = lport=6952 | protocol=17 | dir=in | name=league of legends launcher |
"{3021F256-A2F0-48E1-9B36-51C919495A49}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher |
"{3046E6A0-3818-4E30-BE59-6246CF89D9A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3621C26E-9CCF-4FA6-B5D7-C8FC15BBC07B}" = lport=6989 | protocol=6 | dir=in | name=league of legends launcher |
"{3682752F-96A4-491E-A7A5-3D2089583C28}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher |
"{382B3046-3138-445D-8F3C-988AEC1F0796}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A526928-774F-4D23-9925-9A7A2C6DE907}" = lport=6952 | protocol=6 | dir=in | name=league of legends launcher |
"{40195106-1469-43E2-82DE-9DA9ECE8FBE1}" = lport=6941 | protocol=6 | dir=in | name=league of legends launcher |
"{46F930A7-3763-4F9B-A00B-D39B69B68F1E}" = lport=139 | protocol=6 | dir=in | app=system |
"{48FD38BB-AD56-4987-84DD-3ADB56BE37EF}" = lport=6989 | protocol=17 | dir=in | name=league of legends launcher |
"{5C10EBB0-4C28-4C8D-A692-44A0E775B1BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66A2FE37-1194-439E-944C-A198B08746F3}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{68C6AECA-DF90-49CE-8DAD-E5C89FB4E0CB}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher |
"{6908099F-0810-4417-9974-368FEF53CC9D}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{6E7780FB-C51C-4303-98F6-CCD6A6BBF5D9}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{72E35DD4-8F91-4F23-80A9-4BA2B6B4653B}" = rport=139 | protocol=6 | dir=out | app=system |
"{734965B1-0E0E-4DEE-8E97-30965EC9A365}" = lport=137 | protocol=17 | dir=in | app=system |
"{7AB5629B-5EC8-42B0-9BA2-A9E64FA4BD56}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher |
"{7BDCF9DE-CB26-47D2-8D2B-210EB530989C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EA2747A-173F-4FA4-ABD7-E05A5378264D}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher |
"{81F707FE-39E4-4270-AF92-B3B3D7E52DFD}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{8308F91F-99A7-45CA-B617-212764BAA166}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{83D72EE4-5753-4D48-9366-9B7D66F39E1A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88047FD2-DA25-47B8-9E76-303EA6A13611}" = lport=445 | protocol=6 | dir=in | app=system |
"{895ACF61-B45F-4F7A-9075-F9515C8685AD}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher |
"{8EACA835-8077-4A93-A4F5-F826D40F852B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8FE64EC9-AC74-40B5-A1EF-3F0514F1DF66}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher |
"{96638B6A-0CE3-4461-900B-BE234DAB46DC}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher |
"{9B0C5418-C1B7-45B4-95D6-20E110C551BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9C73D380-894A-4051-B1AC-E9FCD4742D3B}" = lport=6990 | protocol=17 | dir=in | name=league of legends launcher |
"{ADB755BD-6D60-4B09-92B6-F261EC38B871}" = lport=138 | protocol=17 | dir=in | app=system |
"{B4CFA208-E64C-4024-A8D0-4D167884BC39}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{B93FF857-4875-463E-A6A7-0642403E20B7}" = lport=6890 | protocol=17 | dir=in | name=league of legends launcher |
"{BA286BAA-178C-4881-AE14-D89CD8DE76AF}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{C1A4B178-4276-43FB-B67A-8B9D81C87CC4}" = lport=6991 | protocol=17 | dir=in | name=league of legends launcher |
"{CAE5C8E1-1452-4B61-914A-AA7F43D22B36}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{CAE9C256-E25B-48DB-BEDE-9EB764D205F9}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{CB8D877F-59D7-4FF8-AE03-7672A51EA59B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CD73D9B3-053E-4193-9187-AB55DC3B170B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CF725DB7-7BB5-4C25-9A80-05E7D3398321}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D11C1F0A-1637-4656-9CF5-69790DFA6B02}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{DB231B06-5503-4E63-A4E6-CA83A37D72AB}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher |
"{DC144CB1-C466-4567-84DB-D48B364D2737}" = lport=6990 | protocol=17 | dir=in | name=league of legends launcher |
"{E50A0A9C-D8D3-42D3-AA71-91B8EAD10F5F}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher |
"{E6A78570-B00C-49A7-A7BF-0E70EF8D60CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E8BFC8E1-8AA0-4644-97FD-076ACE70F6D9}" = lport=6937 | protocol=17 | dir=in | name=league of legends launcher |
"{EA9FAFDA-8E8F-4EF4-B18D-177C8F43FBC7}" = rport=138 | protocol=17 | dir=out | app=system |
"{EB5D0BB2-5DB7-4FC4-883B-0EC2171132A1}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{EE33DE50-A5CC-432E-9B77-03AE64788077}" = rport=445 | protocol=6 | dir=out | app=system |
"{F20964C1-4FE9-4373-8414-4ADEEA61D015}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F2D52212-243E-4D7F-BA03-0E947A9BF257}" = lport=6990 | protocol=6 | dir=in | name=league of legends launcher |
"{F3A39EB6-166C-4AD6-93C7-1B44202D13CD}" = rport=137 | protocol=17 | dir=out | app=system |
"{FD256C7B-C558-4A85-A1FE-E15CF4856AB8}" = lport=6890 | protocol=6 | dir=in | name=league of legends launcher |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03114410-2505-48C1-8CB1-7A09CBC020E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{0598683B-A674-4718-BC0C-448255C72CAF}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{07A60012-D8FB-46A5-833D-DA7482B52B3B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0809FEA2-65EC-43A1-8E01-701D160E8FBC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{098FAE6E-58A3-4EC0-B4F2-CB516B5E6979}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{0B3326EF-E96D-4918-9B92-E202152B97AE}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{0BF33A35-2AB4-4AD3-AEE0-69E140D6DE00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{0C62022A-B2DF-4B78-801A-CB6D74E6891C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D658E90-1CEF-42DE-ADB6-6BD5A997AD74}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0FA6585E-D51E-4311-92CD-F86F7D501813}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{0FE2A731-CD1E-4039-8E34-0A284405F80C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{121CDF40-F864-41D4-9ADD-C2D610043E46}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{14AFA9A1-C4BD-4CDA-BCDF-F568DA33628F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1C890C00-732A-4B9E-ACED-DD3F05A4CB69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{1DF4A7A6-AAB9-4B0F-AA59-3B63BE7371F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{20C1C3BE-5BD4-4C6B-A809-FE8EC94699F3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2132FDFC-4E6A-4679-AAA9-0EFD2761C2A3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{2245091B-3D0E-445F-A736-4FB7E0500164}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2380D150-5952-4C42-BC0F-A4884999A661}" = protocol=6 | dir=in | app=c:\users\marc\appdata\roaming\spotify\spotify.exe |
"{25AEE7E7-F194-487A-A114-EA2DE025A82B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{2776FC94-455F-419E-9D2F-9C9C88E67BD0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{28E7DA43-7E3D-4CEA-9E0A-2AFB21F241F7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{298FEDD6-E3C6-4F81-BC0A-19DD82726605}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{29DC5B91-C5FC-40A1-B228-49C144B87A7D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2E911367-7F6B-4D36-BA9E-D78460C0ED48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{302072CD-A84D-463A-A591-50197F58F0D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{318FFC69-50A9-43D6-8256-7D5AA7D6F553}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3629F76C-D5E3-421D-93BD-BBDBF9510995}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{367EFDFA-3170-4049-8D5F-E14C6D2DC5EB}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{38276159-63A1-4707-A397-A8A21086CDC9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{38485C52-0CAF-4456-AE3E-52BEDD85FFE4}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{3860ABC3-88B8-49CF-9CC9-D7ACF73863D9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{387B3416-3A05-43D2-A13C-6538EB590BEE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |
"{424137FF-60CA-4BDC-98AD-88879C52659C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{426C2D1F-A864-4182-8884-397A0CF610CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{45F70EC5-A4B9-4E14-A5A9-01F6D12373A3}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{460CFC88-BDC8-45F6-B712-82968B926544}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{4643D707-87CC-4CC5-897E-F6F2D3DBD824}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{484248C8-1BDC-46FC-92FA-21E096F887E6}" = protocol=6 | dir=in | app=c:\users\marc\appdata\roaming\spotify\spotify.exe |
"{487AB397-BFA9-4A3D-ADAC-1FE9EBDD79F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{48A4A64E-EF7F-4947-855D-ECAA844539D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48E204C4-5CB8-4648-9D86-D7E2DE23816D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{49738761-8089-4C31-AEFA-92DE265974F1}" = protocol=6 | dir=out | app=system |
"{49F145FF-6604-4DB8-9CA7-7CCA1AF8E301}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A628A21-9EB8-4598-A511-1195BE8F04F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{4B6F15F8-5A9E-4DF1-90B3-AF086D89F717}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4CF640D5-C048-4F0B-8494-A443CE910592}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{54B4095B-8293-4D22-B752-2C33B2149818}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5937FBB6-6421-4E42-B09F-F3DA6910B96C}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{59F72050-08C5-49EE-8705-F6DA4C2CCCDC}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{5A7D9BC2-87E7-41AA-B5FB-744B20A2AD0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{5C73FD77-DAD8-4F1A-862C-15F279E52728}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5F02655D-A6C4-4501-A7C0-9AD18E319F74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{612D5C67-8C3A-425C-867F-DD314881BF44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62E4E852-DDD7-448F-B66D-D7258A43DD52}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{664FADF4-8779-43DD-A472-D12AE9D8D5D8}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{67E2EFB0-8606-4F7A-B5F3-A891970FDDC0}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{68BF21D5-0AD6-47B5-8EB6-85D649AB4C18}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{69DD1422-99D0-420E-8247-CFD344F33FE6}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{6A06B85D-79A2-4B85-AD75-76982E1D4D30}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{6DD15612-48AE-465C-9E13-AFEB6ED80F02}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{7011DE1B-84D5-421C-A3B7-6B73DB517C08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{702724BF-6F92-4FAC-9256-C5BB6550E054}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe |
"{74849629-62DA-478D-9F9D-989BFF4756FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{75ABF870-2392-4F19-9201-F0D025FAD0EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{75BAD288-17D2-42D0-B9C1-A68559BD8F4B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7675C4CF-B82C-4266-A067-74B3AEA847C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |
"{77475FB7-DB6C-4DE6-A909-4DAAC8F87F5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{77867A34-4C99-472F-93E8-CF6C2163C8BE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{7C42D1E6-3978-44AA-9AE4-69FE988F592D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7E6E76CB-C87F-4F09-8782-029BADA86E04}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{807FC87D-EB9C-4E2E-B4CB-9FA388B3721C}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{80A9B3BE-7E4A-41DC-8326-6E5BA0AF3601}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{82D6CEC3-A3EB-48FB-BE2C-0A93D33EF3A4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{83FEEC7E-1F1F-4DCD-B4AD-9BF5FB6FB5AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{8686BAF0-F9C3-453A-963D-EF5F0C849F66}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8DDE958A-18A5-4ED6-9B08-970958B74CE4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{949762D7-55B0-491F-8D99-3C2D1BF47C17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{9623856C-8910-40D2-8DE5-107D8DCC2D53}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{99EC3A50-872B-4467-833E-9167DB75E09D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{99ED7FE2-CA6B-4183-9118-274F09ACAACB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{99F00C7E-491F-4146-B1BC-B4E6FB236B12}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9BD3E2AE-0129-49DD-AB96-B134D4DBF591}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{9C503440-D5EE-4942-A5FE-E5B7278BB2B8}" = protocol=17 | dir=in | app=c:\users\marc\appdata\local\apps\2.0\64r75qtg.x91\x4qepoa4.dgn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{9DA71019-6D03-4BDB-B672-6C4CC6A4BCAB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A0CAB2D1-DD00-4D23-85FE-A754751350F1}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{A5371EC4-C4AA-41ED-A532-F304468C8ED1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A63FDC53-EBBC-4074-8FB9-3F59E95245F4}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{A6CBAC62-E36C-4A73-8F1C-15B42E8E9B88}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AC57DADE-4DB6-4DAE-9D68-8FCA6C07F175}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{AD24924C-6713-405B-83D5-AA8DDFDEE299}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{AF45D6CD-7656-47C4-A36E-BA4B2BED487D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF4A2D48-6111-4EDF-9ECE-1C7964886E40}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{B1EF0058-E15B-48D9-9502-C19534615575}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B280DC4D-1B20-41B7-AEBE-8B9062FA21EF}" = dir=in | app=c:\brickforce\bflauncher.exe |
"{B3FE4023-1838-486E-A57F-5157547E7401}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{B4218A61-B1BF-41B9-AFC0-23953313DCF2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{B8462049-6F59-457A-9FE0-B087275F8942}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{B8663F1E-10DC-4650-A522-C6552E3C32BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{B9128D40-C6F3-433B-B597-8EAC95C65F75}" = dir=in | app=c:\brickforce\brickforce.exe |
"{BBAEB3F7-72AB-4E01-95A0-52C25F1B1EF4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe |
"{BC6301D1-C139-4714-9797-466C9112ADF8}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{BD55CEE6-E7A4-4F4F-B309-C2ED23D85FDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{C060E0AC-CB77-4F04-842E-76C8CDEF2402}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C35D9314-69E1-4A05-8763-1AC9A6C3BB08}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{C539CB6C-DAE0-499B-AC06-A36344C90196}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{C5414E6D-60D4-43E7-B50C-D38606B1FF04}" = protocol=17 | dir=in | app=c:\users\marc\appdata\roaming\spotify\spotify.exe |
"{C5F24B8A-AC2D-4064-BBDF-13D7604ED95F}" = protocol=17 | dir=in | app=c:\users\marc\appdata\local\apps\2.0\64r75qtg.x91\x4qepoa4.dgn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{C710F714-7979-4880-BADE-516500E6AD0A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C76671D6-5D68-423B-BA76-73DD23ED4338}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{C7CF0494-BEE5-4EAC-AE7D-CFD49B0DA0F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe |
"{C94A4993-C7E6-4672-B214-3164E2A22278}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{CBDA04DF-BC50-4457-BCDB-C3DE953B2BA9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CC3F503E-7C26-485B-B194-496E78C9AEE3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{CDDB83A5-2674-4788-8173-D548978C801D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{CEE37202-3E67-44E0-B609-A7F963C75E50}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{CF1F3D4C-ED5F-4051-AE83-76906AC2C2AD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{CFEEEC9F-D7D1-47DA-9D81-23DB3011A649}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{D0D5B886-07AE-474E-9AFA-6BD5D2248E5A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{D39C0B49-7B70-45BB-B695-C0AF0F628643}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{D3CC33CD-0488-4586-A1AC-1E3CC63825B5}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe |
"{D4769CCB-4EF0-487A-A60A-77F2138B3392}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{D4A84826-5CBD-42B0-BAA7-F3E54E15A76B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{D749B5DF-A620-4947-8447-7353F471DFF1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{DD4786D4-C0A2-4515-9187-BA72C08B3046}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{E3EFC150-F8A1-4A8F-8849-FC8A594B1A49}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{E4A37594-6DD3-4F5B-A2DC-E36B41742096}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E51A99DC-879D-47CA-9E0D-5971ED5BEB90}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{EA1C2E6E-A2CA-40D8-AD95-66508A1CC038}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{EA9B102D-A27E-4734-BBD3-3C3743EF00EB}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{EAF87BDC-2952-4F8C-A899-35DE8E34BD20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{ED95F995-C8CB-4164-BF06-1C22F34B176B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2201905-61C9-4A0B-BA1B-1FDEDF2711FF}" = protocol=6 | dir=in | app=c:\users\marc\appdata\local\apps\2.0\64r75qtg.x91\x4qepoa4.dgn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{F22C15AF-4606-482F-AC64-FBC935DB28D6}" = protocol=6 | dir=in | app=c:\users\marc\appdata\local\apps\2.0\64r75qtg.x91\x4qepoa4.dgn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{F5ADE96A-A174-4204-A1A7-4B48900DD2B7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{F942804B-DDA7-4981-8C76-F778775ABE1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA725177-E21E-4828-A5C5-37B45D739320}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FB34EF21-D0BF-4978-AC4A-547C61384A7F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{FB7AEAEA-23D6-4B4D-B556-457A3E50D216}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FE0F9352-8F34-4186-9097-86F9A8E31F11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF49EFCE-AFD0-49AF-AB05-1615C24C490C}" = protocol=17 | dir=in | app=c:\users\marc\appdata\roaming\spotify\spotify.exe |
"TCP Query User{63D1D57D-1331-4A8D-8AA2-069062562978}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"UDP Query User{182D8677-6787-44B2-A2D4-46163A58EEEF}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7578548C-6F40-4CBE-B5CF-9310E66557FA}" = HP Photosmart Plus B210 series - Grundlegende Software für das Gerät
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-Bit
"{95140000-007D-0409-1000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{05C67443-7324-4C23-8BF5-C0808E4487A1}" = CMA Coach 6 Studio MV Student (Deutsch)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{147A8145-0AA6-0921-8414-9B1EE5A8108F}" = Warner Bros. Digital Copy Manager
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2226247D-9846-4370-A1EF-FAA6958F7632}" = Sound Blaster Tactic(3D) Alpha
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{2E2BB852-8054-4E05-A05B-486262AF3147}" = Impulse Physik Oberstufe
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.02
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = Catalyst Control Center
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000018202}" = DiRT 3
"{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"{434D0FA1-A4CC-401A-9E74-621000028101}" = F1 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DF4CAB9-B628-4924-AD9A-1C457DD2960A}" = VirtualDJ Home FREE
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.1.0
"{5D5509EA-B85A-411E-AB75-59069A411876}" = COMPUTERBILD App-Center
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Hilfe
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{880CCD78-5657-459E-B3DC-298F3B585F9B}_is1" = 0.5.0
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}" = FLV-Media-Player
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"1ClickDownload" = 1ClickDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Avira AntiVir Desktop" = Avira Internet Security 2012
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"Brick-Force" = Brick-Force 1.9.87
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"Company of Heroes" = Company of Heroes
"dcmsvc_is1" = dcmsvc 1.0
"Diablo III" = Diablo III
"DynaGeo_is1" = DynaGeo 3.6c
"Eastern Front" = Eastern Front
"ecobutton_is1" = ecobutton
"ESN Sonar-0.70.4" = ESN Sonar
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube Download_is1" = Free YouTube Download version 2.10.36.517
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517
"Game Booster_is1" = Game Booster 3
"Garena Classic 2011" = Garena Classic 2011
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"HyperCam 3" = HyperCam 3
"InstallShield_{05C67443-7324-4C23-8BF5-C0808E4487A1}" = CMA Coach 6 Studio MV Student (Deutsch)
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"IsoBuster_is1" = IsoBuster 2.8.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Little Fighter 2" = Little Fighter 2 version 2.0a
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Origin" = Origin
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 107100" = Bastion
"Steam App 17080" = Tribes: Ascend
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 209830" = Lone Survivor
"Steam App 24200" = DC Universe Online
"Steam App 26800" = Braid
"Steam App 33460" = From Dust
"Steam App 3830" = Psychonauts
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 550" = Left 4 Dead 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 644" = Portal 2 Publishing Tool
"Steam App 65800" = Dungeon Defenders
"Steam App 8190" = Just Cause 2
"SysInfo" = Creative Systeminformationen
"TeamViewer 7" = TeamViewer 7
"TmNationsForever_is1" = TmNationsForever
"Trusted Software Assistant_is1" = File Type Assistant
"UltraISO_is1" = UltraISO Premium V9.52
"Uninstall_is1" = Uninstall 1.0.0.1
"Vista Anti-Lag" = Vista Anti-Lag 1.1.1
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4" = GeoGebra 4
"Spotify" = Spotify
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.05.2012 15:46:02 | Computer Name = Marc-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17
 
Error - 20.05.2012 15:46:02 | Computer Name = Marc-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18
 
Error - 20.05.2012 15:46:02 | Computer Name = Marc-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19
 
Error - 20.05.2012 15:46:02 | Computer Name = Marc-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20
 
Error - 20.05.2012 15:46:02 | Computer Name = Marc-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21
 
Error - 20.05.2012 15:46:02 | Computer Name = Marc-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22
 
Error - 20.05.2012 15:46:02 | Computer Name = Marc-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23
 
Error - 20.05.2012 15:46:02 | Computer Name = Marc-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24
 
Error - 21.05.2012 06:01:40 | Computer Name = Marc-PC | Source = Application Hang | ID = 1002
Description = Programm spotify.exe, Version 0.8.3.222 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f64    Startzeit:
01cd3736c083ed5a    Endzeit: 9    Anwendungspfad: C:\Users\Marc\AppData\Roaming\Spotify\spotify.exe

Berichts-ID:
 
 
Error - 21.05.2012 11:12:23 | Computer Name = Marc-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe"
 in Zeile 1.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
[ System Events ]
Error - 04.08.2012 07:51:52 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 07:51:57 | Computer Name = Marc-PC | Source = DCOM | ID = 10005
Description =
 
Error - 04.08.2012 07:51:57 | Computer Name = Marc-PC | Source = DCOM | ID = 10005
Description =
 
Error - 04.08.2012 07:51:58 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 07:51:59 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 07:51:59 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 07:51:59 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 07:51:59 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 07:51:59 | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 04.08.2012 07:52:21 | Computer Name = Marc-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >
--- --- ---


:dankeschoen:

t'john 04.08.2012 14:49
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..\SearchScopes\Plasmoo: "URL" = http://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "http://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.t-online.de/"
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [Ahrugii] C:\Users\Marc\AppData\Roaming\Xokyo\gucer.exe File not found
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [StructuredQuery] C:\Users\Marc\AppData\Local\Microsoft\Windows\3273\StructuredQuery.exe ()
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [Wiexavk] C:\Users\Marc\AppData\Roaming\Lityo\yqsyd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O15 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e5f98a99-a21f-11e0-929b-00040ec3f84d}\Shell - "" = AutoRun
O33 - MountPoints2\{e5f98a99-a21f-11e0-929b-00040ec3f84d}\Shell\AutoRun\command - "" = F:\pushinst.exe

[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]


[2012.07.18 12:14:27 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\hellomoto
[
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

MarcS 04.08.2012 16:08
Hier die Datei:

[Spoiler]All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "Plasmoo" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.t-online.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dcmsvc deleted successfully.
C:\Program Files (x86)\dcmsvc\dcmsvc.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ahrugii deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Windows\CurrentVersion\Run\\StructuredQuery deleted successfully.
C:\Users\Marc\AppData\Local\Microsoft\Windows\3273\StructuredQuery.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Wiexavk deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5f98a99-a21f-11e0-929b-00040ec3f84d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5f98a99-a21f-11e0-929b-00040ec3f84d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5f98a99-a21f-11e0-929b-00040ec3f84d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5f98a99-a21f-11e0-929b-00040ec3f84d}\ not found.
File F:\pushinst.exe not found.
C:\Windows\SysWow64\tmp53F0.tmp deleted successfully.
C:\Windows\SysWow64\tmp5410.tmp deleted successfully.
C:\Windows\SysWow64\tmpF5C6.tmp deleted successfully.
C:\Windows\SysWow64\tmpF605.tmp deleted successfully.
C:\Windows\SysWow64\tmpF920.tmp deleted successfully.
C:\Windows\SysWow64\tmpF95F.tmp deleted successfully.
C:\Users\Marc\AppData\Roaming\hellomoto folder moved successfully.
File not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Marc\Desktop\cmd.bat deleted successfully.
C:\Users\Marc\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ****
->Temp folder emptied: 12491805981 bytes
->Temporary Internet Files folder emptied: 290444756 bytes
->Java cache emptied: 15336059 bytes
->FireFox cache emptied: 586017063 bytes
->Flash cache emptied: 65979 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 400894300 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 1113 bytes

Total Files Cleaned = 13.146,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: ****
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.43.0 log created on 08042012_164401[/spoiler]

lg
MarcS

t'john 04.08.2012 16:25
Sehr gut! :daumenhoc



1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

MarcS 04.08.2012 19:06
Hi,

Habe beide Schritte ausgeführt...

OTL Logfile:
Code:
OTL logfile created on: 04.08.2012 13:54:28 - Run 1
OTL by OldTimer - Version 3.2.43.0    Folder = F:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 80,70% Memory free
6,00 Gb Paging File | 5,44 Gb Available in Paging File | 90,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,16 Gb Total Space | 15,89 Gb Free Space | 2,66% Space Free | Partition Type: NTFS
Drive F: | 247,21 Mb Total Space | 187,68 Mb Free Space | 75,92% Space Free | Partition Type: FAT
 
Computer Name: MARC-PC | User Name: Marc | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TDslMgrService) -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\drivers\l160x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (XENfiltv) -- C:\Windows\SysNative\drivers\XENfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (avfwot) -- C:\Windows\SysWOW64\drivers\avfwot.sys (Avira GmbH)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://battlelog.battlefield.com/bf3/
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 4C 83 9B 25 0F CC 01  [binary data]
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.0
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {D249FD00-4DF9-11D9-9FDC-0080481ADA61}:1.5
FF - prefs.js..extensions.enabledItems: amin.eft_Shutdown@gmail.com:3.6.2D
FF - prefs.js..extensions.enabledItems: {4b0a905d-b508-4574-8d12-b8fe120ace09}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Marc\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi [2012.03.15 21:37:23 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 22:20:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.05.07 14:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Extensions
[2012.07.29 20:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2012.07.29 20:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions
[2012.07.09 16:22:23 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.07.04 18:26:28 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2011.12.30 17:17:14 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011.05.07 14:08:44 | 000,000,000 | ---D | M] (Faark's Grepolis Bericht 2 Image - Exporter) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{4b0a905d-b508-4574-8d12-b8fe120ace09}
[2012.05.17 15:41:30 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.05.28 14:35:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.20 11:38:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.05.07 14:08:44 | 000,000,000 | ---D | M] (Auto Shutdown) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\amin.eft_Shutdown@gmail.com
[2012.07.04 18:26:28 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\battlefieldheroespatcher@ea.com
[2012.05.17 15:41:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\ich@maltegoetz.de
[2011.05.07 14:08:44 | 000,000,000 | ---D | M] (Flash Video Resources Downloader) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\max@subfighter.com
[2012.07.29 20:19:07 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\OneClickDownload@OneClickDownload.com
[2012.03.15 21:37:58 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\plugin@yontoo.com
[2011.05.07 14:08:44 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\vmm05lfr.default\extensions\vshare@toolbar
[2012.06.29 10:51:13 | 000,000,853 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\11-suche.xml
[2011.03.15 13:22:18 | 000,000,923 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\conduit.xml
[2012.06.29 10:51:13 | 000,002,209 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\englische-ergebnisse.xml
[2012.06.29 10:51:13 | 000,010,506 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\gmx-suche.xml
[2012.06.29 10:51:13 | 000,002,368 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\lastminute.xml
[2012.06.29 10:51:13 | 000,005,489 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\webde-suche.xml
[2012.03.16 00:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.07 13:02:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.11 19:30:32 | 000,061,228 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2011.07.13 01:03:41 | 000,065,236 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}.XPI
[2011.10.29 23:40:30 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.07.21 23:55:51 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.02.11 22:59:59 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.05.20 18:24:36 | 000,048,903 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.XPI
[2012.03.29 17:43:48 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011.05.03 23:08:41 | 000,105,386 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
[2012.02.14 19:53:30 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2011.10.19 01:08:29 | 000,174,405 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\GUICONFIG@SLOSD.NET.XPI
[2012.04.26 19:51:57 | 000,003,284 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\NOGROOVESHARKADS@TOBBI.TK.XPI
[2011.03.13 23:11:49 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012.07.27 15:45:14 | 000,324,456 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2011.06.21 14:54:45 | 000,040,924 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\SPARWELTGUTSCHEINE@SPARWELT.DE.XPI
[2012.06.29 10:50:36 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMM05LFR.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.07.20 22:20:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.20 22:20:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.20 22:20:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.20 22:20:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.20 22:20:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.20 22:20:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.20 22:20:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [Ahrugii] C:\Users\Marc\AppData\Roaming\Xokyo\gucer.exe File not found
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [Spotify] C:\Users\Marc\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [Spotify Web Helper] C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [StructuredQuery] C:\Users\Marc\AppData\Local\Microsoft\Windows\3273\StructuredQuery.exe ()
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [Wiexavk] C:\Users\Marc\AppData\Roaming\Lityo\yqsyd.exe File not found
O4 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000..\Run: [WLAN Optimizer] C:\Daten\wopt021\WLAN Optimizer.exe (none)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1628005666-4222545832-3221937452-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0CBEEB8-087D-4CC7-9C22-54A8FD55D6CA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e5f98a99-a21f-11e0-929b-00040ec3f84d}\Shell - "" = AutoRun
O33 - MountPoints2\{e5f98a99-a21f-11e0-929b-00040ec3f84d}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.03 19:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.03 19:33:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.03 19:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.03 19:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.03 19:33:15 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Marc\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.03 19:33:15 | 007,196,192 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Marc\Desktop\mbam-rules.exe
[2012.08.02 17:19:37 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.29 20:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012.07.24 16:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.24 16:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.24 16:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.07.24 16:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.24 16:29:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.20 14:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2012.07.18 14:44:21 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012.07.18 14:44:21 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012.07.18 14:44:19 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012.07.18 12:14:27 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\hellomoto
[2012.07.16 01:17:55 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Dust
[2012.07.15 18:11:59 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\CrashRpt
[2012.07.13 14:27:28 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\SCE
[2012.07.12 03:02:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 03:02:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 03:02:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 03:02:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 03:02:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 03:02:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 03:02:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 03:02:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 03:02:14 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 03:02:14 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 03:02:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 03:02:14 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 03:02:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 15:11:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 15:11:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 15:11:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 15:11:07 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 15:11:06 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.08 23:01:03 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Xokyo
[2012.07.08 23:01:03 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Ikro
[2012.07.08 23:01:03 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Dyowmy
[2012.07.08 22:59:07 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Ricaas
[2012.07.08 22:59:07 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Lityo
[2012.07.08 22:59:07 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Fozo
[2012.07.07 20:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrickForce
[2012.07.07 20:45:00 | 000,000,000 | ---D | C] -- C:\BrickForce
[2012.07.07 18:58:35 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Square Enix
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.04 13:53:27 | 001,613,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.04 13:53:27 | 000,696,878 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.04 13:53:27 | 000,652,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.04 13:53:27 | 000,148,174 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.04 13:53:27 | 000,121,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.04 13:46:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.04 13:46:23 | 2415,222,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.04 13:45:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 13:45:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 23:48:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.03 19:33:37 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.03 19:32:12 | 007,196,192 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Marc\Desktop\mbam-rules.exe
[2012.08.03 19:28:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Marc\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.02 20:23:33 | 000,454,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.28 23:22:30 | 000,007,594 | ---- | M] () -- C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
[2012.07.28 00:48:54 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.28 00:48:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.24 16:33:20 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.20 02:43:14 | 000,000,219 | ---- | M] () -- C:\Users\Marc\Desktop\Left 4 Dead 2.url
[2012.07.17 01:05:00 | 000,000,221 | ---- | M] () -- C:\Users\Marc\Desktop\Red Faction Guerrilla.url
[2012.07.15 01:06:21 | 000,000,221 | ---- | M] () -- C:\Users\Marc\Desktop\From Dust.url
[2012.07.13 19:51:53 | 000,000,219 | ---- | M] () -- C:\Users\Marc\Desktop\Portal 2.url
[2012.07.13 19:51:53 | 000,000,203 | ---- | M] () -- C:\Users\Marc\Desktop\Portal 2 Publishing Tool.url
[2012.07.09 22:00:48 | 000,000,221 | ---- | M] () -- C:\Users\Marc\Desktop\DC Universe Online.url
[2012.07.07 20:45:02 | 000,000,630 | ---- | M] () -- C:\Users\Public\Desktop\BrickForce.lnk
[2012.07.07 18:43:53 | 000,000,700 | ---- | M] () -- C:\Users\Marc\Desktop\Just Cause 2.lnk
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.03 19:33:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.24 16:33:20 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.20 14:03:27 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.07.20 02:43:14 | 000,000,219 | ---- | C] () -- C:\Users\Marc\Desktop\Left 4 Dead 2.url
[2012.07.17 01:04:59 | 000,000,221 | ---- | C] () -- C:\Users\Marc\Desktop\Red Faction Guerrilla.url
[2012.07.15 01:06:21 | 000,000,221 | ---- | C] () -- C:\Users\Marc\Desktop\From Dust.url
[2012.07.13 19:51:53 | 000,000,203 | ---- | C] () -- C:\Users\Marc\Desktop\Portal 2 Publishing Tool.url
[2012.07.13 19:51:52 | 000,000,219 | ---- | C] () -- C:\Users\Marc\Desktop\Portal 2.url
[2012.07.09 22:00:48 | 000,000,221 | ---- | C] () -- C:\Users\Marc\Desktop\DC Universe Online.url
[2012.07.07 20:45:02 | 000,000,630 | ---- | C] () -- C:\Users\Public\Desktop\BrickForce.lnk
[2012.07.07 18:43:53 | 000,000,700 | ---- | C] () -- C:\Users\Marc\Desktop\Just Cause 2.lnk
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.05 17:26:08 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.05 17:25:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.06 19:58:04 | 000,004,608 | ---- | C] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.26 14:11:54 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.07.26 14:11:54 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.07.02 00:31:57 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.06.25 16:12:14 | 001,590,498 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.22 15:02:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.07 20:20:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.07 19:29:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.05.07 13:52:52 | 000,007,594 | ---- | C] () -- C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
[2011.05.07 13:52:52 | 000,000,000 | ---- | C] () -- C:\Users\Marc\AppData\Local\Xzuritu.bin
[2011.05.07 13:52:51 | 000,000,120 | ---- | C] () -- C:\Users\Marc\AppData\Local\Gnovo.dat
[2011.05.07 13:52:51 | 000,000,092 | ---- | C] () -- C:\Users\Marc\AppData\Local\fusioncache.dat
[2011.03.31 08:59:24 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini
 
========== LOP Check ==========
 
[2012.04.14 12:06:14 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\.minecraft
[2012.04.12 18:24:52 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\.techniclauncher
[2011.05.07 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Alliance
[2011.08.20 17:01:20 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011.05.07 14:08:22 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DAEMON Tools Lite
[2011.05.07 14:08:22 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.05.07 14:08:26 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DNA
[2011.05.28 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.18 12:21:11 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DynaGeo
[2012.07.11 09:39:50 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dyowmy
[2011.05.07 14:08:26 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Engelmann Media
[2011.05.07 14:08:26 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\FarmingSimulator2008
[2012.07.08 23:01:07 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Fozo
[2011.05.07 14:08:27 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\GetRightToGo
[2011.05.30 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\go
[2011.05.07 14:08:28 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Grand Ages Rome
[2011.05.28 14:47:19 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\gtk-2.0
[2011.05.07 14:08:28 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\hdbADS
[2012.08.01 20:20:35 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\hellomoto
[2012.08.03 19:15:03 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ICQ
[2012.07.08 23:01:03 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Ikro
[2011.05.07 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ImgBurn
[2011.05.07 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Imperium Romanum
[2011.08.14 14:30:12 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\klett
[2011.05.07 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Leadertech
[2012.07.10 01:54:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Lityo
[2011.05.17 12:41:08 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\LolClient
[2012.05.24 13:14:36 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\LolClient2
[2011.05.07 14:08:37 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\MAGIX
[2011.05.07 14:08:37 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2011.05.07 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\MrJobs
[2011.05.07 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\OCS
[2011.05.07 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Opera
[2011.10.26 12:37:11 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Origin
[2011.05.07 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PunkBuster
[2012.07.08 22:59:07 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Ricaas
[2011.05.07 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Sierra
[2011.12.06 19:57:52 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Solveig Multimedia
[2012.08.03 19:15:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Spotify
[2011.05.07 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\T-Online
[2011.05.07 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Talkative IRC
[2012.05.20 15:57:14 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TeamViewer
[2011.05.07 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Teeworlds
[2011.05.07 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\The Creative Assembly
[2011.09.17 12:31:47 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Tropico 3
[2012.06.15 17:31:09 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TS3Client
[2011.05.07 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TubeBox
[2011.05.07 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Tunngle
[2012.02.21 17:26:20 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Ubisoft
[2011.05.07 14:08:51 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\UltimateZip
[2012.04.12 18:11:39 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\uTorrent
[2012.07.07 20:04:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\wargaming.net
[2011.01.01 17:05:31 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Windows Live Writer
[2012.07.13 10:19:28 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Xokyo
[2012.05.02 17:19:12 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Und hier der andere Scan:

[Spoiler]
# AdwCleaner v1.800 - Logfile created 08/04/2012 at 20:02:45
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Marc - MARC-PC
# Running from : C:\Users\Marc\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\Conduit
Folder Found : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\extensions\plugin@yontoo.com
Folder Found : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\extensions\vshare@toolbar
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Program Files (x86)\Yontoo
File Found : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\Conduit.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar[*] Key Found : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1[*] Key Found : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620[*] Key Found : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\SweetIM
[x64] Key Found : HKCU\Software\SweetIm
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[x64] Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
[x64] Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
[x64] Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
[x64] Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
[x64] Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
[x64] Key Found : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\prefs.js

Found : user_pref("CT2682599..clientLogIsEnabled", false);
Found : user_pref("CT2682599..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2682599..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2682599.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2682599.CTID", "CT2682599");
Found : user_pref("CT2682599.CurrentServerDate", "15-12-2010");
Found : user_pref("CT2682599.DialogsAlignMode", "LTR");
Found : user_pref("CT2682599.DownloadReferralCookieData", "");
Found : user_pref("CT2682599.FirstServerDate", "15-12-2010");
Found : user_pref("CT2682599.FirstTime", true);
Found : user_pref("CT2682599.FirstTimeFF3", true);
Found : user_pref("CT2682599.FixPageNotFoundErrors", true);
Found : user_pref("CT2682599.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2682599.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2682599.HasUserGlobalKeys", true);
Found : user_pref("CT2682599.Initialize", true);
Found : user_pref("CT2682599.InitializeCommonPrefs", true);
Found : user_pref("CT2682599.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT2682599.InstalledDate", "Wed Dec 15 2010 16:03:38 GMT+0100");
Found : user_pref("CT2682599.IsGrouping", false);
Found : user_pref("CT2682599.IsMulticommunity", false);
Found : user_pref("CT2682599.IsOpenThankYouPage", true);
Found : user_pref("CT2682599.IsOpenUninstallPage", true);
Found : user_pref("CT2682599.LanguagePackLastCheckTime", "Wed Dec 15 2010 16:03:38 GMT+0100");
Found : user_pref("CT2682599.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2682599.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2682599.LastLogin_3.2.5.2", "Wed Dec 15 2010 16:03:34 GMT+0100");
Found : user_pref("CT2682599.LatestVersion", "3.2.5.2");
Found : user_pref("CT2682599.Locale", "de");
Found : user_pref("CT2682599.MCDetectTooltipHeight", "83");
Found : user_pref("CT2682599.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2682599.MCDetectTooltipWidth", "295");
Found : user_pref("CT2682599.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2682599.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT268[...]
Found : user_pref("CT2682599.SearchInNewTabEnabled", true);
Found : user_pref("CT2682599.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2682599.SearchInNewTabLastCheckTime", "Wed Dec 15 2010 16:03:34 GMT+0100");
Found : user_pref("CT2682599.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2682599.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2682599.ServiceMapLastCheckTime", "Wed Dec 15 2010 16:03:28 GMT+0100");
Found : user_pref("CT2682599.SettingsLastCheckTime", "Wed Dec 15 2010 18:11:47 GMT+0100");
Found : user_pref("CT2682599.SettingsLastUpdate", "1291140738");
Found : user_pref("CT2682599.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2682599.ThirdPartyComponentsLastCheck", "Wed Dec 15 2010 16:03:28 GMT+0100");
Found : user_pref("CT2682599.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2682599.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2682599.UserID", "UN84979086033671267");
Found : user_pref("CT2682599.ValidationData_Toolbar", 2);
Found : user_pref("CT2682599.alertChannelId", "1075026");
Found : user_pref("CT2682599.backendstorage.activetoolbar", "77657374");
Found : user_pref("CT2682599.backendstorage.toolbar_market", "6465");
Found : user_pref("CT2682599.backendstorage.toolbarurl", "687474703A2F2F746F6F6C6261722E696E6E6F67616D65732E[...]
Found : user_pref("CT2682599.myStuffEnabled", true);
Found : user_pref("CT2682599.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2682599.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2682599.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2682599.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2682599.testingCtid", "");
Found : user_pref("CT2682599.toolbarAppMetaDataLastCheckTime", "Wed Dec 15 2010 16:03:34 GMT+0100");
Found : user_pref("CT2682599.toolbarContextMenuLastCheckTime", "Wed Dec 15 2010 16:03:39 GMT+0100");
Found : user_pref("CT2682599.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1075026/1070730/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2682599", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63427934310393[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2682599/CT2682599[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/index.htm?SearchMashi[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2682599");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2682599");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue May 03 2011 16:09:12 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertEnabled", true);
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Dec 15 2010 18:11:47 GMT+0100");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue May 03 2011 16:05:05 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "9ffb32b9-8edd-4b98-82c7-0489c7c3acf0");
Found : user_pref("CommunityToolbar.globalUserId", "57299590-9000-43ad-ab89-ad3fc7179cf7");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Found : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Found : user_pref("extensions.vshare@toolbar.install-event-fired", true);
Found : user_pref("plasmoo.search.engine.prevkeywordurl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("plasmoo.search.engine.prevsearchdefaultthisenginename", "InnoGames Customized Web Search"[...]
Found : user_pref("plasmoo.search.engine.prevsearchdefaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?c[...]
Found : user_pref("vshare.install.date", "1288483200000");
Found : user_pref("vshare.install.finished", "1.0.0");
Found : user_pref("vshare.install.guid", "{f607aace-34dd-4fc4-b8f9-e1b3d19c7d6d}");
Found : user_pref("vshare.install.isHidden", true);
Found : user_pref("vshare.install.laststatreq", "1299801600000");
Found : user_pref("vshare.install.newtab", false);

*************************

AdwCleaner[R1].txt - [33853 octets] - [04/08/2012 20:02:45]

########## EOF - C:\AdwCleaner[R1].txt - [33982 octets] ##########
[/spoiler]

Vielen Dank bis hierhin! :dankeschoen::dankeschoen::dankeschoen:

lg
MarcS

t'john 04.08.2012 20:21
Wo ist das Log von Malwarebytes?

MarcS 04.08.2012 20:27
Oh ich hatte ausversehen den Log von OTL gepostet :stirn:

Hier der von Malwarebytes

[Spoiler]Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marc :: MARC-PC [Administrator]

Schutz: Aktiviert

04.08.2012 17:27:23
mbam-log-2012-08-04 (17-27-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 665921
Laufzeit: 2 Stunde(n), 29 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)[/spoiler]

lg
MarcS

t'john 05.08.2012 01:29
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

MarcS 05.08.2012 19:13
Haloo,

Hier der Bericht vom 1. Schritt...das 2. Program bin ich noch am herunterladen, folgt aber später noch

[Spoiler]
# AdwCleaner v1.800 - Logfile created 08/05/2012 at 19:58:08
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Marc - MARC-PC
# Running from : C:\Users\Marc\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\Conduit
Folder Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\extensions\vshare@toolbar
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Yontoo
File Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\searchplugins\Conduit.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar[*] Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1[*] Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620[*] Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\SweetIM
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
[x64] Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\prefs.js

C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\vmm05lfr.default\user.js ... Deleted !

Deleted : user_pref("CT2682599..clientLogIsEnabled", false);
Deleted : user_pref("CT2682599..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2682599..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2682599.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2682599.CTID", "CT2682599");
Deleted : user_pref("CT2682599.CurrentServerDate", "15-12-2010");
Deleted : user_pref("CT2682599.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2682599.DownloadReferralCookieData", "");
Deleted : user_pref("CT2682599.FirstServerDate", "15-12-2010");
Deleted : user_pref("CT2682599.FirstTime", true);
Deleted : user_pref("CT2682599.FirstTimeFF3", true);
Deleted : user_pref("CT2682599.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2682599.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2682599.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2682599.HasUserGlobalKeys", true);
Deleted : user_pref("CT2682599.Initialize", true);
Deleted : user_pref("CT2682599.InitializeCommonPrefs", true);
Deleted : user_pref("CT2682599.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2682599.InstalledDate", "Wed Dec 15 2010 16:03:38 GMT+0100");
Deleted : user_pref("CT2682599.IsGrouping", false);
Deleted : user_pref("CT2682599.IsMulticommunity", false);
Deleted : user_pref("CT2682599.IsOpenThankYouPage", true);
Deleted : user_pref("CT2682599.IsOpenUninstallPage", true);
Deleted : user_pref("CT2682599.LanguagePackLastCheckTime", "Wed Dec 15 2010 16:03:38 GMT+0100");
Deleted : user_pref("CT2682599.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2682599.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2682599.LastLogin_3.2.5.2", "Wed Dec 15 2010 16:03:34 GMT+0100");
Deleted : user_pref("CT2682599.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2682599.Locale", "de");
Deleted : user_pref("CT2682599.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2682599.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2682599.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2682599.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2682599.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT268[...]
Deleted : user_pref("CT2682599.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2682599.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2682599.SearchInNewTabLastCheckTime", "Wed Dec 15 2010 16:03:34 GMT+0100");
Deleted : user_pref("CT2682599.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2682599.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2682599.ServiceMapLastCheckTime", "Wed Dec 15 2010 16:03:28 GMT+0100");
Deleted : user_pref("CT2682599.SettingsLastCheckTime", "Wed Dec 15 2010 18:11:47 GMT+0100");
Deleted : user_pref("CT2682599.SettingsLastUpdate", "1291140738");
Deleted : user_pref("CT2682599.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2682599.ThirdPartyComponentsLastCheck", "Wed Dec 15 2010 16:03:28 GMT+0100");
Deleted : user_pref("CT2682599.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2682599.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2682599.UserID", "UN84979086033671267");
Deleted : user_pref("CT2682599.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2682599.alertChannelId", "1075026");
Deleted : user_pref("CT2682599.backendstorage.activetoolbar", "77657374");
Deleted : user_pref("CT2682599.backendstorage.toolbar_market", "6465");
Deleted : user_pref("CT2682599.backendstorage.toolbarurl", "687474703A2F2F746F6F6C6261722E696E6E6F67616D65732E[...]
Deleted : user_pref("CT2682599.myStuffEnabled", true);
Deleted : user_pref("CT2682599.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2682599.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2682599.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2682599.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2682599.testingCtid", "");
Deleted : user_pref("CT2682599.toolbarAppMetaDataLastCheckTime", "Wed Dec 15 2010 16:03:34 GMT+0100");
Deleted : user_pref("CT2682599.toolbarContextMenuLastCheckTime", "Wed Dec 15 2010 16:03:39 GMT+0100");
Deleted : user_pref("CT2682599.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1075026/1070730/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2682599", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63427934310393[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2682599/CT2682599[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/index.htm?SearchMashi[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2682599");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2682599");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue May 03 2011 16:09:12 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Dec 15 2010 18:11:47 GMT+0100");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue May 03 2011 16:05:05 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "9ffb32b9-8edd-4b98-82c7-0489c7c3acf0");
Deleted : user_pref("CommunityToolbar.globalUserId", "57299590-9000-43ad-ab89-ad3fc7179cf7");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Deleted : user_pref("extensions.vshare@toolbar.install-event-fired", true);
Deleted : user_pref("plasmoo.search.engine.prevkeywordurl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("plasmoo.search.engine.prevsearchdefaultthisenginename", "InnoGames Customized Web Search"[...]
Deleted : user_pref("plasmoo.search.engine.prevsearchdefaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?c[...]
Deleted : user_pref("vshare.install.date", "1288483200000");
Deleted : user_pref("vshare.install.finished", "1.0.0");
Deleted : user_pref("vshare.install.guid", "{f607aace-34dd-4fc4-b8f9-e1b3d19c7d6d}");
Deleted : user_pref("vshare.install.isHidden", true);
Deleted : user_pref("vshare.install.laststatreq", "1299801600000");
Deleted : user_pref("vshare.install.newtab", false);

*************************

AdwCleaner[R1].txt - [33752 octets] - [04/08/2012 20:02:45]
AdwCleaner[S1].txt - [30654 octets] - [05/08/2012 19:58:08]

########## EOF - C:\AdwCleaner[S1].txt - [30783 octets] ##########
[/spoiler]

lg
MarcS

t'john 05.08.2012 20:19
Emsisoft Log?

MarcS 06.08.2012 22:56
Hallo,

hier der 2. Scan...hat sehr lange gedauert weshalb ich den Scan gestern abgebrochen hatte

[Spoiler]
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 06.08.2012 17:20:43

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 06.08.2012 17:20:54

C:\Daten\USB-Stick\Programme\CryptLoad_1.1.8.rar -> router\FRITZ!Box\nc.exe gefunden: not-a-virus:RemoteAdmin.Win32.NetCat!E2
C:\Daten\TeknoGods_Beta16\teknohelper.exe gefunden: Trojan.Agent!E1
C:\Daten\TeknoGods_Beta16\DLLLoad.exe gefunden: Trojan.Win32.Generic!E1

Gescannt 920994
Gefunden 3

Scan Ende: 06.08.2012 23:37:32
Scan Zeit: 6:16:38

C:\Daten\TeknoGods_Beta16\DLLLoad.exe Quarantäne Trojan.Win32.Generic!E1
C:\Daten\TeknoGods_Beta16\teknohelper.exe Quarantäne Trojan.Agent!E1
C:\Daten\USB-Stick\Programme\CryptLoad_1.1.8.rar -> router\FRITZ!Box\nc.exe Quarantäne not-a-virus:RemoteAdmin.Win32.NetCat!E2

Quarantäne 3
[/spoiler]

lg
MarcS

t'john 07.08.2012 13:29
Sehr gut! :daumenhoc



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:59 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55