Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   spyhunter 4 entfernen (https://www.trojaner-board.de/130027-spyhunter-4-entfernen.html)

cosinus 28.01.2013 23:16
Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

friedrich23 29.01.2013 14:46
jetzt gehts:

Code:
ComboFix 13-01-28.02 - root 28.01.2013  17:41:33.1.2 - x86
Microsoft® Windows Vista™ Business  6.0.6001.1.1252.49.1031.18.3327.2278 [GMT 1:00]
ausgeführt von:: c:\users\friedrich\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdate.log
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\users\root\AppData\Local\Savings Sidekick
c:\users\root\AppData\Local\Temp\Rar$EX00.750\WLAN Optimizer.exe
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\install.rdf
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-28 bis 2013-01-29  ))))))))))))))))))))))))))))))
.
.
2013-01-28 16:50 . 2013-01-28 16:50        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-01-28 16:50 . 2013-01-28 16:50        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-01-24 13:29 . 2013-01-24 13:29        110080        ----a-r-        c:\users\root\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconF7A21AF7.exe
2013-01-24 13:29 . 2013-01-24 13:29        110080        ----a-r-        c:\users\root\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconD7F16134.exe
2013-01-24 13:29 . 2013-01-24 13:29        110080        ----a-r-        c:\users\root\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconCF33A0CE.exe
2013-01-24 13:29 . 2013-01-24 13:30        --------        d-----w-        C:\sh4ldr
2013-01-24 13:29 . 2013-01-24 13:29        --------        d-----w-        c:\program files\Enigma Software Group
2013-01-24 13:29 . 2013-01-24 13:29        --------        d-----w-        c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2013-01-24 13:17 . 2013-01-24 13:17        --------        d-----w-        c:\users\friedrich\AppData\Roaming\Optimizer Pro
2013-01-23 18:24 . 2013-01-23 18:25        --------        d-----w-        C:\WZShutdown
2013-01-17 15:23 . 2013-01-17 15:23        --------        d-----w-        c:\users\friedrich\AppData\Roaming\Malwarebytes
2013-01-17 15:09 . 2013-01-17 15:09        --------        d-----w-        c:\users\root\AppData\Roaming\Malwarebytes
2013-01-17 15:09 . 2013-01-17 15:09        --------        d-----w-        c:\programdata\Malwarebytes
2013-01-17 15:09 . 2013-01-17 15:09        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-01-17 15:09 . 2012-12-14 15:49        21104        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-01-16 19:35 . 2013-01-16 19:35        --------        d-----w-        c:\program files\MSECache
2013-01-16 18:18 . 2013-01-16 18:18        --------        d-----w-        c:\users\Default\AppData\Roaming\Apple Computer
2013-01-16 18:18 . 2013-01-16 18:18        --------        d-----w-        c:\users\Default\AppData\Local\Apple Computer
2013-01-16 18:07 . 2013-01-16 18:07        --------        d-----w-        c:\programdata\Kaspersky Lab
2013-01-16 18:07 . 2013-01-16 18:07        --------        d-----w-        c:\program files\Kaspersky Lab
2013-01-15 19:07 . 2013-01-15 19:07        --------        d-----w-        c:\program files\McAfeeScanAndRepair
2013-01-15 18:34 . 2013-01-15 18:34        --------        d-----w-        c:\program files\Xirrus
2013-01-15 18:34 . 2013-01-15 18:34        --------        d-----w-        c:\users\olotu\AppData\Roaming\Xirrus
2013-01-15 16:22 . 2012-11-08 18:00        6812136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{19F50905-F02A-44D2-B86F-924028FF2EC6}\mpengine.dll
2013-01-15 16:22 . 2010-09-20 09:25        231936        ----a-w-        c:\windows\system32\msshsq.dll
2013-01-11 14:03 . 2008-05-27 05:17        34816        ----a-w-        c:\windows\system32\msscb.dll
2013-01-11 13:56 . 2009-11-08 09:55        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2013-01-11 13:56 . 2009-11-08 09:55        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2013-01-11 13:56 . 2009-11-08 09:55        297808        ----a-w-        c:\windows\system32\mscoree.dll
2013-01-11 13:56 . 2009-11-08 09:55        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2013-01-11 13:56 . 2009-11-08 09:55        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2013-01-10 13:51 . 2010-08-17 13:32        126464        ----a-w-        c:\windows\system32\spoolsv.exe
2013-01-10 13:49 . 2011-02-12 04:28        191488        ----a-w-        c:\windows\system32\FXSCOVER.exe
2013-01-10 13:49 . 2011-04-29 14:54        276992        ----a-w-        c:\windows\system32\schannel.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 17:01 . 2006-11-02 10:32        101888        ----a-w-        c:\windows\system32\ifxcardm.dll
2013-01-09 17:01 . 2006-11-02 10:32        82432        ----a-w-        c:\windows\system32\axaltocm.dll
2012-11-14 18:40 . 2012-11-14 18:40        93184        ----a-w-        c:\windows\system32\GFilterSvc.exe
2012-11-14 18:40 . 2012-11-14 18:40        67584        ----a-w-        c:\windows\system32\MUILbnguageCleanup.exe
2012-10-11 01:06 . 2012-12-10 17:27        261600        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7e111a5c-3d11-4f56-9463-5310c3c69025}"= "c:\program files\Freeware.de\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0AA2810A-F009-4BD7-A10A-32F140A1B9F3}]
2010-05-25 14:46        269312        ----a-w-        c:\users\root\AppData\LocalLow\ProxTube\IE\ProxTube.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
2011-05-09 08:49        176936        ----a-w-        c:\program files\Freeware.de\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7e111a5c-3d11-4f56-9463-5310c3c69025}"= "c:\program files\Freeware.de\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"iPhone Explorer Launcher"="c:\program files\Software4u\iPhone Explorer\Software4u.IPELauncher.exe" [2011-08-25 132608]
"Steam"="c:\program files\Steam\Steam.exe" [2013-01-23 1354736]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-24 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-24 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-24 138008]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-05-15 72240]
"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-05-15 55856]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-14 7416352]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-14 1833504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Ocs_SM"="c:\users\root\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-01-13 106496]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2007-3-7 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-25 14:24        1607120        ----a-w-        c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 17:36]
.
2013-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 17:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{7805E72A-2147-4619-B327-4D3EF8AB535A}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{81EFCBE7-A49E-41E7-B7EF-FB55075F8ABF}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{86A4A234-5EDE-444B-AB27-44A014E3F19F}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{DB9E527F-645B-4E88-B8F9-253BAAE1B016}: NameServer = 213.191.74.18,213.191.74.19
FF - ProfilePath - c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ncr
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q=
FF - user.js: extensions.BabylonToolbar_i.id - e484c610000000000000001839049e5c
FF - user.js: extensions.BabylonToolbar_i.hardId - e484c610000000000000001839049e5c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.id - e484c610000000000000001839049e5c
FF - user.js: extensions.claro.instlDay - 15630
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.113:41
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827&q=
FF - user.js: extensions.funmoods.id - 005056C00008C610
FF - user.js: extensions.funmoods.instlDay - 15658
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2219:40
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - sware
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - sware
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: browser.search.defaultenginename - Google
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.startup.homepage - hxxp://www.google.de/ncr
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - c:\program files\Eazel-DE\tbEaz0.dll
BHO-{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - c:\program files\Eazel-DE\tbEaz0.dll
Toolbar-{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - c:\program files\Eazel-DE\tbEaz0.dll
WebBrowser-{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - c:\program files\Eazel-DE\tbEaz0.dll
HKCU-Run-EA Core - c:\programme\Electronic Arts\EADM\Core.exe
HKCU-Run-EADM - c:\programme\Electronic Arts\EADM\EADMUI\EADMUI.exe
AddRemove-Armagetron Advanced - c:\program files\ArmagetronAdvanced\Uninstal.exe
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
AddRemove-Donald Duck - c:\windows\IsUn0407.exe
AddRemove-EADM - c:\programme\Electronic Arts\EADM\EADMUI\EADMUninstall.exe
AddRemove-Eazel-DE Toolbar - c:\progra~1\Eazel-DE\UNWISE.EXE
AddRemove-FliegenKiller - c:\grafix game\FliegenKiller\Uninstal.exe
AddRemove-LBreakout2_is1 - c:\program files\lbreakout2\unins000.exe
AddRemove-LEGO Racers - c:\windows\IsUn0407.exe
AddRemove-LEGOLANDDeInstKey - c:\windows\unin0407.exe
AddRemove-LucasArts' Star Wars: Episode I Racer - c:\windows\unin0407.exe
AddRemove-Project X_is1 - c:\program files\Project X\unins000.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-Skull-Man - c:\program files\Skullbyte\Skull-Man\Uninstall.exe
AddRemove-SpaceMission_is1 - c:\program files\SpaceMission 1.0\unins000.exe
AddRemove-SuperTux_is1 - c:\program files\SuperTux\unins000.exe
AddRemove-{01339AE5-04D4-43F8-008E-13AD788DC4F7} - c:\program files\Maxis\SimCity 4\EAUninstall.exe
AddRemove-{6E7DD182-9FC6-4651-0095-2E666CC6AF35} - d:\programme\EA GAMES\Die Sims 2\EAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-29 14:47
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
 [0] 0x00000002
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:9d,e0,eb,04,5e,29,8f,43,9c,6c,98,65,23,75,3e,41,7f,23,d2,43,60,71,f7,
  2e,d1,41,89,07,1d,58,13,3d,c3,65,c9,a4,6d,55,55,27,fd,23,d5,15,aa,c4,e8,7d,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
.
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\SecuROM\License information*]
"datasecu"=hex:76,29,fa,0b,1f,db,c4,4b,ff,4f,4f,5d,9c,b4,73,ad,f7,33,e9,3a,54,
  13,5e,3f,74,25,b3,52,5b,76,17,f3,17,83,26,c9,fb,93,0c,c9,cb,66,23,a6,b6,7a,\
"rkeysecu"=hex:c3,fc,44,c3,af,61,dc,e5,cf,ae,2f,82,79,72,db,ce
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5868)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
c:\windows\System32\GFilterSvc.exe
c:\windows\system32\schtasks.exe
c:\programdata\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\windows\system32\MUILbnguageCleanup.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\conime.exe
c:\windows\soundman.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-29  14:51:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-29 13:50
.
Vor Suchlauf: 10 Verzeichnis(se), 17.158.791.168 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 32.591.241.216 Bytes frei
.
- - End Of File - - CCCEDF2EC5D1A8E8D651FCCDD10D4AB7

cosinus 29.01.2013 15:06
Ok, bitte neue Logs mit GMER und aswMBR machen

friedrich23 29.01.2013 20:23
gmer:

Code:
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-29 19:41:26
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_HD502IJ rev.1AA01113 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\root\AppData\Local\Temp\kwddqpoc.sys


---- Kernel code sections - GMER 2.0 ----

.sfrelocÿÿÿÿsfsync04unknown last section [0x83AC9000, 0xBC6, 0x40000040]  C:\Windows\System32\drivers\sfsync04.sys                                                                      unknown last section [0x83AC9000, 0xBC6, 0x40000040]
.reloc                                                                    C:\Windows\system32\drivers\acedrv11.sys                                                                      section is executable [0xA09C5480, 0x306DD, 0xE0000060]

---- User code sections - GMER 2.0 ----

?                                                                        C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1964] C:\Windows\system32\ntdll.dll        time/date stamp mismatch;
.text                                                                    C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1964] ntdll.dll!NtProtectVirtualMemory    771585D8 5 Bytes  JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?                                                                        C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1964] C:\Windows\system32\kernel32.dll    time/date stamp mismatch; unknown module: wmdrmsdk.dll
.text                                                                    C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1964] user32.dll!GetAppCompatFlags2 + 880  75D06390 4 Bytes  [4D, 27, 8B, 69]
?                                                                        C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4068] C:\Windows\system32\ntdll.dll        time/date stamp mismatch;
.text                                                                    C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4068] ntdll.dll!NtProtectVirtualMemory    771585D8 5 Bytes  JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?                                                                        C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4068] C:\Windows\system32\kernel32.dll    time/date stamp mismatch; unknown module: wmdrmsdk.dll
.text                                                                    C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4068] user32.dll!GetAppCompatFlags2 + 880  75D06390 4 Bytes  [4D, 27, 8B, 69]

---- EOF - GMER 2.0 ----

aswMBR:
Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-29 19:58:07
-----------------------------
19:58:07.450    OS Version: Windows 6.0.6001 Service Pack 1
19:58:07.450    Number of processors: 2 586 0xF0D
19:58:07.450    ComputerName: COMPUTER  UserName: root
19:58:07.810    Initialize success
19:58:34.981    AVAST engine defs: 13012901
19:59:11.044    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
19:59:11.044    Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
19:59:11.060    Disk 0 MBR read successfully
19:59:11.060    Disk 0 MBR scan
19:59:11.091    Disk 0 Windows 7 default MBR code
19:59:11.106    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      100000 MB offset 2048
19:59:11.122    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      250000 MB offset 204802048
19:59:11.138    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      126937 MB offset 716802048
19:59:11.153    Disk 0 scanning sectors +976769024
19:59:11.263    Disk 0 scanning C:\Windows\system32\drivers
19:59:21.528    Service scanning
19:59:38.981    Service snmpurap C:\Windows\system32\MUILbnguageCleanup.exe **INFECTED** Win32:Agent-AQRH [Trj]
19:59:45.481    Modules scanning
20:00:00.481    Disk 0 trace - called modules:
20:00:00.513    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync04.sys sfsync02.sys ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:00:00.528    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868d2308]
20:00:00.528    3 CLASSPNP.SYS[8bc83745] -> nt!IofCallDriver -> [0x861814c0]
20:00:00.544    5 acpi.sys[83a406a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x86181ba0]
20:00:00.544    \Driver\atapi[0x8617e5f8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync04.sys[0x83ac6a7c]
20:00:01.075    AVAST engine scan C:\Windows
20:00:07.075    AVAST engine scan C:\Windows\system32
20:01:22.153    File: C:\Windows\system32\MUILbnguageCleanup.exe  **INFECTED** Win32:Agent-AQRH [Trj]
20:03:22.856    AVAST engine scan C:\Windows\system32\drivers
20:04:12.450    AVAST engine scan C:\Users\root
20:05:59.169    AVAST engine scan C:\ProgramData
20:14:27.091    Scan finished successfully
20:20:02.231    Disk 0 MBR has been saved successfully to "C:\Users\friedrich\Desktop\MBR.dat"
20:20:02.247    The log file has been saved successfully to "C:\Users\friedrich\Desktop\aswMBR2.txt"

cosinus 29.01.2013 21:11
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

friedrich23 30.01.2013 18:46
Code:
# AdwCleaner v2.109 - Datei am 30/01/2013 um 18:43:49 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 1 (32 bits)
# Benutzer : root - COMPUTER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\friedrich\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Browser Manager
Gefunden : WajamUpdater

***** [Dateien / Ordner] *****

Datei Gefunden : \user.js
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Datei Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\searchplugins\funmoods.xml
Ordner Gefunden : C:\Program Files\BabylonToolbar
Ordner Gefunden : C:\Program Files\Claro LTD
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\Freeware.de
Ordner Gefunden : C:\Program Files\Wajam
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gefunden : C:\Users\BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\vl42vn78.default\extensions\afurladvisor@anchorfree.com
Ordner Gefunden : C:\Users\BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\vl42vn78.default\extensions\crossriderapp5060@crossrider.com
Ordner Gefunden : C:\Users\olotu\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\olotu\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\olotu\AppData\LocalLow\Eazel-DE
Ordner Gefunden : C:\Users\olotu\AppData\LocalLow\Freeware.de
Ordner Gefunden : C:\Users\olotu\AppData\Roaming\Mozilla\Firefox\Profiles\j2xmbi3o.default\extensions\crossriderapp5060@crossrider.com
Ordner Gefunden : C:\Users\olotu\AppData\Roaming\Optimizer Pro
Ordner Gefunden : C:\Users\root\AppData\Local\Conduit
Ordner Gefunden : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gefunden : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gefunden : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gefunden : C:\Users\root\AppData\Local\Wajam
Ordner Gefunden : C:\Users\root\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\root\AppData\LocalLow\Eazel-DE
Ordner Gefunden : C:\Users\root\AppData\LocalLow\Freeware.de
Ordner Gefunden : C:\Users\root\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\ConduitCommon
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\CT2736476
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\crossriderapp5060@crossrider.com
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@babylon.com
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@claro.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Eazel-DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Freeware.de
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Savings Sidekick
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Claro LTD
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\DealPly
Schlüssel Gefunden : HKCU\Software\e2d6dde73aed41
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Eazel-DE Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Wajam
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\Software\Claro LTD
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\claro.claroappCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\claro.claroappCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{53862A53-4F3C-4A8D-B286-3DBD364CE60B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.claroESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.claroESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DealPly
Schlüssel Gefunden : HKLM\SOFTWARE\e2d6dde73aed41
Schlüssel Gefunden : HKLM\Software\Eazel-DE
Schlüssel Gefunden : HKLM\Software\Freeware.de
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{694EA95C-6440-41D3-BF1C-3FA4EF32EF2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A720D946-866B-43F1-83A9-374E3FCA9181}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gefunden : HKLM\Software\Wajam
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gefunden : HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-4092535207-2964088-798205183-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6001.18639

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.1 (en-US)

Datei : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\prefs.js

Gefunden : user_pref("CT2736476.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2736476.ServiceMapLastCheckTime", "Mon Aug 13 2012 18:54:39 GMT+0200");
Gefunden : user_pref("CT2736476.testingCtid", "");
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\root\\AppData\\Roaming\\Mozilla\\Fi[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.300");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.notifications.locale", "");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 13 2012 18:54:40 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.userId", "21b0b0d9-88ce-4d51-886d-4f8f48982614");
Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("browser.search.order.1", "Claro Search");
Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110000");
Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "e484c610000000000000001839049e5c");
Gefunden : user_pref("extensions.BabylonToolbar_i.id", "e484c610000000000000001839049e5c");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15380");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:38:12");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.autoRvrt", "false");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "e484c610000000000000001839049e5c");
Gefunden : user_pref("extensions.claro.instlDay", "15630");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "claro");
Gefunden : user_pref("extensions.claro.vrsn", "1.6.4.1");
Gefunden : user_pref("extensions.claro.vrsni", "1.6.4.1");
Gefunden : user_pref("extensions.claro_i.newTab", false);
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.6.4.113:41:34");
Gefunden : user_pref("extensions.crossriderapp5060.adsOldValue", -1);
Gefunden : user_pref("extensions.funmoods.aflt", "sware");
Gefunden : user_pref("extensions.funmoods.autoRvrt", false);
Gefunden : user_pref("extensions.funmoods.dfltLng", "");
Gefunden : user_pref("extensions.funmoods.dfltSrch", true);
Gefunden : user_pref("extensions.funmoods.dnsErr", true);
Gefunden : user_pref("extensions.funmoods.envrmnt", "production");
Gefunden : user_pref("extensions.funmoods.excTlbr", false);
Gefunden : user_pref("extensions.funmoods.hmpg", true);
Gefunden : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2Xzuy[...]
Gefunden : user_pref("extensions.funmoods.id", "005056C00008C610");
Gefunden : user_pref("extensions.funmoods.instlDay", "15658");
Gefunden : user_pref("extensions.funmoods.instlRef", "sware");
Gefunden : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gefunden : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=sware&chnl=sware&cd=2Xz[...]
Gefunden : user_pref("extensions.funmoods.prdct", "funmoods");
Gefunden : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gefunden : user_pref("extensions.funmoods.srchPrvdr", "Search");
Gefunden : user_pref("extensions.funmoods.tlbrId", "base");
Gefunden : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=sware&chnl=sware&cd=2[...]
Gefunden : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods_i.newTab", true);
Gefunden : user_pref("extensions.funmoods_i.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:40:31");

Datei : C:\Users\friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\j2xmbi3o.default\prefs.js

Gefunden : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1350474175);
Gefunden : user_pref("extensions.crossriderapp5060.5060.active", true);
Gefunden : user_pref("extensions.crossriderapp5060.5060.addressbar", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.addressbarenhanced", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7);
Gefunden : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);
Gefunden : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1350474175");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1350474175");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Tue Jan 22 2013 [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22DE%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1358266483");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_currenttime.value", "%221356061419%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2214019%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1350474263033");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221224%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%2294733%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1350474215898");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.lastrequest.value", "%7B%22path%22%3A%22/sc2/de/[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick");
Gefunden : user_pref("extensions.crossriderapp5060.5060.domain", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);
Gefunden : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.group", 0);
Gefunden : user_pref("extensions.crossriderapp5060.5060.homepage", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.iframe", false);
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "48");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Tue Jan 15[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.expiration", "Fri[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");
Gefunden : user_pref("extensions.crossriderapp5060.5060.newtab", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.opensearch", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 12);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 4);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name", "FacebookFFIE");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 4);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_64.name", "appApiMessage");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_64.ver", 1);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_72.name", "appApiValidation");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_72.ver", 1);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_78.name", "CrossriderInfo");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_78.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,21,[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 24);
Gefunden : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps");
Gefunden : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0);
Gefunden : user_pref("extensions.crossriderapp5060.5060.setnewtab", false);
Gefunden : user_pref("extensions.crossriderapp5060.5060.settingsurl", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.thankyou", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360);
Gefunden : user_pref("extensions.crossriderapp5060.5060.ver", 48);
Gefunden : user_pref("extensions.crossriderapp5060.adsOldValue", -1);
Gefunden : user_pref("extensions.crossriderapp5060.apps", "5060");
Gefunden : user_pref("extensions.crossriderapp5060.bic", "13a6e8891b6b8f5bba3198f267dcd802");
Gefunden : user_pref("extensions.crossriderapp5060.cid", 5060);
Gefunden : user_pref("extensions.crossriderapp5060.firstrun", false);
Gefunden : user_pref("extensions.crossriderapp5060.hadappinstalled", true);
Gefunden : user_pref("extensions.crossriderapp5060.installationdate", 1350474175);
Gefunden : user_pref("extensions.crossriderapp5060.lastcheck", 22637775);
Gefunden : user_pref("extensions.crossriderapp5060.lastcheckitem", 22637775);
Gefunden : user_pref("extensions.crossriderapp5060.modetype", "production");
Gefunden : user_pref("extensions.crossriderapp5060.reportInstall", true);
Gefunden : user_pref("extensions.enabledAddons", "crossriderapp5060@crossrider.com:0.86.38,{b9db16a4-6edc-47ec-[...]

Datei : C:\Users\BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\vl42vn78.default\prefs.js

Gefunden : user_pref("extensions.crossriderapp5060.adsOldValue", -1);

-\\ Google Chrome v24.0.1312.56

Datei : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.8] : homepage = "hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827",
Gefunden [l.12] : urls_to_restore_on_startup = [ "hxxp://www.claro-search.com/?affID=114508&tt=4212_1&babsrc=HP_clro&mntrId=e484c610000000000000001839049e5c", "hxxp://www.google.com/", "hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827" ]
Gefunden [l.35] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827",
Gefunden [l.350] : homepage = "hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827",
Gefunden [l.606] : urls_to_restore_on_startup = [ "hxxp://www.claro-search.com/?affID=114508&tt=4212_1&babsrc=HP_clro&mntrId=e484c610000000000000001839049e5c", "hxxp://www.google.com/", "hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827" ]

Datei : C:\Users\friedrich\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\BOSS\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [35547 octets] - [30/01/2013 18:43:49]

########## EOF - \AdwCleaner[R1].txt - [35608 octets] ##########

cosinus 31.01.2013 10:58
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

cosinus 31.01.2013 10:58
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

friedrich23 31.01.2013 15:11
adw cleaner:

Code:
# AdwCleaner v2.109 - Datei am 31/01/2013 um 14:32:10 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 1 (32 bits)
# Benutzer : root - COMPUTER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\friedrich\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager
Gestoppt & Gelöscht : WajamUpdater

***** [Dateien / Ordner] *****

Datei Gelöscht : \user.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Datei Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\searchplugins\funmoods.xml
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\Program Files\Claro LTD
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Freeware.de
Ordner Gelöscht : C:\Program Files\Wajam
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\vl42vn78.default\extensions\afurladvisor@anchorfree.com
Ordner Gelöscht : C:\Users\BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\vl42vn78.default\extensions\crossriderapp5060@crossrider.com
Ordner Gelöscht : C:\Users\friedrich\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\friedrich\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\friedrich\AppData\LocalLow\Eazel-DE
Ordner Gelöscht : C:\Users\friedrich\AppData\LocalLow\Freeware.de
Ordner Gelöscht : C:\Users\friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\j2xmbi3o.default\extensions\crossriderapp5060@crossrider.com
Ordner Gelöscht : C:\Users\friedrich\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\root\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\root\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\root\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\root\AppData\LocalLow\Eazel-DE
Ordner Gelöscht : C:\Users\root\AppData\LocalLow\Freeware.de
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\ConduitCommon
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\CT2736476
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\crossriderapp5060@crossrider.com
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@claro.com

***** [Registrierungsdatenbank] *****
OTL.Txt:

Code:
OTL logfile created on: 31.01.2013 14:44:15 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\olotu\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,85% Memory free
6,68 Gb Paging File | 5,61 Gb Available in Paging File | 83,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 30,31 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 185,82 Gb Free Space | 76,11% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 101,81 Gb Free Space | 82,13% Space Free | Partition Type: NTFS
Drive F: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: COMPUTER | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\friedrich\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\friedrich\AppData\Local\Programs\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\GFilterSvc.exe ()
PRC - C:\Windows\System32\MUILbnguageCleanup.exe ()
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
PRC - C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\VMware\VMware Workstation\zlib1.dll ()
MOD - C:\Programme\VMware\VMware Workstation\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (GFilterSvc) -- C:\Windows\System32\GFilterSvc.exe ()
SRV - (snmpurap) -- C:\Windows\System32\MUILbnguageCleanup.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (KSS) -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (SearchAnonymizer) -- C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (McAfee ScanAndRepair Svc) -- C:\Programme\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ufad-ws60) -- C:\Programme\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (vmount2) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SetupNTGLM7X) -- F:\NTGLM7X.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NTACCESS) -- F:\NTACCESS.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (GMSIPCI) -- F:\INSTALL\GMSIPCI.SYS File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (EsgScanner) -- C:\Windows\System32\drivers\EsgScanner.sys ()
DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (vstor2-ws60) -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (vstor2) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\WUSB54GCx86.sys (Ralink Technology Inc.)
DRV - (sfvfs02) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (ActionReplayDS) -- C:\Windows\System32\drivers\ActionReplayDS.sys (Thesycon GmbH, Germany)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (sfsync02) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfsync04) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{1B231CAF-15B3-410B-A229-06AED74DEBBA}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{646A2449-9FB6-4A5A-9B7F-1E9B10B6FFDF}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{CAC910EF-195B-4308-9526-8B732AE6ADFF}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{D457F1DB-75B6-4A4D-B50B-7CF3AEF24BAB}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{D97D2AB5-930D-4C48-89DE-ADCA98769C3D}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{DFE9012D-09B6-4947-B07E-4EF158F7822F}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - No CLSID value found
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1008\..\SearchScopes,DefaultScope =
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: {7e111a5c-3d11-4f56-9463-5310c3c69025}:3.8.1.300
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.10 18:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.15 20:07:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.27 16:07:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.05.14 17:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions
[2013.01.31 14:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions
[2011.04.07 15:54:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.15 16:51:42 | 000,002,273 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\bingp.xml
[2012.12.13 15:49:20 | 000,003,576 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\Google.xml
[2012.01.13 19:48:10 | 000,002,077 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{9573D3C0-1EF0-4E34-A57D-69E97F8AC325}.xml
[2012.01.13 19:48:10 | 000,001,870 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{A46C1975-777F-4326-8C76-0CD708A49FEC}.xml
[2012.01.13 19:48:10 | 000,002,188 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{F4D0AF56-E566-4B71-A1D8-C2D229AFAD50}.xml
[2012.12.10 18:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.15 16:32:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.15 16:32:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.811.154\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}.XPI
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\CROSSRIDERAPP5060@CROSSRIDER.COM
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\FFXTLBR@CLARO.COM
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\FFXTLBR@FUNMOODS.COM
[2012.10.11 02:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.12.19 12:14:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.12 09:07:32 | 000,183,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMcAfeeSRPlgn.dll
[2012.10.11 02:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 02:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Funmoods ()
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Application Manager (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: McAfeeScanAndRepair (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npMcAfeeSRPlgn.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage:
CHR - homepage:
CHR - Extension: YouTube = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: ProxTube = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\chakodcglgpacmjpjfaoopegbglbollk\1.1.35_0\
CHR - Extension: Google-Suche = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.01.29 14:46:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ProxTube) - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\root\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1000..\Run: [iPhone Explorer Launcher] C:\Program Files\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1000..\Run: [WLAN Optimizer] C:\Users\root\AppData\Local\Temp\Rar$EX00.141\WLAN Optimizer.exe (none)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1001..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1001..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe File not found
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1001..\Run: [SkypeM] C:\Users\friedrich\AppData\Local\Skype\Skype.exe File not found
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1008..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7805E72A-2147-4619-B327-4D3EF8AB535A}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81EFCBE7-A49E-41E7-B7EF-FB55075F8ABF}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86A4A234-5EDE-444B-AB27-44A014E3F19F}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB9E527F-645B-4E88-B8F9-253BAAE1B016}: NameServer = 213.191.74.18,213.191.74.19
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.10 22:33:59 | 000,000,000 | R--D | M] - F:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - F:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:02 | 007,864,832 | R--- | M] () - F:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:33:38 | 000,000,141 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.29 14:46:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.28 17:50:43 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\temp
[2013.01.28 17:40:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.28 17:40:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.28 17:40:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.28 17:39:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.01.28 17:39:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.28 17:39:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.24 14:29:56 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.01.24 14:29:55 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.01.24 14:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.23 19:24:57 | 000,000,000 | ---D | C] -- C:\WZShutdown
[2013.01.17 16:09:47 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Malwarebytes
[2013.01.17 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.17 16:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.17 16:09:37 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.17 16:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.16 20:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013.01.16 19:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.01.16 19:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.01.15 20:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeScanAndRepair
[2013.01.15 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2013.01.15 19:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Xirrus
[2013.01.15 17:22:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013.01.15 17:22:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2013.01.15 17:21:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2013.01.15 17:21:37 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2013.01.15 17:21:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2013.01.15 17:21:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2013.01.15 17:21:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2013.01.15 17:21:36 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2013.01.15 17:21:36 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2013.01.15 17:21:36 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2013.01.15 17:21:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2013.01.15 17:21:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2013.01.15 17:21:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2013.01.15 17:21:33 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2013.01.15 17:21:33 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2013.01.15 17:21:33 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2013.01.15 17:21:33 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2013.01.15 17:21:33 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2013.01.11 15:03:40 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2013.01.11 15:03:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2013.01.11 15:03:39 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2013.01.11 15:03:39 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2013.01.11 15:03:39 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2013.01.11 15:03:39 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2013.01.11 15:03:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2013.01.11 15:03:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2013.01.11 15:03:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2013.01.11 15:03:38 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2013.01.11 15:03:38 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2013.01.11 15:03:38 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2013.01.11 15:03:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2013.01.11 15:03:38 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2013.01.11 15:03:38 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2013.01.11 15:03:38 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2013.01.11 15:03:38 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2013.01.11 15:03:37 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2013.01.11 15:03:37 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2013.01.11 15:03:37 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2013.01.11 15:03:37 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2013.01.11 15:03:37 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2013.01.11 15:03:37 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2013.01.11 14:56:27 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013.01.11 14:56:27 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013.01.11 14:56:27 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013.01.10 14:53:28 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013.01.10 14:53:15 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2013.01.10 14:53:03 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.01.10 14:53:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013.01.10 14:53:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.01.10 14:52:54 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.01.10 14:52:53 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.01.10 14:52:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.01.10 14:52:53 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.01.10 14:52:52 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013.01.10 14:52:52 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.01.10 14:52:51 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.01.10 14:52:51 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.01.10 14:52:51 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2013.01.10 14:52:51 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.01.10 14:52:51 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.01.10 14:52:24 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.01.10 14:52:23 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.01.10 14:52:17 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2013.01.10 14:52:16 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2013.01.10 14:52:12 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2013.01.10 14:52:09 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2013.01.10 14:52:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2013.01.10 14:52:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2013.01.10 14:51:57 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2013.01.10 14:51:42 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.10 14:51:35 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2013.01.10 14:51:32 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2013.01.10 14:51:26 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2013.01.10 14:51:26 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2013.01.10 14:51:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013.01.10 14:51:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013.01.10 14:51:10 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2013.01.10 14:51:10 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2013.01.10 14:51:10 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2013.01.10 14:51:10 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2013.01.10 14:51:09 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2013.01.10 14:51:04 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.01.10 14:50:55 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2013.01.10 14:50:55 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2013.01.10 14:50:55 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2013.01.10 14:50:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.01.10 14:50:48 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2013.01.10 14:50:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2013.01.10 14:50:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.01.10 14:50:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.01.10 14:50:15 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2013.01.10 14:50:15 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.01.10 14:50:10 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.10 14:50:10 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.01.10 14:49:58 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.31 14:43:57 | 000,636,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.31 14:43:57 | 000,594,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.31 14:43:57 | 000,128,380 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.31 14:43:57 | 000,106,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.31 14:38:38 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.31 14:38:16 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.31 14:38:16 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.31 14:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.31 14:24:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.29 19:56:51 | 224,471,161 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.29 14:46:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.24 15:14:46 | 000,000,000 | ---- | M] () -- C:\Users\root\defogger_reenable
[2013.01.24 14:29:56 | 000,002,081 | ---- | M] () -- C:\Users\root\Desktop\SpyHunter.lnk
[2013.01.17 16:09:39 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.16 19:18:59 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.16 19:18:47 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.15 19:34:51 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013.01.15 19:10:00 | 000,399,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.09 18:01:50 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2013.01.09 18:01:49 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.28 17:40:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.28 17:40:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.28 17:40:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.28 17:40:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.28 17:40:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.24 15:14:46 | 000,000,000 | ---- | C] () -- C:\Users\root\defogger_reenable
[2013.01.24 14:29:56 | 000,002,081 | ---- | C] () -- C:\Users\root\Desktop\SpyHunter.lnk
[2013.01.17 16:09:39 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.15 19:34:51 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013.01.15 17:21:34 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2013.01.15 17:21:34 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2013.01.15 17:21:34 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2013.01.11 15:03:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013.01.11 15:03:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013.01.11 15:03:38 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012.11.14 19:40:44 | 000,093,184 | ---- | C] () -- C:\Windows\System32\GFilterSvc.exe
[2012.11.14 19:40:42 | 000,067,584 | ---- | C] () -- C:\Windows\System32\MUILbnguageCleanup.exe
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2012.04.02 15:58:18 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2012.01.13 20:39:22 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Roaming\winscp.rnd
[2009.10.14 13:13:49 | 000,005,632 | ---- | C] () -- C:\Users\root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.14 16:27:33 | 000,002,032 | ---- | C] () -- C:\Users\root\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
Extras.Txt:

Code:
OTL Extras logfile created on: 31.01.2013 14:44:15 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\friedrich\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,85% Memory free
6,68 Gb Paging File | 5,61 Gb Available in Paging File | 83,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 30,31 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 185,82 Gb Free Space | 76,11% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 101,81 Gb Free Space | 82,13% Space Free | Partition Type: NTFS
Drive F: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: COMPUTER | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Users\olotu\AppData\Local\Programs\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DBA4D7-E0A6-4623-83B8-D8289F4125D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{074A46BE-3D7E-4C51-8C2D-2C9EBBD74BAB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{107F3AFD-F06B-4A36-A30C-2DCA16399FA1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{15F95A58-2804-49A2-A49A-7006B42A4248}" = protocol=17 | dir=in | app=d:\programme\age of empires iii\age3y.exe |
"{18EE0ED8-5A2D-40A8-9356-B2B0C12C6D20}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{19E1788A-2782-44C1-9E1E-4F7114C9CFAE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{2014B15F-38A1-4D65-ABBC-4FBFA68404AC}" = protocol=6 | dir=in | app=d:\programme\age of empires iii\age3y.exe |
"{29FCFB39-11B0-4F23-82CD-3276E8E48CAA}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{2C5D4813-3CD6-4634-B48C-01E7D2183C11}" = protocol=6 | dir=in | app=d:\programme\starcraft ii\starcraft ii public test.exe |
"{311F0E3D-52B0-40FD-8484-89D43E1434AE}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{32008C13-3F9A-4410-B95A-854B9872AFCA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3FF0BC38-5789-4FD2-98D4-4A342DF00E16}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{49876CFA-4099-4ED5-A234-EDBC943DFF79}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{51436184-5CAE-46C5-9EAB-33173638D178}" = protocol=6 | dir=in | app=d:\programme\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{57974567-67A5-43B4-BC2E-9E5804EA44D0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{5B2A256A-8D57-406A-9B75-179C516EC03D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{5C2B067C-482A-4EB8-8B45-726020DDB3DE}" = protocol=6 | dir=in | app=d:\programme\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{5F464852-6579-4FF0-A23D-D0DAD33478D4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{60EAAE31-D14E-48A8-B5C8-9FB8FBBB1FFD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{6804F685-AB72-48F8-8ABD-F35592F9CED3}" = protocol=17 | dir=in | app=d:\programme\age of empires iii\age3.exe |
"{69AED82B-BBF8-4341-AF87-FE7BDC176945}" = protocol=17 | dir=in | app=d:\programme\starcraft ii\starcraft ii public test.exe |
"{7478AC4E-7852-4121-B729-763C1D67642F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{7CDC0C6B-4F0F-4B1D-98C5-5969C401E5CC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{7D5C3339-07B3-438B-AC70-0C32FD76AF1A}" = protocol=17 | dir=in | app=d:\programme\starcraft ii\starcraft ii.exe |
"{7F4478B7-B97E-4915-BDC6-059DBE30D216}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{8451A00D-D13A-4C7D-A76D-642789283AFA}" = protocol=17 | dir=in | app=d:\programme\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{8C0CD5D0-3185-43B3-8D43-575A2078BAAA}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{94F9DF85-CF53-44D6-95DA-9E864BCAE22F}" = protocol=17 | dir=in | app=d:\programme\sid meier's civilization 4 complete\civilization4.exe |
"{95A095C7-7B4A-4945-9FB9-632FC8EECF38}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{97E39C75-5E48-43D3-9AA4-5F226954BED8}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{9EB7C7DE-3429-489C-BEB6-0C65E2A38625}" = protocol=6 | dir=in | app=d:\programme\sid meier's civilization 4 complete\civilization4.exe |
"{A17A549B-85A3-4E81-9611-4AE2D1E15782}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{A2A3433C-E75F-4375-8364-35EC780D5AEA}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{B02B42D5-E80F-4D25-84DC-5EE3B245390B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{B119D4F6-D384-4330-8B0F-A6C6669E826B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C07EF8C4-669B-48E3-80D2-E9BB8109DB90}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{C3760539-501E-4DB7-8F50-1DAE518AE34D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{C3D48FD4-4A86-4FBC-996E-523CD0600B91}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C90E0292-E186-45A0-9A19-FC8FBC66A98D}" = protocol=6 | dir=in | app=d:\programme\starcraft ii\starcraft ii.exe |
"{CF7F9990-C801-4990-9AC5-02992CF7EB76}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3EF1F86-8633-46D7-8C4D-382C64B6BAE0}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{D422D9B7-0A06-4321-AB71-EB8EA46774E0}" = protocol=17 | dir=in | app=d:\programme\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{D4D68E41-AD33-46ED-A7D4-256C5FEF1872}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D50EC150-AF28-4168-902C-2F380C3896ED}" = protocol=6 | dir=in | app=d:\programme\age of empires iii\age3.exe |
"{DB369733-6912-479C-B607-FB90ECE0C94C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{DC55EFC5-AC90-42B0-991E-199F7CE5785B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E82395FC-5D30-4F95-AB1A-F74ED26706CE}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{EB580FA8-6077-4567-85AF-62119AFB9363}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{EC0FDFDE-659F-4E15-B099-F48809AE9912}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{ED43694A-FB80-4E90-A41A-2FA4655658CF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe |
"TCP Query User{03CAA602-7C72-4D3C-A265-D7FCF7EFA1F5}D:\programme\star wars empire at war\gamedata\fpupdate.exe" = protocol=6 | dir=in | app=d:\programme\star wars empire at war\gamedata\fpupdate.exe |
"TCP Query User{0BB19519-3DF4-45C3-86CC-AA3645EEF726}C:\users\friedrich\downloads\tinyumbrella-4.1.13(2).exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.13(2).exe |
"TCP Query User{0D72D0C1-0357-442C-8FAA-16C4640F4C35}D:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe" = protocol=6 | dir=in | app=d:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
"TCP Query User{1019E448-9539-4C6C-A54C-017C0EB88868}D:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=6 | dir=in | app=d:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"TCP Query User{1B252BD0-D4D9-4CAC-9925-193A325D2F02}D:\programme\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{2F60BBF9-A259-40B2-A5CC-5D5F4E670D14}D:\programme\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=d:\programme\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{3071FF7E-ECD7-4700-8104-29955407219D}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"TCP Query User{38E6B1DC-16FE-42AE-8043-471AF337A630}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{4930A45F-59C3-4660-829A-F8A3C1F6E665}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{5518C8B9-0BAE-4ED8-B4D6-C5426010B4B4}D:\programme\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base22612\sc2.exe |
"TCP Query User{5DB8A1AC-4A6C-40F9-918E-AD187C90753C}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"TCP Query User{61726FC7-1174-4ACE-809C-F71B334C8F3B}C:\users\olotu\downloads\tinyumbrella-4.1.13.exe" = protocol=6 | dir=in | app=c:\users\olotu\downloads\tinyumbrella-4.1.13.exe |
"TCP Query User{6D19BB06-6F83-4C2B-91E7-484B4AC3FFF0}D:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{6E28EAB5-AFAE-4AE4-BD0F-D2B002CF8BEF}D:\programme\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{716848B8-CF7B-4857-BB9F-969A4504DD8D}C:\users\friedrich\downloads\umbrella-4.00.19.exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\umbrella-4.00.19.exe |
"TCP Query User{7A8A88B0-26E8-4783-909C-8516B8D61713}C:\program files\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files\trackmania united\tmunited.exe |
"TCP Query User{938EA100-C31D-460D-AA3A-26094C4956E4}C:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe |
"TCP Query User{9C60C9DA-7225-4209-BEC7-66472DC1EEEB}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"TCP Query User{A8BA5F5A-59D7-4584-9207-A30374482865}D:\programme\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{B3D71FB7-3720-41F4-A19A-C717EE5979D0}C:\users\friedrich\downloads\tinyumbrella-4.1.9-2.exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.9-2.exe |
"TCP Query User{C37EBBCE-8AB0-4A01-9570-39F293260110}D:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{C51AC5AE-CB7D-404A-8A9F-E9A99B565BB7}D:\programme\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{CAB054FB-F8C5-45A1-9D77-25CC26D66B45}C:\users\friedrich\downloads\tinyumbrella-4.21.02.exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02.exe |
"TCP Query User{CE6835A1-C47F-4CEC-B6D3-823D390AA38F}D:\programme\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{D8008F28-A88F-4130-942E-391E7737E2A1}C:\program files\codemasters\micromachines v4\mmv4.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\micromachines v4\mmv4.exe |
"TCP Query User{E03C791D-3253-4041-8A91-2F05FE82F3C3}D:\programme\star wars empire at war\gamedata\sweaw.exe" = protocol=6 | dir=in | app=d:\programme\star wars empire at war\gamedata\sweaw.exe |
"TCP Query User{E8FE2277-50E6-4FC8-B1E1-0B627CFF8154}D:\programme\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{F69BF1B8-0865-45CE-BCC8-93D472C02242}D:\programme\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\programme\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{FB5191E1-848B-4ABE-8D06-FF9890C34F02}D:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{00C72C85-73EA-4CFF-8957-742056D85FD3}D:\programme\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{1B14CD35-C09A-47EF-8EAD-6EC572CC2431}D:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{1BC477FE-44D1-487A-862D-FAF20F102119}D:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{1C0CF621-CA38-49F8-9243-3EBA55B4369C}C:\users\friedrich\downloads\tinyumbrella-4.1.9-2.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.9-2.exe |
"UDP Query User{1CFB6ECB-793D-4FC4-96CE-26EFFB9D001C}D:\programme\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{24EDB49A-DB69-46B2-AA64-4AA6F19194FC}D:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=17 | dir=in | app=d:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"UDP Query User{2CA55992-BE53-4FC0-A7C4-D9B1E33E7A5B}D:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{45B94ED5-7147-418B-B258-01F4569A7479}D:\programme\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{4EAEB2B6-DD77-4BBD-98D4-04A9B34EF005}C:\program files\codemasters\micromachines v4\mmv4.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\micromachines v4\mmv4.exe |
"UDP Query User{5CB419B6-B28D-4641-A01F-CFB7BA4B9218}D:\programme\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=d:\programme\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{614D3CB8-7653-4CC5-B7C9-7FB357E58BB0}C:\users\friedrich\downloads\tinyumbrella-4.1.13.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.13.exe |
"UDP Query User{63BF7350-13C1-46A1-A8A8-183095B41BE9}D:\programme\star wars empire at war\gamedata\fpupdate.exe" = protocol=17 | dir=in | app=d:\programme\star wars empire at war\gamedata\fpupdate.exe |
"UDP Query User{696A42BE-3F25-45F3-B9D3-782427806897}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{6FED25C4-2F33-4D9E-BF68-B5E8D1A4ACD0}C:\program files\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files\trackmania united\tmunited.exe |
"UDP Query User{7100957D-F51A-4825-B36F-F745B890AB25}C:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe |
"UDP Query User{7DE24C23-DC4D-4B9B-9FE9-87452E9A090B}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{82D8156F-DDFA-4067-8FD6-4E1936A6F3D3}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"UDP Query User{83A0CD78-B9D1-4EE1-BDB8-402744BF0E19}D:\programme\star wars empire at war\gamedata\sweaw.exe" = protocol=17 | dir=in | app=d:\programme\star wars empire at war\gamedata\sweaw.exe |
"UDP Query User{886A3DB0-3615-4CE9-820E-4132F95EBEE8}D:\programme\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{A43340EF-E2E7-44FC-85E5-673F67AB67CB}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"UDP Query User{B5E99563-7110-48CB-8869-D314956EC2B3}D:\programme\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base22612\sc2.exe |
"UDP Query User{BD41F4EC-A532-4DE9-8489-D235A052BBEA}D:\programme\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{C09A77E6-69A8-40D5-9725-5C10205BD0FD}C:\users\friedrich\downloads\tinyumbrella-4.21.02.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02.exe |
"UDP Query User{C38FF420-87F0-4ECB-95CC-84DDB970AE57}C:\users\friedrich\downloads\umbrella-4.00.19.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\umbrella-4.00.19.exe |
"UDP Query User{E8C68850-EB1F-4D1C-86DE-2D9C910AE512}D:\programme\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\programme\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{EE2B4C3C-89FB-49F9-B18F-2428B27A445A}D:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe" = protocol=17 | dir=in | app=d:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
"UDP Query User{F4D46132-796C-4136-A7CC-B0AEF142904E}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"UDP Query User{FB770A3D-2576-4C56-8AC0-D24D1BEE89F4}C:\users\friedrich\downloads\tinyumbrella-4.1.13(2).exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.13(2).exe |
"UDP Query User{FE4ED811-C3DC-4FE6-9578-FAB37173FCAD}D:\programme\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base18092\sc2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.60
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3AFD938F-D1FF-490A-9154-82774A9E977E}" = Sid Meier's Civilization 4
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat  8 Standard - English, Français, Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBB21AB1-2C45-435D-A05A-B563072E7B9B}" = Xirrus Wi-Fi Inspector
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.7
"{DDABC667-56B3-4122-82B0-2F5782EA2F9A}" = SpyHunter
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E4511CEC-2E60-4076-95B6-0E193269EB86}" = MicroMachines V4
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Acrobat  8 Standard - English, Français, Deutsch" = Adobe Acrobat  8 Standard - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"DesktopIconAmazon" = Desktop Icon für Amazon
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfeeLiteScanner" = McAfee Scan and Repair 1.5.121
"MediaCoder" = MediaCoder 0.7.5.4762
"medionmusic-manager gold" = medionmusic-manager gold
"medionmusic-Suite" = medionmusic-Suite
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"Mozilla Thunderbird (3.0)" = Mozilla Thunderbird (3.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"ROCKS 'N' DIAMONDS" = ROCKS 'N' DIAMONDS 3.1.0
"SearchAnonymizer" = SearchAnonymizer
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"TmUnited_is1" = TrackMania United 0.2.0.8
"TSteroids" = TSteroids 1.2
"Tux Racer Win 32" = Tux Racer Win 32 0.61a
"Ultimat Steroids" = Ultimat Steroids 1.21
"Vista Anti-Lag" = Vista Anti-Lag 1.1.1
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.3.5
"XMedia Recode" = XMedia Recode 2.1.2.9
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = G-Filter
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 2.0.05d
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"Opera 12.12.1707" = Opera 12.12
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.01.2013 09:11:18 | Computer Name = computer | Source = System Restore | ID = 8193
Description =
 
Error - 17.01.2013 11:20:23 | Computer Name = computer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mbam.exe, Version 1.70.0.9, Zeitstempel 0x50a526ce,
 fehlerhaftes Modul ieframe.dll, Version 7.0.6001.18639, Zeitstempel 0x4db04613,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00027dd2,  Prozess-ID 0x13cc, Anwendungsstartzeit
 01cdf4c4b799b389.
 
Error - 18.01.2013 11:46:10 | Computer Name = computer | Source = EventSystem | ID = 4609
Description =
 
Error - 22.01.2013 13:24:12 | Computer Name = computer | Source = System Restore | ID = 8193
Description =
 
Error - 24.01.2013 09:29:45 | Computer Name = computer | Source = System Restore | ID = 8193
Description =
 
Error - 24.01.2013 09:29:54 | Computer Name = computer | Source = System Restore | ID = 8193
Description =
 
Error - 24.01.2013 11:45:17 | Computer Name = computer | Source = Perflib | ID = 1010
Description =
 
Error - 27.01.2013 12:29:20 | Computer Name = computer | Source = System Restore | ID = 8193
Description =
 
Error - 27.01.2013 12:31:49 | Computer Name = computer | Source = MsiInstaller | ID = 11609
Description =
 
Error - 28.01.2013 12:40:08 | Computer Name = computer | Source = System Restore | ID = 8193
Description =
 
[ System Events ]
Error - 31.01.2013 09:38:13 | Computer Name = computer | Source = HTTP | ID = 15016
Description =
 
Error - 31.01.2013 09:38:44 | Computer Name = computer | Source = Service Control Manager | ID = 7026
Description =
 
Error - 31.01.2013 09:46:57 | Computer Name = computer | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 31.01.2013 09:46:58 | Computer Name = computer | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 31.01.2013 09:46:59 | Computer Name = computer | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 31.01.2013 09:47:00 | Computer Name = computer | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 31.01.2013 09:47:02 | Computer Name = computer | Source = PlugPlayManager | ID = 12
Description = Das Gerät "TOSHIBA DVD-ROM SD-M1612 ATA Device" (IDE\CdRomTOSHIBA_DVD-ROM_SD-M1612________________1004____\5&1855ef9f&0&0.0.0)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 31.01.2013 09:47:01 | Computer Name = computer | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 31.01.2013 09:47:02 | Computer Name = computer | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 31.01.2013 09:47:02 | Computer Name = computer | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
 
< End of report >

cosinus 31.01.2013 15:21

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{1B231CAF-15B3-410B-A229-06AED74DEBBA}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{646A2449-9FB6-4A5A-9B7F-1E9B10B6FFDF}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{CAC910EF-195B-4308-9526-8B732AE6ADFF}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{D457F1DB-75B6-4A4D-B50B-7CF3AEF24BAB}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{D97D2AB5-930D-4C48-89DE-ADCA98769C3D}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{DFE9012D-09B6-4947-B07E-4EF158F7822F}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
CHR - default_search_provider: Funmoods ()
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1001..\Run: [SkypeM] C:\Users\friedrich\AppData\Local\Skype\Skype.exe File not found
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1001..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe File not found
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) -  File not found
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:373E1720
:Files
C:\Program Files\Optimizer Pro
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

friedrich23 31.01.2013 18:19
Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1B231CAF-15B3-410B-A229-06AED74DEBBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B231CAF-15B3-410B-A229-06AED74DEBBA}\ not found.
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{646A2449-9FB6-4A5A-9B7F-1E9B10B6FFDF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{646A2449-9FB6-4A5A-9B7F-1E9B10B6FFDF}\ not found.
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CAC910EF-195B-4308-9526-8B732AE6ADFF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAC910EF-195B-4308-9526-8B732AE6ADFF}\ not found.
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D457F1DB-75B6-4A4D-B50B-7CF3AEF24BAB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D457F1DB-75B6-4A4D-B50B-7CF3AEF24BAB}\ not found.
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D97D2AB5-930D-4C48-89DE-ADCA98769C3D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D97D2AB5-930D-4C48-89DE-ADCA98769C3D}\ not found.
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DFE9012D-09B6-4947-B07E-4EF158F7822F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFE9012D-09B6-4947-B07E-4EF158F7822F}\ not found.
HKU\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SkypeM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL:GTGina.dll deleted successfully.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\Optimizer Pro not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\friedrich\Downloads\cmd.bat deleted successfully.
C:\Users\friedrich\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: BOSS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->FireFox cache emptied: 73426966 bytes
->Google Chrome cache emptied: 856432 bytes
->Opera cache emptied: 52243515 bytes
->Flash cache emptied: 1899 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: olotu
->Temp folder emptied: 371260 bytes
->Temporary Internet Files folder emptied: 295448 bytes

cosinus 01.02.2013 11:10
Eine neue Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

friedrich23 01.02.2013 14:45
OTL.txt:

Code:
OTL logfile created on: 01.02.2013 14:27:44 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\friedrich\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 68,07% Memory free
6,68 Gb Paging File | 5,65 Gb Available in Paging File | 84,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 30,87 Gb Free Space | 31,62% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 185,82 Gb Free Space | 76,11% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 101,81 Gb Free Space | 82,13% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\friedrich\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\friedrich\AppData\Local\Programs\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\GFilterSvc.exe ()
PRC - C:\Windows\System32\MUILbnguageCleanup.exe ()
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
PRC - C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\VMware\VMware Workstation\zlib1.dll ()
MOD - C:\Programme\VMware\VMware Workstation\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (GFilterSvc) -- C:\Windows\System32\GFilterSvc.exe ()
SRV - (snmpurap) -- C:\Windows\System32\MUILbnguageCleanup.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (KSS) -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (SearchAnonymizer) -- C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (McAfee ScanAndRepair Svc) -- C:\Programme\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ufad-ws60) -- C:\Programme\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (vmount2) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SetupNTGLM7X) -- F:\NTGLM7X.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NTACCESS) -- F:\NTACCESS.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (GMSIPCI) -- F:\INSTALL\GMSIPCI.SYS File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (EsgScanner) -- C:\Windows\System32\drivers\EsgScanner.sys ()
DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (vstor2-ws60) -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (vstor2) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\WUSB54GCx86.sys (Ralink Technology Inc.)
DRV - (sfvfs02) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (ActionReplayDS) -- C:\Windows\System32\drivers\ActionReplayDS.sys (Thesycon GmbH, Germany)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (sfsync02) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfsync04) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - No CLSID value found
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1008\..\SearchScopes,DefaultScope =
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: {7e111a5c-3d11-4f56-9463-5310c3c69025}:3.8.1.300
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.10 18:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.15 20:07:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.27 16:07:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.05.14 17:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions
[2013.01.31 14:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions
[2011.04.07 15:54:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.15 16:51:42 | 000,002,273 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\bingp.xml
[2012.12.13 15:49:20 | 000,003,576 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\Google.xml
[2012.01.13 19:48:10 | 000,002,077 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{9573D3C0-1EF0-4E34-A57D-69E97F8AC325}.xml
[2012.01.13 19:48:10 | 000,001,870 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{A46C1975-777F-4326-8C76-0CD708A49FEC}.xml
[2012.01.13 19:48:10 | 000,002,188 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{F4D0AF56-E566-4B71-A1D8-C2D229AFAD50}.xml
[2012.12.10 18:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.15 16:32:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.15 16:32:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.811.154\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}.XPI
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\CROSSRIDERAPP5060@CROSSRIDER.COM
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\FFXTLBR@CLARO.COM
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\FFXTLBR@FUNMOODS.COM
[2012.10.11 02:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.12.19 12:14:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.12 09:07:32 | 000,183,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMcAfeeSRPlgn.dll
[2012.10.11 02:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 02:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Funmoods ()
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Application Manager (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: McAfeeScanAndRepair (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npMcAfeeSRPlgn.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage:
CHR - homepage:
CHR - Extension: YouTube = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: ProxTube = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\chakodcglgpacmjpjfaoopegbglbollk\1.1.35_0\
CHR - Extension: Google-Suche = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.01.31 18:15:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ProxTube) - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\root\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1000..\Run: [iPhone Explorer Launcher] C:\Program Files\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1000..\Run: [WLAN Optimizer] C:\Users\root\AppData\Local\Temp\Rar$EX00.125\WLAN Optimizer.exe (none)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1001..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1008..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7805E72A-2147-4619-B327-4D3EF8AB535A}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81EFCBE7-A49E-41E7-B7EF-FB55075F8ABF}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86A4A234-5EDE-444B-AB27-44A014E3F19F}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB9E527F-645B-4E88-B8F9-253BAAE1B016}: NameServer = 213.191.74.18,213.191.74.19
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.31 18:14:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.29 14:46:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.28 17:50:43 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\temp
[2013.01.28 17:40:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.28 17:40:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.28 17:40:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.28 17:39:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.01.28 17:39:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.28 17:39:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.24 14:29:56 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.01.24 14:29:55 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.01.24 14:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.23 19:24:57 | 000,000,000 | ---D | C] -- C:\WZShutdown
[2013.01.17 16:09:47 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Malwarebytes
[2013.01.17 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.17 16:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.17 16:09:37 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.17 16:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.16 20:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013.01.16 19:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.01.16 19:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.01.15 20:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeScanAndRepair
[2013.01.15 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2013.01.15 19:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Xirrus
[2013.01.15 17:22:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013.01.15 17:22:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2013.01.15 17:21:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2013.01.15 17:21:37 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2013.01.15 17:21:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2013.01.15 17:21:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2013.01.15 17:21:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2013.01.15 17:21:36 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2013.01.15 17:21:36 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2013.01.15 17:21:36 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2013.01.15 17:21:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2013.01.15 17:21:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2013.01.15 17:21:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2013.01.15 17:21:33 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2013.01.15 17:21:33 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2013.01.15 17:21:33 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2013.01.15 17:21:33 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2013.01.15 17:21:33 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2013.01.11 15:03:40 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2013.01.11 15:03:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2013.01.11 15:03:39 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2013.01.11 15:03:39 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2013.01.11 15:03:39 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2013.01.11 15:03:39 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2013.01.11 15:03:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2013.01.11 15:03:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2013.01.11 15:03:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2013.01.11 15:03:38 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2013.01.11 15:03:38 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2013.01.11 15:03:38 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2013.01.11 15:03:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2013.01.11 15:03:38 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2013.01.11 15:03:38 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2013.01.11 15:03:38 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2013.01.11 15:03:38 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2013.01.11 15:03:37 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2013.01.11 15:03:37 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2013.01.11 15:03:37 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2013.01.11 15:03:37 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2013.01.11 15:03:37 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2013.01.11 15:03:37 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2013.01.11 14:56:27 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013.01.11 14:56:27 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013.01.11 14:56:27 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013.01.10 14:53:28 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013.01.10 14:53:15 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2013.01.10 14:53:03 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.01.10 14:53:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013.01.10 14:53:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.01.10 14:52:54 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.01.10 14:52:53 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.01.10 14:52:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.01.10 14:52:53 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.01.10 14:52:52 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013.01.10 14:52:52 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.01.10 14:52:51 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.01.10 14:52:51 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.01.10 14:52:51 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2013.01.10 14:52:51 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.01.10 14:52:51 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.01.10 14:52:24 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.01.10 14:52:23 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.01.10 14:52:17 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2013.01.10 14:52:16 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2013.01.10 14:52:12 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2013.01.10 14:52:09 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2013.01.10 14:52:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2013.01.10 14:52:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2013.01.10 14:51:57 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2013.01.10 14:51:42 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.10 14:51:35 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2013.01.10 14:51:32 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2013.01.10 14:51:26 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2013.01.10 14:51:26 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2013.01.10 14:51:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013.01.10 14:51:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013.01.10 14:51:10 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2013.01.10 14:51:10 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2013.01.10 14:51:10 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2013.01.10 14:51:10 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2013.01.10 14:51:09 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2013.01.10 14:51:04 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.01.10 14:50:55 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2013.01.10 14:50:55 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2013.01.10 14:50:55 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2013.01.10 14:50:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.01.10 14:50:48 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2013.01.10 14:50:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2013.01.10 14:50:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.01.10 14:50:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.01.10 14:50:15 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2013.01.10 14:50:15 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.01.10 14:50:10 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.10 14:50:10 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.01.10 14:49:58 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.01 14:30:44 | 000,636,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.01 14:30:44 | 000,594,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.01 14:30:44 | 000,128,380 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.01 14:30:44 | 000,106,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.01 14:24:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.01 14:23:42 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.01 14:23:26 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 14:23:26 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 14:23:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.01 13:38:43 | 197,617,785 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.31 18:15:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.01.24 15:14:46 | 000,000,000 | ---- | M] () -- C:\Users\root\defogger_reenable
[2013.01.24 14:29:56 | 000,002,081 | ---- | M] () -- C:\Users\root\Desktop\SpyHunter.lnk
[2013.01.17 16:09:39 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.16 19:18:59 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.16 19:18:47 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.15 19:34:51 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013.01.15 19:10:00 | 000,399,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.09 18:01:50 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2013.01.09 18:01:49 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
 
========== Files Created - No Company Name ==========
 
[2013.01.28 17:40:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.28 17:40:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.28 17:40:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.28 17:40:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.28 17:40:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.24 15:14:46 | 000,000,000 | ---- | C] () -- C:\Users\root\defogger_reenable
[2013.01.24 14:29:56 | 000,002,081 | ---- | C] () -- C:\Users\root\Desktop\SpyHunter.lnk
[2013.01.17 16:09:39 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.15 19:34:51 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013.01.15 17:21:34 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2013.01.15 17:21:34 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2013.01.15 17:21:34 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2013.01.11 15:03:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013.01.11 15:03:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013.01.11 15:03:38 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012.11.14 19:40:44 | 000,093,184 | ---- | C] () -- C:\Windows\System32\GFilterSvc.exe
[2012.11.14 19:40:42 | 000,067,584 | ---- | C] () -- C:\Windows\System32\MUILbnguageCleanup.exe
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2012.04.02 15:58:18 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2012.01.13 20:39:22 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Roaming\winscp.rnd
[2009.10.14 13:13:49 | 000,005,632 | ---- | C] () -- C:\Users\root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.14 16:27:33 | 000,002,032 | ---- | C] () -- C:\Users\root\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---

--- --- ---
Extras txt:

Code:
OTL Extras logfile created on: 01.02.2013 14:27:44 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\friedrich\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 68,07% Memory free
6,68 Gb Paging File | 5,65 Gb Available in Paging File | 84,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 30,87 Gb Free Space | 31,62% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 185,82 Gb Free Space | 76,11% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 101,81 Gb Free Space | 82,13% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Users\friedrich\AppData\Local\Programs\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DBA4D7-E0A6-4623-83B8-D8289F4125D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{074A46BE-3D7E-4C51-8C2D-2C9EBBD74BAB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{107F3AFD-F06B-4A36-A30C-2DCA16399FA1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{15F95A58-2804-49A2-A49A-7006B42A4248}" = protocol=17 | dir=in | app=d:\programme\age of empires iii\age3y.exe |
"{18EE0ED8-5A2D-40A8-9356-B2B0C12C6D20}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{19E1788A-2782-44C1-9E1E-4F7114C9CFAE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{2014B15F-38A1-4D65-ABBC-4FBFA68404AC}" = protocol=6 | dir=in | app=d:\programme\age of empires iii\age3y.exe |
"{29FCFB39-11B0-4F23-82CD-3276E8E48CAA}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{2C5D4813-3CD6-4634-B48C-01E7D2183C11}" = protocol=6 | dir=in | app=d:\programme\starcraft ii\starcraft ii public test.exe |
"{311F0E3D-52B0-40FD-8484-89D43E1434AE}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{32008C13-3F9A-4410-B95A-854B9872AFCA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3FF0BC38-5789-4FD2-98D4-4A342DF00E16}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{49876CFA-4099-4ED5-A234-EDBC943DFF79}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{51436184-5CAE-46C5-9EAB-33173638D178}" = protocol=6 | dir=in | app=d:\programme\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{57974567-67A5-43B4-BC2E-9E5804EA44D0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{5B2A256A-8D57-406A-9B75-179C516EC03D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{5C2B067C-482A-4EB8-8B45-726020DDB3DE}" = protocol=6 | dir=in | app=d:\programme\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{5F464852-6579-4FF0-A23D-D0DAD33478D4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{60EAAE31-D14E-48A8-B5C8-9FB8FBBB1FFD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{6804F685-AB72-48F8-8ABD-F35592F9CED3}" = protocol=17 | dir=in | app=d:\programme\age of empires iii\age3.exe |
"{69AED82B-BBF8-4341-AF87-FE7BDC176945}" = protocol=17 | dir=in | app=d:\programme\starcraft ii\starcraft ii public test.exe |
"{7478AC4E-7852-4121-B729-763C1D67642F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{7CDC0C6B-4F0F-4B1D-98C5-5969C401E5CC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{7D5C3339-07B3-438B-AC70-0C32FD76AF1A}" = protocol=17 | dir=in | app=d:\programme\starcraft ii\starcraft ii.exe |
"{7F4478B7-B97E-4915-BDC6-059DBE30D216}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{8451A00D-D13A-4C7D-A76D-642789283AFA}" = protocol=17 | dir=in | app=d:\programme\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{8C0CD5D0-3185-43B3-8D43-575A2078BAAA}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{94F9DF85-CF53-44D6-95DA-9E864BCAE22F}" = protocol=17 | dir=in | app=d:\programme\sid meier's civilization 4 complete\civilization4.exe |
"{95A095C7-7B4A-4945-9FB9-632FC8EECF38}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{97E39C75-5E48-43D3-9AA4-5F226954BED8}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{9EB7C7DE-3429-489C-BEB6-0C65E2A38625}" = protocol=6 | dir=in | app=d:\programme\sid meier's civilization 4 complete\civilization4.exe |
"{A17A549B-85A3-4E81-9611-4AE2D1E15782}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{A2A3433C-E75F-4375-8364-35EC780D5AEA}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{B02B42D5-E80F-4D25-84DC-5EE3B245390B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{B119D4F6-D384-4330-8B0F-A6C6669E826B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C07EF8C4-669B-48E3-80D2-E9BB8109DB90}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{C3760539-501E-4DB7-8F50-1DAE518AE34D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{C3D48FD4-4A86-4FBC-996E-523CD0600B91}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C90E0292-E186-45A0-9A19-FC8FBC66A98D}" = protocol=6 | dir=in | app=d:\programme\starcraft ii\starcraft ii.exe |
"{CF7F9990-C801-4990-9AC5-02992CF7EB76}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3EF1F86-8633-46D7-8C4D-382C64B6BAE0}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{D422D9B7-0A06-4321-AB71-EB8EA46774E0}" = protocol=17 | dir=in | app=d:\programme\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{D4D68E41-AD33-46ED-A7D4-256C5FEF1872}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D50EC150-AF28-4168-902C-2F380C3896ED}" = protocol=6 | dir=in | app=d:\programme\age of empires iii\age3.exe |
"{DB369733-6912-479C-B607-FB90ECE0C94C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{DC55EFC5-AC90-42B0-991E-199F7CE5785B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E82395FC-5D30-4F95-AB1A-F74ED26706CE}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{EB580FA8-6077-4567-85AF-62119AFB9363}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{EC0FDFDE-659F-4E15-B099-F48809AE9912}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{ED43694A-FB80-4E90-A41A-2FA4655658CF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe |
"TCP Query User{03CAA602-7C72-4D3C-A265-D7FCF7EFA1F5}D:\programme\star wars empire at war\gamedata\fpupdate.exe" = protocol=6 | dir=in | app=d:\programme\star wars empire at war\gamedata\fpupdate.exe |
"TCP Query User{0BB19519-3DF4-45C3-86CC-AA3645EEF726}C:\users\olotu\downloads\tinyumbrella-4.1.13(2).exe" = protocol=6 | dir=in | app=c:\users\olotu\downloads\tinyumbrella-4.1.13(2).exe |
"TCP Query User{0D72D0C1-0357-442C-8FAA-16C4640F4C35}D:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe" = protocol=6 | dir=in | app=d:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
"TCP Query User{1019E448-9539-4C6C-A54C-017C0EB88868}D:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=6 | dir=in | app=d:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"TCP Query User{1B252BD0-D4D9-4CAC-9925-193A325D2F02}D:\programme\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{2F60BBF9-A259-40B2-A5CC-5D5F4E670D14}D:\programme\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=d:\programme\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{3071FF7E-ECD7-4700-8104-29955407219D}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"TCP Query User{38E6B1DC-16FE-42AE-8043-471AF337A630}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{4930A45F-59C3-4660-829A-F8A3C1F6E665}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{5518C8B9-0BAE-4ED8-B4D6-C5426010B4B4}D:\programme\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base22612\sc2.exe |
"TCP Query User{5DB8A1AC-4A6C-40F9-918E-AD187C90753C}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"TCP Query User{61726FC7-1174-4ACE-809C-F71B334C8F3B}C:\users\friedrich\downloads\tinyumbrella-4.1.13.exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.13.exe |
"TCP Query User{6D19BB06-6F83-4C2B-91E7-484B4AC3FFF0}D:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{6E28EAB5-AFAE-4AE4-BD0F-D2B002CF8BEF}D:\programme\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{716848B8-CF7B-4857-BB9F-969A4504DD8D}C:\users\olotu\downloads\umbrella-4.00.19.exe" = protocol=6 | dir=in | app=c:\users\olotu\downloads\umbrella-4.00.19.exe |
"TCP Query User{7A8A88B0-26E8-4783-909C-8516B8D61713}C:\program files\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files\trackmania united\tmunited.exe |
"TCP Query User{938EA100-C31D-460D-AA3A-26094C4956E4}C:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe |
"TCP Query User{9C60C9DA-7225-4209-BEC7-66472DC1EEEB}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"TCP Query User{A8BA5F5A-59D7-4584-9207-A30374482865}D:\programme\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{B3D71FB7-3720-41F4-A19A-C717EE5979D0}C:\users\olotu\downloads\tinyumbrella-4.1.9-2.exe" = protocol=6 | dir=in | app=c:\users\olotu\downloads\tinyumbrella-4.1.9-2.exe |
"TCP Query User{C37EBBCE-8AB0-4A01-9570-39F293260110}D:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{C51AC5AE-CB7D-404A-8A9F-E9A99B565BB7}D:\programme\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{CAB054FB-F8C5-45A1-9D77-25CC26D66B45}C:\users\olotu\downloads\tinyumbrella-4.21.02.exe" = protocol=6 | dir=in | app=c:\users\olotu\downloads\tinyumbrella-4.21.02.exe |
"TCP Query User{CE6835A1-C47F-4CEC-B6D3-823D390AA38F}D:\programme\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{D8008F28-A88F-4130-942E-391E7737E2A1}C:\program files\codemasters\micromachines v4\mmv4.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\micromachines v4\mmv4.exe |
"TCP Query User{E03C791D-3253-4041-8A91-2F05FE82F3C3}D:\programme\star wars empire at war\gamedata\sweaw.exe" = protocol=6 | dir=in | app=d:\programme\star wars empire at war\gamedata\sweaw.exe |
"TCP Query User{E8FE2277-50E6-4FC8-B1E1-0B627CFF8154}D:\programme\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{F69BF1B8-0865-45CE-BCC8-93D472C02242}D:\programme\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\programme\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{FB5191E1-848B-4ABE-8D06-FF9890C34F02}D:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{00C72C85-73EA-4CFF-8957-742056D85FD3}D:\programme\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{1B14CD35-C09A-47EF-8EAD-6EC572CC2431}D:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{1BC477FE-44D1-487A-862D-FAF20F102119}D:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{1C0CF621-CA38-49F8-9243-3EBA55B4369C}C:\users\friedrich\downloads\tinyumbrella-4.1.9-2.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.9-2.exe |
"UDP Query User{1CFB6ECB-793D-4FC4-96CE-26EFFB9D001C}D:\programme\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{24EDB49A-DB69-46B2-AA64-4AA6F19194FC}D:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=17 | dir=in | app=d:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"UDP Query User{2CA55992-BE53-4FC0-A7C4-D9B1E33E7A5B}D:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{45B94ED5-7147-418B-B258-01F4569A7479}D:\programme\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{4EAEB2B6-DD77-4BBD-98D4-04A9B34EF005}C:\program files\codemasters\micromachines v4\mmv4.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\micromachines v4\mmv4.exe |
"UDP Query User{5CB419B6-B28D-4641-A01F-CFB7BA4B9218}D:\programme\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=d:\programme\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{614D3CB8-7653-4CC5-B7C9-7FB357E58BB0}C:\users\friedrich\downloads\tinyumbrella-4.1.13.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.13.exe |
"UDP Query User{63BF7350-13C1-46A1-A8A8-183095B41BE9}D:\programme\star wars empire at war\gamedata\fpupdate.exe" = protocol=17 | dir=in | app=d:\programme\star wars empire at war\gamedata\fpupdate.exe |
"UDP Query User{696A42BE-3F25-45F3-B9D3-782427806897}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{6FED25C4-2F33-4D9E-BF68-B5E8D1A4ACD0}C:\program files\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files\trackmania united\tmunited.exe |
"UDP Query User{7100957D-F51A-4825-B36F-F745B890AB25}C:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe |
"UDP Query User{7DE24C23-DC4D-4B9B-9FE9-87452E9A090B}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{82D8156F-DDFA-4067-8FD6-4E1936A6F3D3}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"UDP Query User{83A0CD78-B9D1-4EE1-BDB8-402744BF0E19}D:\programme\star wars empire at war\gamedata\sweaw.exe" = protocol=17 | dir=in | app=d:\programme\star wars empire at war\gamedata\sweaw.exe |
"UDP Query User{886A3DB0-3615-4CE9-820E-4132F95EBEE8}D:\programme\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{A43340EF-E2E7-44FC-85E5-673F67AB67CB}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"UDP Query User{B5E99563-7110-48CB-8869-D314956EC2B3}D:\programme\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base22612\sc2.exe |
"UDP Query User{BD41F4EC-A532-4DE9-8489-D235A052BBEA}D:\programme\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{C09A77E6-69A8-40D5-9725-5C10205BD0FD}C:\users\friedrich\downloads\tinyumbrella-4.21.02.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02.exe |
"UDP Query User{C38FF420-87F0-4ECB-95CC-84DDB970AE57}C:\users\friedrich\downloads\umbrella-4.00.19.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\umbrella-4.00.19.exe |
"UDP Query User{E8C68850-EB1F-4D1C-86DE-2D9C910AE512}D:\programme\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\programme\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{EE2B4C3C-89FB-49F9-B18F-2428B27A445A}D:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe" = protocol=17 | dir=in | app=d:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
"UDP Query User{F4D46132-796C-4136-A7CC-B0AEF142904E}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"UDP Query User{FB770A3D-2576-4C56-8AC0-D24D1BEE89F4}C:\users\friedrich\downloads\tinyumbrella-4.1.13(2).exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.13(2).exe |
"UDP Query User{FE4ED811-C3DC-4FE6-9578-FAB37173FCAD}D:\programme\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base18092\sc2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.60
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3AFD938F-D1FF-490A-9154-82774A9E977E}" = Sid Meier's Civilization 4
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat  8 Standard - English, Français, Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBB21AB1-2C45-435D-A05A-B563072E7B9B}" = Xirrus Wi-Fi Inspector
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.7
"{DDABC667-56B3-4122-82B0-2F5782EA2F9A}" = SpyHunter
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E4511CEC-2E60-4076-95B6-0E193269EB86}" = MicroMachines V4
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Acrobat  8 Standard - English, Français, Deutsch" = Adobe Acrobat  8 Standard - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"DesktopIconAmazon" = Desktop Icon für Amazon
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfeeLiteScanner" = McAfee Scan and Repair 1.5.121
"MediaCoder" = MediaCoder 0.7.5.4762
"medionmusic-manager gold" = medionmusic-manager gold
"medionmusic-Suite" = medionmusic-Suite
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"Mozilla Thunderbird (3.0)" = Mozilla Thunderbird (3.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"ROCKS 'N' DIAMONDS" = ROCKS 'N' DIAMONDS 3.1.0
"SearchAnonymizer" = SearchAnonymizer
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"TmUnited_is1" = TrackMania United 0.2.0.8
"TSteroids" = TSteroids 1.2
"Tux Racer Win 32" = Tux Racer Win 32 0.61a
"Ultimat Steroids" = Ultimat Steroids 1.21
"Vista Anti-Lag" = Vista Anti-Lag 1.1.1
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.3.5
"XMedia Recode" = XMedia Recode 2.1.2.9
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = G-Filter
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 2.0.05d
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"Opera 12.12.1707" = Opera 12.12
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.01.2013 09:11:18 | Computer Name = computer | Source = System Restore | ID = 8193
Description =
 
Error - 17.01.2013 11:20:23 | Computer Name = computer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mbam.exe, Version 1.70.0.9, Zeitstempel 0x50a526ce,
 fehlerhaftes Modul ieframe.dll, Version 7.0.6001.18639, Zeitstempel 0x4db04613,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00027dd2,  Prozess-ID 0x13cc, Anwendungsstartzeit
 01cdf4c4b799b389.
 
Error - 18.01.2013 11:46:10 | Computer Name = computer | Source = EventSystem | ID = 4609
Description =
 
Error - 22.01.2013 13:24:12 | Computer Name = computer | Source = System Restore | ID = 8193
Description =
 
Error - 24.01.2013 09:29:45 | Computer Name = computer | Source = System Restore | ID = 8193
Description =
 
Error - 24.01.2013 09:29:54 | Computer Name = computer | Source = System Restore | ID = 8193
Description =
 
Error - 24.01.2013 11:45:17 | Computer Name = computer | Source = Perflib | ID = 1010
Description =
 
Error - 27.01.2013 12:29:20 | Computer Name = computer | Source = System Restore | ID = 8193
Description =
 
Error - 27.01.2013 12:31:49 | Computer Name = computer | Source = MsiInstaller | ID = 11609
Description =
 
Error - 28.01.2013 12:40:08 | Computer Name = computer | Source = System Restore | ID = 8193
Description =
 
[ System Events ]
Error - 31.01.2013 13:14:14 | Computer Name = computer | Source = Service Control Manager | ID = 7034
Description =
 
Error - 31.01.2013 13:14:15 | Computer Name = computer | Source = Service Control Manager | ID = 7031
Description =
 
Error - 31.01.2013 13:18:57 | Computer Name = computer | Source = HTTP | ID = 15016
Description =
 
Error - 31.01.2013 13:19:19 | Computer Name = computer | Source = Service Control Manager | ID = 7026
Description =
 
Error - 01.02.2013 08:32:22 | Computer Name = computer | Source = HTTP | ID = 15016
Description =
 
Error - 01.02.2013 08:33:09 | Computer Name = computer | Source = Service Control Manager | ID = 7026
Description =
 
Error - 01.02.2013 08:38:50 | Computer Name = computer | Source = HTTP | ID = 15016
Description =
 
Error - 01.02.2013 08:39:21 | Computer Name = computer | Source = Service Control Manager | ID = 7026
Description =
 
Error - 01.02.2013 09:23:23 | Computer Name = computer | Source = HTTP | ID = 15016
Description =
 
Error - 01.02.2013 09:23:50 | Computer Name = computer | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---

--- --- ---

cosinus 01.02.2013 15:35
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


friedrich23 01.02.2013 19:12
hat bei beiden nichts gefunden

malwarebytes:

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.31.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
friedrich :: COMPUTER [limited]

01.02.2013 17:04:42
mbam-log-2013-02-01 (17-04-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202237
Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
eset online scanner:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=5e600f3e38390742b9252fd91efdee15
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-01 06:01:48
# local_time=2013-02-01 07:01:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 513601 197274410 0 0
# scanned=203552
# found=0
# cleaned=0
# scan_time=6143
vielen dank schon mal für deine mühe :D


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:45 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19