Trojaner-Board - tbhcn.exe

vom malewarebytes Anti-Maleware

Code:

Schutz: Aktiviert
 

28.10.2012 18:28:18

mbam-log-2012-10-28 (18-28-18).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 397840

Laufzeit: 1 Stunde(n), 20 Minute(n), 11 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

er hat nix gefunden obwohl die tbhcn.exe immer noch als prozess läuft

das is die OTL.txt

Code:

OTL logfile created on: 28.10.2012 20:02:21 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop

 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 53,34% Memory free

6,00 Gb Paging File | 4,42 Gb Available in Paging File | 73,65% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 698,54 Gb Total Space | 364,26 Gb Free Space | 52,15% Space Free | Partition Type: NTFS

 

Computer Name: *** | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\KontoX\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()

PRC - C:\Programme\Opera\opera.exe (Opera Software)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Users\KontoX\AppData\Roaming\BrowserCompanion\tbhcn.exe ()

PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)

PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()

PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)

PRC - C:\Programme\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)

PRC - C:\Programme\T-Home\Dialerschutz-Software\DFInject.exe (T-Systems International GmbH)

PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)

PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

PRC - C:\Programme\Logitech\QuickCam10\QuickCam10.exe ()

PRC - C:\Programme\Common Files\logishrd\LComMgr\Communications_Helper.exe (Logitech Inc.)

PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\Windows\System32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)

PRC - C:\Windows\System32\PAStiSvc.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\clntutil.dll ()

MOD - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll ()

MOD - C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()

MOD - C:\Programme\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\bwfiles.dll ()

MOD - C:\Programme\Opera\gstreamer\gstreamer.dll ()

MOD - C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll ()

MOD - C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll ()

MOD - C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()

MOD - C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll ()

MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll ()

MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll ()

MOD - C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll ()

MOD - C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll ()

MOD - C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll ()

MOD - C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll ()

MOD - C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll ()

MOD - C:\Programme\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()

MOD - C:\Programme\Opera\mapi\OperaMAPI.dll ()

MOD - C:\Users\KontoX\AppData\Roaming\BrowserCompanion\tbhcn.exe ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Programme\Logitech\QuickCam10\LAppRes.DLL ()

MOD - C:\Programme\Logitech\QuickCam10\QuickCam10.exe ()

MOD - C:\Programme\Common Files\logishrd\LVCOMSER\LVCSPS.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (KMService) -- C:\Windows\System32\srvany.exe ()

SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()

SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)

SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)

SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)

SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)

SRV - (DFSVC) -- C:\Programme\T-Home\Dialerschutz-Software\DFInject.exe (T-Systems International GmbH)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation)

SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe (SiSoftware)

SRV - (LVSrvLauncher) -- C:\Programme\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)

SRV - (LVPrcSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)

SRV - (libusbd) -- C:\Windows\System32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)

SRV - (STI Simulator) -- C:\Windows\System32\PAStiSvc.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found

DRV - (eamonm) -- system32\DRIVERS\eamonm.sys File not found

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)

DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)

DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)

DRV - (SipIMNDI) -- C:\Windows\System32\drivers\SipIMNDI.sys (T-Systems International GmbH)

DRV - (DFSYS) -- C:\Programme\T-Home\Dialerschutz-Software\DFSYS.sys (T-Systems International GmbH)

DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x86\sandra.sys (SiSoftware)

DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)

DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)

DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)

DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()

DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)

DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()

DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (PAC7311) -- C:\Windows\System32\drivers\PA707UCM.SYS (PixArt Imaging Inc.)

DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys ()

DRV - (LVBulk) -- C:\Windows\System32\drivers\LVBULK.sys (Logitech Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2189224

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 C9 EF 79 E2 38 CC 01  [binary data]

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..\URLSearchHook: {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110808&tt=3612_7&babsrc=SP_ss&mntrId=4c54db910000000000000024217894fc

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..\SearchScopes\{20414528-0F82-4D85-9384-2E95DD8BB508}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=5e9208e5-f4b9-45db-a835-d8cd1977eb56&apn_sauid=AEC14EEF-705C-4D71-848B-1B14A3F1AABB

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2189224

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6PQGkmegtv&i=26

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;localhost

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.startup.homepage: "https://www.google.de/"

FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.474

FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687

FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5

FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.4.100015

FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=5e9208e5-f4b9-45db-a835-d8cd1977eb56&apn_ptnrs=^ABT&apn_sauid=AEC14EEF-705C-4D71-848B-1B14A3F1AABB&apn_dtid=^YYYYYY^YY^DE&&q="

FF - prefs.js..network.proxy.type: 0

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.03 17:21:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.12 12:56:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 00:21:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.03 17:21:46 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 00:21:24 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2012.06.11 22:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\Extensions

[2012.10.24 21:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\Firefox\Profiles\8pcfgyqa.default\extensions

[2012.08.25 18:15:27 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\KontoX\AppData\Roaming\mozilla\Firefox\Profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com

[2012.08.24 15:09:10 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\KontoX\AppData\Roaming\mozilla\Firefox\Profiles\8pcfgyqa.default\extensions\toolbar@ask.com

[2012.10.24 21:12:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire

[2012.09.02 23:18:08 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a6_expire

[2012.09.08 17:19:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire

[2012.10.27 15:19:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire

[2012.10.27 15:19:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire

[2012.10.27 15:19:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire

[2012.08.28 13:18:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire

[2012.10.24 21:12:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire

[2012.10.19 22:14:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire

[2012.09.04 08:52:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire

[2012.10.27 15:37:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire

[2012.09.04 19:48:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire

[2012.10.27 15:19:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire

[2012.10.27 15:19:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire

[2012.10.27 15:19:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire

[2012.09.19 01:28:37 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire

[2012.08.27 19:52:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b5bc7084382de95cb69790e5d10db338_expire

[2012.10.27 15:19:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire

[2012.10.27 15:20:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire

[2012.10.27 15:19:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire

[2012.08.26 18:56:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d83bb387de1d7c4401815e133de06c6b_expire

[2012.09.19 01:28:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire

[2012.08.25 18:15:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf0952274624_expire

[2012.10.27 15:19:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire

[2012.10.19 22:14:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire

[2012.10.27 15:20:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire

[2012.10.24 21:12:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire

[2012.10.24 21:12:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire

[2012.10.27 15:17:57 | 000,002,413 | ---- | M] () -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\searchplugins\askcom.xml

[2012.08.12 12:56:33 | 000,002,203 | ---- | M] () -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\searchplugins\MyStart Search.xml

[2012.08.25 18:15:27 | 000,002,792 | ---- | M] () -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\searchplugins\Plusnetwork.xml

[2012.08.14 15:14:51 | 000,003,998 | ---- | M] () -- C:\Users\KontoX\AppData\Roaming\mozilla\firefox\profiles\8pcfgyqa.default\searchplugins\sweetim.xml

[2012.09.08 00:21:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.10.03 15:37:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.10.03 15:37:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.08.12 12:56:39 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

[2012.09.08 00:21:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.06.01 17:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.04 23:22:00 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2012.08.31 23:14:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.06.01 17:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.07.03 17:59:15 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[2012.01.12 17:21:55 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml

[2012.06.01 17:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.01 17:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.01 17:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.10.06 22:49:12 | 000,000,852 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 74.208.10.249 gs.apple.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()

O4 - HKLM..\Run: [MsmqIntCert] C:\Windows\System32\mqrt.dll (Microsoft Corporation)

O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [QCDriverInstaller] C:\Programme\Common Files\Logitech\QCDriver\Lqdsw.exe (Logitech Inc.)

O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)

O4 - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()

O4 - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000..\Run: [WebCamRT.exe]  File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\KontoX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\KontoX\AppData\Roaming\BrowserCompanion\tbhcn.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2186919244-3342199744-2602155374-1000\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A82CEA8B-C49A-4144-8FF1-2117C6B1B5C3}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{5e7d377e-f8e4-11e1-9822-0024217894fc}\Shell - "" = AutoRun

O33 - MountPoints2\{5e7d377e-f8e4-11e1-9822-0024217894fc}\Shell\AutoRun\command - "" = I:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.10.28 01:25:19 | 004,010,544 | ---- | C] (Piriform Ltd) -- C:\Users\KontoX\Desktop\ccsetup324.exe

[2012.10.27 18:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.10.27 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2012.10.27 17:28:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KontoX\Desktop\OTL.exe

[2012.10.27 15:59:24 | 000,000,000 | ---D | C] -- C:\Users\KontoX\AppData\Roaming\Malwarebytes

[2012.10.27 15:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.10.27 15:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.10.27 15:59:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.10.27 15:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.10.27 15:41:02 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\KontoX\Desktop\mbam-setup-1.65.1.1000.exe

[2012.10.26 13:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games

[2012.10.26 13:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient

[2012.10.26 13:45:32 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache

[2012.10.18 02:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks

[2012.10.17 14:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks

[2012.10.09 23:30:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2012.10.09 23:29:44 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

[2012.10.09 23:29:44 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012.10.09 23:29:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

[2012.10.09 23:29:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

[2012.10.09 23:29:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.09 23:29:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.09 23:29:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.09 23:29:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

[2012.10.09 23:29:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

[2012.10.09 23:29:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.09 23:29:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.09 23:29:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

[2012.10.09 23:29:19 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012.10.09 23:29:18 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012.10.07 15:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012.10.07 14:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD

[2012.10.07 14:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT

[2012.10.07 14:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2012.10.07 14:57:01 | 000,163,328 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe

[2012.10.07 14:56:58 | 000,404,992 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe

[2012.10.07 01:47:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012.10.06 22:05:32 | 000,000,000 | ---D | C] -- C:\Users\KontoX\.shsh

[2012.10.06 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\KontoX\AppData\Roaming\redsn0w

[2012.10.06 21:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2012.10.06 19:28:58 | 000,000,000 | ---D | C] -- C:\Users\KontoX\AppData\Local\libimobiledevice

[2012.10.01 09:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

[2012.10.01 09:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony

[2012.10.01 09:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Sony

[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.10.28 19:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.10.28 19:49:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.10.28 18:58:15 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.10.28 18:58:15 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.10.28 15:02:08 | 000,072,780 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.10.28 15:02:08 | 000,052,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.10.28 15:02:08 | 000,023,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.10.28 15:02:08 | 000,019,556 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.10.28 14:57:45 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.10.28 14:57:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.10.28 14:57:32 | 2415,312,896 | -HS- | M] () -- C:\hiberfil.sys

[2012.10.28 01:31:52 | 004,010,544 | ---- | M] (Piriform Ltd) -- C:\Users\KontoX\Desktop\ccsetup324.exe

[2012.10.27 18:21:14 | 000,013,489 | ---- | M] () -- C:\Users\KontoX\Desktop\OTL.7z

[2012.10.27 18:20:23 | 000,014,117 | ---- | M] () -- C:\Users\KontoX\Desktop\Extras.7z

[2012.10.27 18:03:05 | 001,110,476 | ---- | M] () -- C:\Users\KontoX\Desktop\7z920.exe

[2012.10.27 18:00:07 | 000,000,156 | ---- | M] () -- C:\Users\KontoX\defogger_reenable

[2012.10.27 17:57:02 | 000,050,477 | ---- | M] () -- C:\Users\KontoX\Desktop\Defogger.exe

[2012.10.27 17:28:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KontoX\Desktop\OTL.exe

[2012.10.27 15:59:16 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.27 15:58:44 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\KontoX\Desktop\mbam-setup-1.65.1.1000.exe

[2012.10.27 15:56:42 | 000,000,000 | ---- | M] () -- C:\Users\KontoX\Documents\ts3_clientui-win32-1350973218-2012-10-27 16_56_42.674500.dmp

[2012.10.27 15:08:26 | 000,000,742 | ---- | M] () -- C:\Users\KontoX\Documents\aionmemo_646380a2.dat

[2012.10.26 10:43:14 | 000,000,268 | ---- | M] () -- C:\Users\KontoX\Documents\aionmemo_d2749624.dat

[2012.10.17 15:35:10 | 000,037,043 | ---- | M] () -- C:\Users\KontoX\Documents\legi52.xcf

[2012.10.17 15:35:10 | 000,029,066 | ---- | M] () -- C:\Users\KontoX\AppData\Local\recently-used.xbel

[2012.10.17 15:16:39 | 000,024,177 | ---- | M] () -- C:\Users\KontoX\Documents\legi.xcf

[2012.10.14 19:26:40 | 000,326,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.10.09 14:59:04 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.10.09 14:59:04 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.10.06 22:49:12 | 000,000,852 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella

[2012.10.06 22:49:12 | 000,000,852 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012.10.03 21:03:34 | 000,000,014 | ---- | M] () -- C:\end

[2012.10.02 19:54:07 | 000,196,652 | ---- | M] () -- C:\Users\KontoX\Documents\emblem.tga

[2012.10.02 19:40:51 | 000,013,312 | -H-- | M] () -- C:\Users\KontoX\Desktop\photothumb.db

[2012.10.02 19:24:47 | 000,184,717 | ---- | M] () -- C:\Users\KontoX\Documents\Unbenannt.xcf

[2012.09.29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.10.27 18:21:14 | 000,013,489 | ---- | C] () -- C:\Users\KontoX\Desktop\OTL.7z

[2012.10.27 18:20:23 | 000,014,117 | ---- | C] () -- C:\Users\KontoX\Desktop\Extras.7z

[2012.10.27 18:01:20 | 001,110,476 | ---- | C] () -- C:\Users\KontoX\Desktop\7z920.exe

[2012.10.27 18:00:06 | 000,000,156 | ---- | C] () -- C:\Users\KontoX\defogger_reenable

[2012.10.27 17:57:01 | 000,050,477 | ---- | C] () -- C:\Users\KontoX\Desktop\Defogger.exe

[2012.10.27 15:59:16 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.27 15:56:42 | 000,000,000 | ---- | C] () -- C:\Users\KontoX\Documents\ts3_clientui-win32-1350973218-2012-10-27 16_56_42.674500.dmp

[2012.10.26 13:47:18 | 000,001,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk

[2012.10.26 13:47:18 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weitere fantastische Spiele.lnk

[2012.10.20 12:55:23 | 000,000,268 | ---- | C] () -- C:\Users\KontoX\Documents\aionmemo_d2749624.dat

[2012.10.17 15:35:10 | 000,029,066 | ---- | C] () -- C:\Users\KontoX\AppData\Local\recently-used.xbel

[2012.10.17 15:33:17 | 000,037,043 | ---- | C] () -- C:\Users\KontoX\Documents\legi52.xcf

[2012.10.17 15:16:39 | 000,024,177 | ---- | C] () -- C:\Users\KontoX\Documents\legi.xcf

[2012.10.02 19:54:07 | 000,196,652 | ---- | C] () -- C:\Users\KontoX\Documents\emblem.tga

[2012.10.02 19:04:38 | 000,184,717 | ---- | C] () -- C:\Users\KontoX\Documents\Unbenannt.xcf

[2012.09.25 21:06:47 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI

[2012.09.25 21:04:29 | 000,294,912 | ---- | C] () -- C:\Windows\System32\liplW7.dll

[2012.09.25 21:04:29 | 000,290,816 | ---- | C] () -- C:\Windows\System32\liplA6.dll

[2012.09.25 21:04:29 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplPX.dll

[2012.09.25 21:04:29 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplP6.dll

[2012.09.25 21:04:29 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplM6.dll

[2012.09.25 21:04:29 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lipl.dll

[2012.09.25 21:03:35 | 000,001,360 | ---- | C] () -- C:\Windows\_delis32.ini

[2012.09.25 20:51:49 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe

[2012.09.14 17:07:20 | 000,422,624 | R--- | C] () -- C:\Users\KontoX\CloudConnect-v18-prod-634832428400286000.apk

[2012.09.04 21:29:28 | 000,007,597 | ---- | C] () -- C:\Users\KontoX\AppData\Local\Resmon.ResmonCfg

[2012.09.04 16:29:52 | 017,367,682 | ---- | C] () -- C:\Users\KontoX\UltraStar-0.9.1.exe

[2012.09.01 01:10:55 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe

[2012.08.30 08:54:11 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll

[2012.08.30 08:53:36 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2012.08.30 08:53:19 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2012.08.17 22:37:25 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys

[2012.08.12 16:50:54 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PAStiSvc.exe

[2012.06.11 12:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe

[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll

[2011.12.18 11:29:37 | 011,165,696 | ---- | C] () -- C:\Users\KontoX\AppData\Roaming\Sandra.mdb

[2011.12.07 00:08:10 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011.12.06 03:27:36 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat

[2011.12.06 03:27:36 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat

[2011.11.14 20:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2011.08.04 09:44:17 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

[2011.07.07 09:19:08 | 000,000,000 | ---- | C] () -- C:\Users\KontoX\AppData\Roaming\downloads.m3u

[2011.07.04 10:14:30 | 000,004,596 | ---- | C] () -- C:\Users\KontoX\AppData\Roaming\default.rss

[2011.07.03 17:27:30 | 000,197,376 | ---- | C] () -- C:\Windows\hpwins27.dat.temp

[2011.07.03 17:27:30 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp

[2011.07.03 17:14:57 | 000,196,384 | ---- | C] () -- C:\Windows\hpwins27.dat

[2011.07.03 10:45:58 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini

[2011.07.03 10:15:36 | 000,123,780 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT

[2011.07.03 10:15:36 | 000,001,496 | ---- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat

[2011.07.03 10:15:36 | 000,000,728 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat

[2011.07.03 10:15:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2011.07.03 10:15:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2011.07.03 10:15:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2011.07.03 10:15:36 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2011.07.02 17:54:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010.11.21 01:30:51 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2010.11.21 01:30:51 | 000,072,780 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2010.11.21 01:30:51 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2010.11.21 01:30:51 | 000,023,724 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2010.11.20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.09.13 12:23:08 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\.minecraft

[2012.09.04 23:21:54 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\Babylon

[2012.10.28 20:17:47 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\BrowserCompanion

[2012.09.07 19:41:19 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\DAEMON Tools Lite

[2012.09.08 17:35:46 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\Deep Shadows

[2012.01.12 17:22:16 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\Jens Lorek

[2011.09.25 21:44:07 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\Leadertech

[2012.08.30 08:55:28 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\MAGIX

[2011.09.03 13:13:09 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\Nitro PDF

[2012.07.10 14:07:59 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\OpenCandy

[2012.09.04 11:56:14 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\OpenOffice.org

[2012.06.12 12:40:32 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\Opera

[2012.10.01 15:49:46 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\PhotoScape

[2012.10.06 21:41:48 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\redsn0w

[2011.10.22 13:48:25 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\Tific

[2012.10.27 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\TS3Client

[2012.08.13 19:26:40 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\ts3overlay

[2011.07.03 17:46:06 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\xVideoServiceThief

[2012.09.08 12:21:30 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\YourFileDownloader

[2011.07.02 19:21:06 | 000,000,000 | ---D | M] -- C:\Users\KontoX\AppData\Roaming\{0f20dcbd-a23b-47a4-84bf-941393081b14}

 
 ========== Purity Check ==========

 

 

 
 ========== Files - Unicode (All) ==========

[2012.08.26 23:01:44 | 003,620,259 | ---- | C] ()(C:\Users\KontoX\Documents\Chris Brown* - Don’t Wake Me Up?!.mp3) -- C:\Users\KontoX\Documents\Chris Brown* - Don’t Wake Me Up热!.mp3

[2012.07.27 18:49:48 | 003,620,259 | ---- | M] ()(C:\Users\KontoX\Documents\Chris Brown* - Don’t Wake Me Up?!.mp3) -- C:\Users\KontoX\Documents\Chris Brown* - Don’t Wake Me Up热!.mp3
 

< End of report >

das is die Extras.txt

Code:

OTL Extras logfile created on: 28.10.2012 20:02:21 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\KontoX\Desktop

 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 53,34% Memory free

6,00 Gb Paging File | 4,42 Gb Available in Paging File | 73,65% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 698,54 Gb Total Space | 364,26 Gb Free Space | 52,15% Space Free | Partition Type: NTFS

 

Computer Name: KONTOX-PC | User Name: KontoX | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

 

[HKEY_USERS\S-1-5-21-2186919244-3342199744-2602155374-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{101B7EE3-AD35-4A23-BAB4-1DEEF4691495}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{2EA91E2A-B983-407F-8B97-BCD2AB0D4316}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{2F9F3FC8-6874-4EC3-8ED4-F9E24B319A51}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{36A00987-A1A2-468F-9747-880BEAA7016A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{378ACC0C-D07E-4B25-A8CC-E0A4ACBF15C0}" = rport=445 | protocol=6 | dir=out | app=system | 

"{4423C88D-5E89-4D0A-8C8A-6D0C4DF0DB5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{4F654459-5BF1-4ED2-BACA-88F3068EDAE1}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 

"{568527F8-F7D2-4B0F-969C-E39FAB6B9A3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{5B65315C-5E0B-4541-8AA0-B7684200AAAC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{5EE5FD0D-6544-45BF-A838-FBE8F52B0B0E}" = lport=138 | protocol=17 | dir=in | app=system | 

"{6643FD28-A5DC-4C4D-960F-81BD13AC1450}" = lport=137 | protocol=17 | dir=in | app=system | 

"{67503723-21D6-45EA-82A1-DCA104601831}" = rport=139 | protocol=6 | dir=out | app=system | 

"{6EA9CCDD-5F76-48BD-82F6-2D6CD1FF4E3F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{72D1A03F-EB69-46C7-B48A-5FF155279154}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{993C7D20-7347-40EE-85D2-0F327E6F5775}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp5\wnt500x86\rpcsandrasrv.exe | 

"{9CC1778D-F6E3-4295-990E-8DE99B25C3B8}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{AEA3A8B6-C559-473F-BE12-F0AFC2DF21BD}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{BB9A7173-A0DD-43BD-80F1-9D495F292124}" = rport=137 | protocol=17 | dir=out | app=system | 

"{BC6DFE24-04CE-4FD3-8DD0-2824B818BB35}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp5\rpcagentsrv.exe | 

"{BCAA990E-9E16-4848-82BF-EB3B4D29E790}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{BE1981E4-C20A-4A72-B310-D3439F73CFD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C0CAC45C-F23A-4110-95F9-955C83FBB52B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{C5EB5EA2-86F2-4466-90A8-3EBFDBD951A2}" = lport=445 | protocol=6 | dir=in | app=system | 

"{CC9FA3C9-0BF2-4B5F-9983-39DB562E1FCE}" = rport=138 | protocol=17 | dir=out | app=system | 

"{CD4C2CFD-C548-4370-A139-CD383AC90CD6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{ED1E6B63-43EF-4010-8633-ED0375098F17}" = lport=139 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05855461-5955-444B-A4F3-060C589D509B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{0B4C31E1-29E7-405D-A848-816E2D550DCF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 

"{0BE61F39-0186-4186-8351-D8B74FE5EE55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{0F269A89-D59D-44D0-9D03-852BD887518D}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 

"{110CC31B-7452-4B26-8A50-E8F1B12DA723}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{19AA42C5-9EF5-4392-9F95-1E43FEDFA29B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 

"{19C7FFC7-E1AF-40E2-ACE2-45B55FEA38F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{1DBF0C3E-DF12-405E-B39C-C004BF12CFA9}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 

"{20224BEF-56E7-4369-BDB4-9188A14A59EC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{28E504EA-CC8E-4005-8FF6-7A8489831407}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{2DDAA32A-ECAD-4982-B68E-E2769AEAAE37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 

"{3329B82D-99CA-4825-B2D2-8A351B5CDFA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 

"{34ED3E21-9548-46F0-899A-9909915B28C9}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 

"{40998920-364B-4E11-AE8E-DDB193D6DB74}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 

"{4358B9F0-D202-4C0A-97A6-BEBB6978CC0C}" = protocol=6 | dir=out | app=system | 

"{45C5ED6D-8F06-405A-94E4-288583E653BD}" = protocol=17 | dir=in | app=c:\program files\sony mobile\update service\update service.exe | 

"{473F43CD-56B4-4BCF-985D-E02BBE309595}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 

"{481ACEA2-746A-4BD0-864C-42B9C0C0A51E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 

"{492A5750-922B-4926-966E-A7ABACD7E0C7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{4C9562DA-BA7D-4B5F-9D74-0E8D76EC0D73}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 

"{4D874DE2-3242-442B-9A68-E9596BA75217}" = protocol=17 | dir=in | app=c:\users\kontox\appdata\local\microsoft\windows\temporary internet files\content.ie5\px4z8i00\facemoods.exe | 

"{4EA55F23-BAA1-4D57-8B49-8085E44CF052}" = protocol=6 | dir=in | app=c:\users\kontox\appdata\local\microsoft\windows\temporary internet files\content.ie5\px4z8i00\facemoods.exe | 

"{5304AF23-BFA3-4DD3-87A1-D998B5307F69}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 

"{58BEE969-F9A7-4703-A9D2-7414740F1F34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 

"{5C59C3A5-43F5-438D-A31E-A2197CFC6ABB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{5E859127-DA21-43AB-AAD4-F8C9BD1C3C5E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | 

"{5F2EBF11-A3F4-4414-AB7D-4923D5245129}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{63770E36-483E-4653-A73E-A65C7C39CE50}" = protocol=6 | dir=in | app=c:\program files\sony mobile\update service\update service.exe | 

"{70F3AAF9-499A-4D25-9B2E-008C97B4CC9C}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 

"{7449D60E-767B-408D-B50A-655DE028CCFE}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 

"{747FA12A-8D8F-4495-9011-7A1239C66665}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 

"{7B4F5996-FEEC-464B-9FE7-5BE7A1A55F75}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{7D12DACB-8970-4800-8BB3-E06FD97DA647}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 

"{7D94D210-C2C0-45B8-8E3A-FFF8377C00FE}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 

"{85650FC1-F480-4AB5-99CA-92319C05F79A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | 

"{8608E4F5-14E7-4B08-880B-73FBE42BCEF8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{88CCD7D6-C26A-4DBB-B6EE-A4B87DE20152}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{897FFDBB-CD01-4E72-8B77-D44781B3CAF7}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 

"{8B513AB3-3F4A-41DA-B018-636B46B22968}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 

"{8CB9EC19-23BB-4B25-88B4-65DA3408B536}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 

"{96E190CB-EC54-4CD4-B3CA-CDCF0EF71A4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{988CCF2B-5195-4D2F-9969-088161770B08}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{9BCB4DF1-787A-42C8-A98D-B5F6362647B3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 

"{9FE3883A-BB1D-400E-8690-AD8FCAD9A3CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{A2F9863F-1857-4057-A2D2-5EECCE2EBC05}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{A65258C9-0591-4FC3-AACC-244ABE1B9856}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{A95E072C-2BB0-4DCA-B234-D0B51E7816F4}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 

"{AD0C89A2-FC1B-40F6-A6F4-AEC39CFECD35}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 

"{B03E40D9-3046-4B47-9114-0FB42092B4ED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 

"{B17689E4-FC69-4AB5-8AC9-2F7818EE107D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 

"{B28F7995-91D1-4D96-90C4-9DBE12598C4C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 

"{B6916D61-3C6C-4EFB-928F-7710D0D15051}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 

"{B974367C-8B8C-4AD0-A992-17E7C8A01446}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{C2546F2E-8B30-407D-94C6-3E7F30B28583}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C49D3E91-4465-469A-89A4-8E9B2B513AD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{C547194B-03CF-42F6-9C64-34AC2FA4EFF6}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 

"{C6C2DA58-E4D9-47BA-ACD7-0BD7F00875BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 

"{C8A86701-D7F7-4922-8EF8-4CB75C295A1E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 

"{CC0DC877-94D0-4035-A0A6-F97415636A1F}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 

"{CE9A1DAF-6718-4DE7-B603-7C0D7AD8B2DF}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 

"{DBCBE1F0-75E5-4069-A2EA-C2E9709476ED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{E2AD8E48-7230-445A-9701-6F497663296B}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 

"{E9127A11-AEEB-4D75-8DC2-A817850CA781}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 

"{EB529811-AB38-4295-A0F7-50973A33AE19}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{EDC4FCF2-DD32-4D2C-8211-2A6288DF5029}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{F088C07D-895A-43A3-B38B-F08B94450579}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{F2FF2F95-0E5A-4180-9862-2A19467F7096}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 

"{F67CCC48-774B-43D8-B21F-BC9D66D0BA7F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 

"{F9A2D06D-1837-42B1-A42B-7FAA5E4C036F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |    

"TCP Query User{4B902666-9BEB-4FD6-9257-8A267D43D288}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 

"TCP Query User{52290474-778B-4453-B6FC-38168DA32F0E}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe | 

"TCP Query User{9F5922B1-2BC4-40A8-B24C-513249028318}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |  

"UDP Query User{773CE33B-553F-42E8-BD69-409F8156FC97}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 

"UDP Query User{8B2683D6-5D3A-42FC-9015-6E0CACBA8CC6}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe | 

"UDP Query User{9985253D-1B8C-44B7-8B90-36940E50770D}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |  

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help

"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes

"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool

"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM

"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights

"{129FC9F8-206B-4C29-9B45-8D53B10EC6C7}" = xVideoServiceThief

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1

"{24C898EC-4181-7812-5644-4E348533B532}" = ccc-utility

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{27CDBA05-80D2-2ABF-3A7B-6A0015C3D219}" = AMD Media Foundation Decoders

"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.474

"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = Catalyst Control Center

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min

"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help

"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter

"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap

"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{56E4AD59-6E73-BB97-08EE-891ABBE7F001}" = AMD Accelerated Video Transcoding

"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio

"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help

"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision

"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help

"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help

"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German

"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed

"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed

"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af

"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr

"{93c31ddf-82e1-4e2b-b444-b723cfb18df1}" = Nero 9

"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express

"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime

"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center

"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool

"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AF595A9D-325A-0B86-4BFA-F2D90553A9FC}" = AMD Drag and Drop Transcoding

"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor

"{B4CB2C34-E745-4063-9CD6-F54D46F7F4FE}" = Nitro PDF Reader 2

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help

"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP5

"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f

"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit

"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent

"{CE9B60E1-BC90-DADA-0935-02F51FB9228C}" = AMD Catalyst Install Manager

"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support

"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget

"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help

"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Home Dialerschutz-Software

"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}" = Logitech QuickCam

"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision

"1ClickDownload" = 1ClickDownloader

"7-Zip" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Avira AntiVir Desktop" = Avira Free Antivirus

"BFGC" = Big Fish Games: Game Manager

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition

"GIMP-2_is1" = GIMP 2.8.2

"GOM Encoder" = GOM Encoder

"GOM Player" = GOM Player

"HP Document Manager" = HP Document Manager 2.0

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play

"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1

"MAGIX Music Maker for MySpace D" = MAGIX Music Maker for MySpace 15.0.1.8 (D)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NCLauncher_GameForge" = NC Launcher (GameForge)

"NVIDIA Drivers" = NVIDIA Drivers

"Opera 12.02.1578" = Opera 12.02

"PhotoScape" = PhotoScape

"Shop for HP Supplies" = Shop for HP Supplies

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Update Engine" = Sony Ericsson Update Engine

"Update Service" = Sony Mobile Update Service

"WinRAR archiver" = WinRAR 4.01 (32-Bit)

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2186919244-3342199744-2602155374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 25.10.2012 11:54:56 | Computer Name = KontoX-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony

 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 25.10.2012 11:55:17 | Computer Name = KontoX-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Flashtool\FlashTool64.exe".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 25.10.2012 11:55:19 | Computer Name = KontoX-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Multi

 Unlock Client\x10_drivers\semcUSBFlashDriver\dpinst64_vista_win7_x64.exe".  Die abhängige

 Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 25.10.2012 12:46:30 | Computer Name = KontoX-PC | Source = Application Hang | ID = 1002

Description = Programm AION.bin, Version 3012.208.1010.6249 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 1e28    Startzeit: 01cdb2d0327d3af0    Endzeit: 130    Anwendungspfad:

 C:\Program Files\Gameforge\AION Free-To-Play\bin32\AION.bin    Berichts-ID: 7ba875f1-1ec3-11e2-8c88-0024217894fc
 

 

Error - 25.10.2012 12:47:40 | Computer Name = KontoX-PC | Source = Application Hang | ID = 1002

Description = Programm AION.bin, Version 3012.208.1010.6249 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: ebc    Startzeit: 01cdb2d0510aa430    Endzeit: 150    Anwendungspfad:

 C:\Program Files\Gameforge\AION Free-To-Play\bin32\AION.bin    Berichts-ID: ad492461-1ec3-11e2-8c88-0024217894fc
 

 

Error - 25.10.2012 12:57:52 | Computer Name = KontoX-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 25.10.2012 12:58:04 | Computer Name = KontoX-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Lqdsw.exe, Version: 7.0.0.1221, Zeitstempel:

 0x3d0520d4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:

 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00047732  ID des fehlerhaften Prozesses:

 0xee8  Startzeit der fehlerhaften Anwendung: 0x01cdb2d1dd7cd860  Pfad der fehlerhaften

 Anwendung: C:\Program Files\Common Files\Logitech\QCDriver\Lqdsw.exe  Pfad des fehlerhaften

 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 242279f0-1ec5-11e2-a8d1-0024217894fc

 

Error - 25.10.2012 13:02:40 | Computer Name = KontoX-PC | Source = Application Hang | ID = 1002

Description = Programm AION.bin, Version 3012.208.1010.6249 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 1f9c    Startzeit: 01cdb2d20ee659d0    Endzeit: 149    Anwendungspfad:

 C:\Program Files\Gameforge\AION Free-To-Play\bin32\AION.bin    Berichts-ID: 9f737231-1ec5-11e2-a8d1-0024217894fc
 

 

Error - 25.10.2012 13:04:39 | Computer Name = KontoX-PC | Source = Application Hang | ID = 1002

Description = Programm AION.bin, Version 3012.208.1010.6249 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 39c    Startzeit: 01cdb2d29ded18d0    Endzeit: 3    Anwendungspfad: C:\Program

 Files\Gameforge\AION Free-To-Play\bin32\AION.bin    Berichts-ID: 0c2a41b1-1ec6-11e2-a8d1-0024217894fc
 

 

Error - 25.10.2012 13:06:25 | Computer Name = KontoX-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 25.10.2012 13:06:37 | Computer Name = KontoX-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Lqdsw.exe, Version: 7.0.0.1221, Zeitstempel:

 0x3d0520d4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:

 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00047732  ID des fehlerhaften Prozesses:

 0xf0c  Startzeit der fehlerhaften Anwendung: 0x01cdb2d30f529b80  Pfad der fehlerhaften

 Anwendung: C:\Program Files\Common Files\Logitech\QCDriver\Lqdsw.exe  Pfad des fehlerhaften

 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 55a0ed80-1ec6-11e2-a86f-0024217894fc

 

[ Media Center Events ]

Error - 06.12.2011 19:08:29 | Computer Name = KontoX-PC | Source = Microsoft-Windows-Media Center Extender | ID = 539

Description = 

 

Error - 06.12.2011 19:09:50 | Computer Name = KontoX-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538

Description = 

 

Error - 06.12.2011 19:10:25 | Computer Name = KontoX-PC | Source = Microsoft-Windows-Media Center Extender | ID = 539

Description = 

 

[ System Events ]

Error - 25.10.2012 07:19:25 | Computer Name = KontoX-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 25.10.2012 12:55:00 | Computer Name = KontoX-PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist

 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Neustart des Diensts.

 

Error - 25.10.2012 12:55:16 | Computer Name = KontoX-PC | Source = Service Control Manager | ID = 7034

Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 25.10.2012 12:57:42 | Computer Name = KontoX-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 25.10.2012 13:06:16 | Computer Name = KontoX-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 26.10.2012 05:24:52 | Computer Name = KontoX-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 26.10.2012 08:27:10 | Computer Name = KontoX-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 27.10.2012 08:06:32 | Computer Name = KontoX-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 27.10.2012 12:26:15 | Computer Name = KontoX-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 28.10.2012 09:57:41 | Computer Name = KontoX-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

 

< End of report >

das is die Log-Datei vom CCCleaner

Code:

1ClickDownloader        1ClickDownload        08.09.2012                2.7 Build 26473

7-Zip 9.20                27.10.2012                

Adobe AIR        Adobe Systems Incorporated        22.09.2012                3.2.0.2070

Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        09.10.2012        6,00MB        11.4.402.287

Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        09.10.2012        6,00MB        11.4.402.287

Adobe Shockwave Player 11.6        Adobe Systems, Inc.        14.08.2012                11.6.6.636

AION Free-To-Play        Gameforge        12.06.2012        22,6MB        2.70.0000

AMD Catalyst Install Manager        Advanced Micro Devices, Inc.        14.08.2012        20,2MB        8.0.881.0

Apple Application Support        Apple Inc.        23.09.2012        64,5MB        2.2.2

Apple Mobile Device Support        Apple Inc.        23.09.2012        23,1MB        6.0.0.59

Apple Software Update        Apple Inc.        12.08.2012        2,38MB        2.1.3.127

Avira Free Antivirus        Avira        26.09.2012        115MB        12.0.0.1199

Avira SearchFree Toolbar plus Web Protection        Ask.com        16.08.2012        4,67MB        1.15.4.0

Avira SearchFree Toolbar plus Web Protection Updater        Ask.com        16.08.2012                1.3.0.23930

Big Fish Games: Game Manager                26.10.2012                3.0.1.60

Bonjour        Apple Inc.        12.08.2012        0,98MB        3.0.0.10                

CCleaner        Piriform        24.10.2012                3.24        

Firebird SQL Server - MAGIX Edition        MAGIX AG        30.08.2012                2.0.1.13

GIMP 2.8.2        The GIMP Team        19.09.2012        222MB        2.8.2

GOM Encoder        Gretech Corporation        03.07.2011                1.1.0.47

GOM Player        Gretech Corporation        03.07.2011                2.1.28.5039

Google Earth Plug-in        Google        08.09.2012        48,7MB        6.2.2.6613

HP Customer Participation Program 13.0        HP        03.07.2011                13.0

HP Document Manager 2.0        HP        03.07.2011                2.0

HP Imaging Device Functions 13.0        HP        03.07.2011                13.0

HP Officejet 4500 G510a-f        HP        03.07.2011                13.0

HP Product Detection        HP        05.05.2012        1,86MB        11.14.0001

HP Smart Web Printing 4.5        HP        03.07.2011                4.5

HP Solution Center 13.0        HP        03.07.2011                13.0

HP Update        Hewlett-Packard        20.12.2011        3,98MB        5.003.001.001

HTC BMP USB Driver        HTC        22.09.2012        252KB        1.0.5375

HTC Driver Installer        HTC Corporation        22.09.2012        2,05MB        3.0.0.024

iTunes        Apple Inc.        23.09.2012        180MB        10.7.0.21

Java 7 Update 7        Oracle        08.09.2012        128MB        7.0.70

LibUSB-Win32-0.1.10.1        LibUSB-Win32        17.08.2012                0.1.10.1

Logitech Desktop Messenger                25.09.2012                

Logitech ImageStudio        Logitech, Inc.        25.09.2012        110MB        7.30.0000

Logitech QuickCam        Logitech Inc.        27.09.2012        32,9MB        11.00.1218

MAGIX Music Maker for MySpace 15.0.1.8 (D)        MAGIX AG        30.08.2012                15.0.1.8

Malwarebytes Anti-Malware Version 1.65.1.1000        Malwarebytes Corporation        27.10.2012        19,4MB        1.65.1.1000

McAfee Security Scan Plus        McAfee, Inc.        14.08.2012        10,2MB        3.0.207.4

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        02.07.2011        38,8MB        4.0.30319

Microsoft .NET Framework 4 Extended        Microsoft Corporation        02.07.2011        51,9MB        4.0.30319

Microsoft Silverlight        Microsoft Corporation        13.05.2012        80,3MB        4.1.10329.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        24.01.2012        252KB        8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        03.09.2011        300KB        8.0.59193

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        13.08.2012        594KB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        22.09.2012        232KB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        15.08.2012        600KB        9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        18.08.2012        16,5MB        10.0.40219

Microsoft WSE 3.0 Runtime        Microsoft Corp.        09.09.2012        942KB        3.0.5305.0

Mozilla Firefox 15.0 (x86 de)        Mozilla        31.08.2012        43,3MB        15.0

Mozilla Firefox 15.0.1 (x86 de)        Mozilla        26.09.2012        43,4MB        15.0.1

Mozilla Maintenance Service        Mozilla        08.09.2012        327KB        15.0.1

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        13.07.2011        35,0KB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        13.07.2011        1,33MB        4.20.9876.0

MSXML 4.0 SP3 Parser        Microsoft Corporation        22.09.2012        1,47MB        4.30.2100.0

MSXML 4.0 SP3 Parser (KB2721691)        Microsoft Corporation        24.09.2012        1,53MB        4.30.2114.0

NC Launcher (GameForge)        NCsoft        12.06.2012                

Nero 9        Nero AG        03.07.2011                

Nitro PDF Reader 2        Nitro PDF Software        03.09.2011        85,0MB        2.0.0.29

NVIDIA Drivers        NVIDIA Corporation        04.08.2011                1.7

OCR Software by I.R.I.S. 13.0        HP        03.07.2011                13.0

OpenOffice.org 3.4.1        Apache Software Foundation        04.09.2012        331MB        3.41.9593

Opera 12.02        Opera Software ASA        04.09.2012                12.02.1578

PhotoScape                10.06.2012                

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        03.07.2011                6.0.1.5888

Shop for HP Supplies        HP        03.07.2011                13.0

SiSoftware Sandra Lite 2011.SP5        SiSoftware        18.12.2011        103MB        17.80.2011.10

Skype Click to Call        Skype Technologies S.A.        03.10.2012        41,7MB        6.2.10687

Skype™ 5.10        Skype Technologies S.A.        12.08.2012        19,4MB        5.10.116

Sony Ericsson Update Engine        Sony Ericsson Communications AB        20.09.2012                2.12.11.22

Sony Mobile Update Service        Sony Mobile Communications AB        28.09.2012                2.12.11.22

Sony PC Companion 2.10.094        Sony        01.10.2012        19,2MB        2.10.094

Steam        Valve Corporation        20.09.2012        35,4MB        1.0.0.0

SweetIM for Messenger 3.7        SweetIM Technologies Ltd.        14.08.2012        4,93MB        3.7.0005

T-Home Dialerschutz-Software                03.07.2011                

TeamSpeak 3 Client        TeamSpeak Systems GmbH        24.10.2012                3.0.9

Web Assistant 2.0.0.474        IncrediBar        12.08.2012        1,84MB        

WinRAR 4.01 (32-Bit)        win.rar GmbH        03.07.2011                4.01.0

xVideoServiceThief        Xesc & Technology        03.07.2011        13,2MB        2.4.1

Yontoo 1.10.02        Yontoo LLC        08.06.2012        1,29MB        1.10.02

so dann hät ich ja die 3 punkte durch.....aber das das maleware programm nichts gefunden hat macht mir echt sorgen.... da ja die symptome alle darauf hin deuten das der trojaner noch aktiv ist....ich hatte vor ner woche mal mit antivir den luke filewalker durchlaufen lassen und die funde auf quarantäne gesetzt und dann gelöscht......hoffe das erschwerd nicht unsere gemeinsame arbeit....und danke für das willkommen ;)

das is übrigends die .exe

Code:

tbhcn.ink Blabbers Communications Ltd C:\Users\KontoX\AppData\Roaming\BrowserCompanion\tbhcn.exe

ich lass grad das anti maleware nochmal drüber und jetz sinds se da also die infizierten programme stelle den neuen dann rein

so hier der neue durchlauf des Anti-Maleware programms

Code:

Malwarebytes Anti-Malware (Test) 1.65.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.10.28.05
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

KontoX :: KONTOX-PC [Administrator]
 

Schutz: Aktiviert
 

28.10.2012 20:53:02

mbam-log-2012-10-28 (20-53-02).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 398232

Laufzeit: 1 Stunde(n), 19 Minute(n), 28 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 36

HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 4

HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.

HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.

HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.

HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Daten: Vid-Saver -> Keine Aktion durchgeführt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 2

C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

C:\Users\KontoX\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 19

C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.

C:\Program Files\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.

C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.

C:\Users\KontoX\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.

C:\Users\KontoX\Torrents\Need For Speed Underground 2\All_CPU_Meter_V3.3.gadget.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt.

C:\Users\KontoX\Torrents\Need For Speed Underground 2\Network_Meter_V6.4.gadget.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt.

C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.

C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.

C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.

C:\Program Files\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt.

C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.

C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.

C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.

C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.

C:\Program Files\Vid-Saver\Uninstall.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\KontoX\AppData\Local\Temp\Vid-Saver-rs.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\KontoX\AppData\Local\Temp\XdFiYDcF.exe.part (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)