Trojaner-Board - "BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - "BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht! (https://www.trojaner-board.de/143515-bka-trojaner-sperrschirm-abgesicherter-modus-funktioniert.html)

"BKA-Trojaner" Sperrschirm,Abgesicherter Modus funktioniert nicht!

Sehr geehrtes Trojaner-Board Team,

gestern nachmittag hat sich beim Surfen im Netz ein "BKA-Sperrbildschirm" aufgebaut und blockiert seit dem meinen Administrator-Account.Habe schon versucht einen der 3 abgesicherten Modi zu starten hatte aber keinen Erfolg.Der Gast-Account funktioniert noch ohne Probleme.Habe schon einen Suchdurchlauf mit *Malwarebytes Anti-Malware* durchgeführt.Leider habe ich ehrlich gesagt keine große Ahnung von trojaner/Virenbekämpfung. :o

Könnt ihr mir weiterhelfen? Vielen Dank schon mal im Voraus!!!

Hi,

MBAM sieht das BKA-Teil aus dem Gastaccount nicht..
Mach bitte einen FRST-Scan wie folgt:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Hi,

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013

Ran by SYSTEM on MININT-BP4CF4P on 24-10-2013 18:26:44

Running from K:\

Windows 7 Home Premium (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-17] (Realtek Semiconductor)

Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab)

HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [340456 2009-10-20] (Kaspersky Lab)

HKLM-x32\...\Run: [BCU] - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [346320 2009-08-04] (DeviceVM, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)

HKU\Steffen\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)

HKU\Steffen\...\Run: [Steam] - c:\program files (x86)\steam\steam.exe [1242448 2011-03-24] (Valve Corporation)

HKU\Steffen\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent

AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll [15376 2010-04-06] (Kaspersky Lab)

AppInit_DLLs-x32: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll [72208 2010-04-06] (Kaspersky Lab)
 

==================== Services (Whitelisted) =================
 

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [340456 2009-10-20] (Kaspersky Lab)

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)

S2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [246520 2010-01-03] ()

S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2009-07-14] (Microsoft Corporation)

S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29262680 2009-05-27] (Microsoft Corporation)

S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2010-06-16] ()

S2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [428032 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2010-09-04] ()

S3 ioatdma1; C:\Windows\System32\Drivers\qd160x64.sys [40072 2008-01-18] (Intel Corporation)

S1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-09-01] (Kaspersky Lab)

S0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [40464 2009-10-14] (Kaspersky Lab)

S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [353296 2010-04-06] (Kaspersky Lab)

S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27152 2009-09-14] (Kaspersky Lab)

S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [21008 2009-10-02] (Kaspersky Lab)

S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2010-04-26] ()

S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [68608 2005-08-10] (Protection Technology)

S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [15872 2005-08-10] (Protection Technology)

S3 gdrv; \??\C:\Windows\gdrv.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-24 18:26 - 2013-10-24 18:26 - 00000000 ____D C:\FRST

2013-10-05 21:55 - 2013-10-05 22:21 - 00000000 ____D C:\gamedata
 

==================== One Month Modified Files and Folders =======
 

2013-10-24 18:26 - 2013-10-24 18:26 - 00000000 ____D C:\FRST

2013-10-23 07:43 - 2010-04-06 17:16 - 00000000 ____D C:\Users\Steffen\Desktop\Krempel

2013-10-16 21:03 - 2013-09-11 21:17 - 00000000 ____D C:\S.T.A.L.K.E.R. - Shadow of Chernobyl

2013-10-05 22:21 - 2013-10-05 21:55 - 00000000 ____D C:\gamedata
 

Some content of TEMP:

====================

C:\Users\Steffen\AppData\Local\Temp\binkw32.dll

C:\Users\Steffen\AppData\Local\Temp\CH.dll

C:\Users\Steffen\AppData\Local\Temp\d2l_Install.exe

C:\Users\Steffen\AppData\Local\Temp\d2l_PlayD2.exe

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7330014.dll

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7340014.dll

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7350008.dll

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7370014.dll

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7400006.dll

C:\Users\Steffen\AppData\Local\Temp\IcqUpdater.exe

C:\Users\Steffen\AppData\Local\Temp\SIntf16.dll

C:\Users\Steffen\AppData\Local\Temp\SIntf32.dll

C:\Users\Steffen\AppData\Local\Temp\SIntfNT.dll

C:\Users\Steffen\AppData\Local\Temp\war3_Install.exe

C:\Users\Steffen\AppData\Local\Temp\_is22FB.exe

C:\Users\Steffen\AppData\Local\Temp\_is2722.exe

C:\Users\Steffen\AppData\Local\Temp\_is36C9.exe

C:\Users\Steffen\AppData\Local\Temp\_is39B8.exe

C:\Users\Steffen\AppData\Local\Temp\_is41C0.exe

C:\Users\Steffen\AppData\Local\Temp\_is4252.exe

C:\Users\Steffen\AppData\Local\Temp\_is4A48.exe

C:\Users\Steffen\AppData\Local\Temp\_is4C04.exe

C:\Users\Steffen\AppData\Local\Temp\_is6D56.exe

C:\Users\Steffen\AppData\Local\Temp\_is76E4.exe

C:\Users\Steffen\AppData\Local\Temp\_is7DA7.exe

C:\Users\Steffen\AppData\Local\Temp\_is828A.exe

C:\Users\Steffen\AppData\Local\Temp\_is864F.exe

C:\Users\Steffen\AppData\Local\Temp\_is955F.exe

C:\Users\Steffen\AppData\Local\Temp\_is9C34.exe

C:\Users\Steffen\AppData\Local\Temp\_isA540.exe

C:\Users\Steffen\AppData\Local\Temp\_isA61B.exe

C:\Users\Steffen\AppData\Local\Temp\_isA68B.exe

C:\Users\Steffen\AppData\Local\Temp\_isB01C.exe

C:\Users\Steffen\AppData\Local\Temp\_isBFA7.exe

C:\Users\Steffen\AppData\Local\Temp\_isC3AC.exe

C:\Users\Steffen\AppData\Local\Temp\_isCE18.exe

C:\Users\Steffen\AppData\Local\Temp\_isE4B6.exe

C:\Users\Steffen\AppData\Local\Temp\_isF0D.exe
 
 

==================== Known DLLs (Whitelisted) ================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 14%

Total physical RAM: 4059.49 MB

Available physical RAM: 3488.51 MB

Total Pagefile: 4057.64 MB

Available Pagefile: 3485.71 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB
 

==================== Drives ================================
 

Drive c: (System) (Fixed) (Total:100 GB) (Free:27.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Daten) (Fixed) (Total:831.51 GB) (Free:25.79 GB) NTFS

Drive f: (EAWX_1) (CDROM) (Total:1.42 GB) (Free:0 GB) UDF

Drive k: (INTENSO) (Removable) (Total:14.73 GB) (Free:14.73 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0C19B2D7)

Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=832 GB) - (Type=07 NTFS)
 

========================================================

Disk: 5 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 
 

LastRegBack: 2010-09-18 08:07
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Hi,

dein befallenes Admin-Konto heisst "Steffen"?
Versuch bitte mal den folgenden Fix. Ist der Rechner dann bei einem Neustart immer noch gesperrt?

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\Users\Steffen\AppData\Local\Temp\*.exe

C:\Users\Steffen\AppData\Local\Temp\*.dll

C:\Users\Steffen\AppData\Local\Temp\*

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Morgen!

Das Administrator-Konto "Steffen" ist immer noch blockiert!

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013

Ran by SYSTEM at 2013-10-25 08:59:27 Run:1

Running from K:\

Boot Mode: Recovery

==============================================
 

Content of fixlist:

*****************

C:\Users\Steffen\AppData\Local\Temp\*.exe

C:\Users\Steffen\AppData\Local\Temp\*.dll

C:\Users\Steffen\AppData\Local\Temp\*
 

*****************
 

C:\Users\Steffen\AppData\Local\Temp\*.exe => Moved successfully.

C:\Users\Steffen\AppData\Local\Temp\*.dll => Moved successfully.

"C:\Users\Steffen\AppData\Local\Temp\*" => Could not move.
 

==== End of Fixlog ====

Ok, dann mal schauen, was OTLpe sieht:

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade

OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.

Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Bebilderte Anleitung: OTLpe-Scan

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

Okay das werde ich versuchen!!

Gibts es auch noch eine andere Methode? Weil ich erst Ende nächster Woche wieder Zugriff auf einen Pc mit Brenner habe.

Trotzdem Danke!! :)

Ja wir können gerne noch ein paar andere Sachen probieren.
Ich hab eben bisher weder im MBAM- noch im FRST-Log die Malware ausmachen können.

Logge dich ins befallene Admin-Konto ein. Dann drücke CTRL + ALT + DEL, um den Taskmanager aufzurufen. Wähle Benutzer wechseln (nicht abmelden!) und melde dich dann im Gast-Konto an. Mach dann dort einen OTL-Scan wie folgt (der Haken bei "Scan all Users" ist wichtig):

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

Okay!
Gesagt getan :)

Code:

OTL logfile created on: 25.10.2013 12:15:50 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gast\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,96 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 68,34% Memory free

7,93 Gb Paging File | 6,44 Gb Available in Paging File | 81,29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 831,51 Gb Total Space | 25,57 Gb Free Space | 3,08% Space Free | Partition Type: NTFS

Drive D: | 100,00 Gb Total Space | 27,31 Gb Free Space | 27,31% Space Free | Partition Type: NTFS

Drive H: | 14,73 Gb Total Space | 14,73 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

 

Computer Name: STEFFEN-PC | User Name: Gast | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.10.25 12:14:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gast\Desktop\OTL.exe

PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2011.10.03 17:59:22 | 000,204,288 | ---- | M] (AMD) [Auto | Unknown] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (nsi)

SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (NlaSvc)

SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (lmhosts)

SRV:64bit: - [2009.07.14 03:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Unknown] -- C:\Windows\SysNative\ADIDTSFiltService.dll -- (idebusdr)

SRV - [2013.10.09 10:45:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.10.02 09:10:59 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Unknown] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)

SRV - [2013.09.21 20:35:00 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013.07.04 18:32:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Unknown] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Unknown] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Unknown] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013.02.09 13:20:32 | 000,076,888 | ---- | M] () [Auto | Unknown] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012.09.05 17:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Unknown] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)

SRV - [2010.04.16 17:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Unknown] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\Rtlservice.exe -- (Realtek11nSU)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013.10.02 09:10:59 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2013.08.10 01:14:19 | 000,088,480 | ---- | M] () [Kernel | Auto | Unknown] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)

DRV:64bit: - [2013.08.10 01:14:19 | 000,046,400 | ---- | M] () [Kernel | Auto | Unknown] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.10.03 18:56:42 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011.10.03 17:22:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.03.08 11:50:48 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.05.12 11:29:56 | 000,692,768 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)

DRV:64bit: - [2010.01.28 16:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Unknown] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 

IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 00 20 D1 F7 CF CE 01  [binary data]

IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE422

IE - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)

FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12 [2013.10.02 09:13:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox [2013.10.23 21:57:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2013.07.04 18:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.07.04 18:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2013.07.04 18:32:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013.05.21 12:11:26 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

 
 ========== Chrome  ==========

 

CHR - Extension: No name found = C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\

 

Hosts file not found

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Plus-HD-2.3) - {11111111-1111-1111-1111-110311341126} - C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)

O2 - BHO: (DealPly Shopping) - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)

O3:64bit: - HKU\S-1-5-21-3988711392-2741257696-3300269237-501\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4 - HKLM..\Run: [1TRi7sGavqT.exe] "C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe" File not found

O4 - HKLM..\Run: [lF40kc2sqeD.exe] "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" File not found

O4 - HKLM..\Run: [SSoonrEj.exe] "C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe" File not found

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

O4 - HKU\S-1-5-21-3988711392-2741257696-3300269237-501..\Run: [Qyaxseacha] C:\Users\Gast\AppData\Roaming\Yhud\olepf.exe (X-Ways Software Technology AG)

O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FBE6C14-58BA-4736-86BC-DBDACE14FC23}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)

O20 - AppInit_DLLs: (c:\progra~4\bitguard\261694~1.246\{c16c1~1\bitguard.dll) -  File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (cmd.exe) - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ijeluxa: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\ijeluxa.dll) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: idebusdr - C:\Windows\SysNative\ADIDTSFiltService.dll (Oak Technology Inc.)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.10.25 12:14:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gast\Desktop\OTL.exe

[2013.10.25 10:23:47 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Gast\Desktop\OTLPENet.exe

[2013.10.25 08:34:22 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Local\AVG Secure Search

[2013.10.24 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Yhud

[2013.10.24 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Guux

[2013.10.24 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Abymeb

[2013.10.24 16:25:55 | 000,000,000 | ---D | C] -- C:\Users\Gast\Desktop\Neuer Ordner

[2013.10.24 14:59:28 | 000,000,000 | ---D | C] -- C:\Users\Gast\mbar

[2013.10.24 14:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle

[2013.10.24 09:04:59 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Local\Diagnostics

[2013.10.24 08:39:53 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Petroglyph

[2013.10.23 21:20:34 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\WinRAR

[2013.10.23 19:02:44 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2013.10.23 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Local\Adobe

[2013.10.23 15:57:44 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Macromedia

[2013.10.23 15:57:42 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Adobe

[2013.10.23 15:57:34 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Google

[2013.10.23 15:57:32 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Local\Google

[2013.10.23 15:52:00 | 000,000,000 | ---D | C] -- C:\Users\Gast\AppData\Roaming\Malwarebytes

[2013.10.23 08:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge

[2013.10.08 12:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder

[2013.10.05 12:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Centurion - Defender of Rome

[2013.09.26 20:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2013.09.26 20:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2013.09.26 20:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies

[2013.09.26 20:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2013.09.26 20:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies

[2013.09.26 20:43:04 | 000,000,000 | ---D | C] -- C:\AMD

[2013.09.25 20:45:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-SHOC

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.10.25 12:14:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gast\Desktop\OTL.exe

[2013.10.25 10:25:32 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Gast\Desktop\OTLPENet.exe

[2013.10.25 10:20:47 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.10.25 10:20:47 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.10.25 10:12:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.10.25 10:12:28 | 3192,512,512 | -HS- | M] () -- C:\hiberfil.sys

[2013.10.25 10:09:09 | 385,355,457 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013.10.24 18:03:38 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.10.24 18:03:38 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.10.24 18:03:38 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.10.24 18:03:38 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.10.24 18:03:38 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.10.24 08:37:14 | 000,027,648 | ---- | M] () -- C:\Users\Gast\Desktop\ModLauncher.exe

[2013.10.23 22:26:42 | 000,055,955 | ---- | M] () -- C:\Users\Gast\Desktop\iceland_president_bail_out_people_jail_banksters_meme.jpg

[2013.10.23 21:13:33 | 000,006,144 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl

[2013.10.23 17:56:02 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

[2013.10.22 22:43:02 | 000,321,536 | ---- | M] () -- C:\ProgramData\MXJ5mE8ZNh

[2013.10.22 14:05:12 | 000,006,633 | ---- | M] () -- C:\Users\Public\Documents\stalke~1.ltx

[2013.10.18 10:25:00 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013.10.09 10:45:27 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.10.09 10:45:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.10.06 16:28:39 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013.10.05 23:09:22 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk

[2013.10.02 09:13:04 | 000,003,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml

[2013.10.02 09:10:59 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

[2013.09.28 23:11:56 | 000,414,241 | ---- | M] () -- C:\Uninstall.ini

[2013.09.28 23:11:56 | 000,273,164 | ---- | M] () -- C:\Uninstall.exe

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.10.24 08:37:14 | 000,027,648 | ---- | C] () -- C:\Users\Gast\Desktop\ModLauncher.exe

[2013.10.23 22:27:00 | 000,055,955 | ---- | C] () -- C:\Users\Gast\Desktop\iceland_president_bail_out_people_jail_banksters_meme.jpg

[2013.10.23 17:28:28 | 385,355,457 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2013.10.22 22:43:12 | 000,321,536 | ---- | C] () -- C:\ProgramData\MXJ5mE8ZNh

[2013.10.06 16:28:37 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013.09.28 23:11:56 | 000,414,241 | ---- | C] () -- C:\Uninstall.ini

[2013.09.25 20:56:37 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk

[2013.08.31 00:00:42 | 000,000,165 | ---- | C] () -- C:\ProgramData\ssmymagwwxdmyyqkkfu.reg

[2013.08.31 00:00:42 | 000,000,070 | ---- | C] () -- C:\ProgramData\ssmymagwwxdmyyqkkfu.bat

[2013.08.17 09:28:21 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2013.06.27 10:12:02 | 000,003,728 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml

[2012.11.30 22:19:34 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2012.11.27 00:48:34 | 000,000,115 | ---- | C] () -- C:\Windows\disney.ini

[2012.11.24 16:40:31 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2012.09.01 14:55:04 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012.07.12 19:26:51 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI

[2012.07.04 17:36:20 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll

[2012.02.04 17:16:53 | 000,000,112 | ---- | C] () -- C:\ProgramData\exCKK8Qm.dat

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[2013.10.25 10:12:33 | 000,004,096 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini

[2013.10.25 10:12:33 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 12:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Files - Unicode (All) ==========

(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.T.A.L.K.E.R_?????? ???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.T.A.L.K.E.R_Смерти вопреки

 
 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
 

< End of report >

Code:

OTL Extras logfile created on: 25.10.2013 12:15:50 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gast\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,96 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 68,34% Memory free

7,93 Gb Paging File | 6,44 Gb Available in Paging File | 81,29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 831,51 Gb Total Space | 25,57 Gb Free Space | 3,08% Space Free | Partition Type: NTFS

Drive D: | 100,00 Gb Total Space | 27,31 Gb Free Space | 27,31% Space Free | Partition Type: NTFS

Drive H: | 14,73 Gb Total Space | 14,73 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

 

Computer Name: STEFFEN-PC | User Name: Gast | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Users\Steffen\AppData\Roaming\File Scout\filescout.exe" /open "%1"

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Users\Steffen\AppData\Roaming\File Scout\filescout.exe" /open "%1"

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0A9FB13B-1151-4B2C-9C47-371B036033E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{16198DD0-0488-4059-AB8C-770CC3CDF0DF}" = rport=445 | protocol=6 | dir=out | app=system | 

"{34174211-BE07-4DAF-9863-789C11B5BC52}" = lport=445 | protocol=6 | dir=in | app=system | 

"{4B8C3FEB-83D8-4E55-BECA-43AA5F6EA9B8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{52E23EFC-C7A6-4584-B764-F5FECC70F62D}" = rport=139 | protocol=6 | dir=out | app=system | 

"{63580EE8-2CA3-4068-AFFB-36F52271C356}" = lport=138 | protocol=17 | dir=in | app=system | 

"{65FF00DD-B1B1-45ED-AB2E-E7F033F0B091}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{7F080ED9-4A7F-4CDF-9138-FFBFF5C2319A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{8AD5F47A-9B01-4897-A306-3E07992C6598}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{91C7F510-1257-4113-A23B-9751B5F902D3}" = rport=138 | protocol=17 | dir=out | app=system | 

"{9FDBA7B6-EACA-4ED5-AB0E-9D001FF86487}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{AADF9A5C-EA5F-483A-947D-9922D2EB41B3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{ABEC3B41-CCA1-4AE2-B69C-1D202C74F28D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B4448F81-77AF-4C9A-8323-03AB11A0FA0E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{BD7E2435-3D6B-427F-94C3-A9545CAE5461}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{C16CE4D8-5E09-4D3B-99BC-AF9494EC9253}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{C58F16E8-E554-4762-AED4-8619287079D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{C9AEE361-ADF3-4C51-B6A0-9A461AE7F33E}" = lport=137 | protocol=17 | dir=in | app=system | 

"{CEFED19B-0DB2-4048-81F2-1D33071AEBF9}" = lport=139 | protocol=6 | dir=in | app=system | 

"{DC6013BC-030F-46B0-95EF-BBD68626C54C}" = rport=137 | protocol=17 | dir=out | app=system | 

"{E6A8D1E2-96A0-4D7B-8FBD-784F18AB3D65}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{EDCBFDB7-1385-4B25-9042-88A53104854B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0076D65C-280A-4FAD-9946-C7BA4E796731}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | 

"{00D1028F-259D-4A31-B56B-5F5AF7ACF726}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe | 

"{0224DC22-A161-4B39-BA11-3435898BF959}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 

"{06417546-1CE9-4E3C-B977-55BB8FDB07AB}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2 demo\masseffect2launcher.exe | 

"{11AD437A-5FB4-493F-B450-5A3369DC7756}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 

"{123E870D-858B-4176-B66F-973B291077C5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 

"{15FF4887-A1E8-4DFE-B6FB-4F1F51469450}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2 demo\masseffect2launcher.exe | 

"{18664680-8C82-4D86-98FE-F72AB939F9D3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | 

"{1AE09B4D-B5FC-4DA8-8845-923589FA3585}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 

"{1B513430-68FB-4C0A-AEE6-D1C210C6A7BA}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 

"{22385D00-6E4B-4A2D-A6AC-ABF69A4823E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{25B43B6D-A64A-443E-927F-46CE63CB2624}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 

"{28C6710B-3766-4D06-89D3-88D4C577CCD3}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 

"{2A2F913F-50EA-423F-8AF4-369ABFB71A91}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe | 

"{2A49E2F3-9597-4567-9644-CDD823D99BF1}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 

"{2A874E56-E5A0-406F-9925-E8BB9534AE06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 

"{332E7346-C6E0-478C-810B-0FE801F6B277}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{39423D12-8F47-43F0-9159-CE4E8090229D}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe | 

"{3AC13C39-0398-4093-80C5-739DABC00C5C}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 

"{3E25AF89-8150-489E-9B9A-35FA986ABF10}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 

"{3EC813AB-EE4A-4076-B7DB-CBB79CE97964}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe | 

"{41C2F085-79BC-4AD5-90BF-E04FA0CCD400}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 

"{44623131-462C-4462-9BB1-820CC7FBF790}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe | 

"{50FDDF7E-B527-42AF-873B-4EF454F8E334}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe | 

"{51CF650E-D739-41B6-A4C0-AC8F028633AB}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe | 

"{528015C7-2F2A-4747-A295-C9487270364C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. demo\ruse.exe | 

"{5469A13B-9290-4735-9ED0-CF4EC6DA2D23}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 

"{56C2F9B3-5F35-414E-950A-138F73E661F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine demo\spacemarine.exe | 

"{586D735E-1FD2-424E-B49A-5DF1966F2C94}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 

"{5A4AB6E5-914F-426D-82B7-0577950BD7EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{5D981AF7-1359-461E-B843-4542ADE61285}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{5E5139BA-CE6A-4716-B34C-8DB08972C2C1}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 

"{602D127D-F910-405C-8B46-362863E3B778}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 

"{608BDF93-DA9C-4599-9DC6-82C6FD18082D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe | 

"{6358E2E1-1C89-4968-8C19-584A8AC8DACE}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | 

"{67A2CD15-60FE-478C-BEDA-60B2FD38DE8C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{6BDCC4D3-18A9-4041-9077-23B375FC9554}" = protocol=6 | dir=in | app=c:\program files (x86)\kalypso\sins of a solar empire\sins of a solar empire.exe | 

"{6CD75F8E-C5C7-4492-9761-BAE985046C98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe | 

"{7057A9E3-B83C-40D6-8579-CDFA28D237F7}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 

"{7CEDCAF0-DB19-4BAA-9E4B-5CEE77F6D69E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{7F63E617-1D3C-4818-9E5F-CFFC13BB2A2E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{7F8F3C50-B55C-4418-933E-40367D0A5C46}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe | 

"{843668C5-181A-4B80-BA56-C859243264DC}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 

"{864D99BA-CD94-4073-AEF0-8BC754B3741E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{87AF4317-EAD8-4065-B8B4-6B388C985C92}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2 demo\binaries\masseffect2.exe | 

"{8C6DDB63-DF98-4866-A1E3-5654A8B410CE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{8F6A4C78-1295-43DB-B505-87D13B46BB70}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{90798588-A7DA-4868-A27D-06BEDA2C81AD}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | 

"{9647E502-57AC-4CB6-AD56-12295F914F53}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe | 

"{965BE9AC-9001-4FFF-A218-D220E0269BA6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{9B0CE3D0-FF91-4D3C-8F01-97123619C821}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2 demo\binaries\masseffect2.exe | 

"{9E0C4252-9E45-401D-A496-40F8E474A629}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe | 

"{9ED2FC33-42FA-409D-9EF1-0B33412F6203}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 

"{9F4B1098-3212-4599-B4BA-A18A667F2598}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault\uawea.exe | 

"{9F7574CA-FB1D-4E82-9006-DFAEDDA05555}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | 

"{A3512023-7056-4701-8BF8-E0680C751D7B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe | 

"{A44D88D2-56B8-4C56-8213-069B48A8390C}" = protocol=17 | dir=in | app=c:\program files (x86)\kalypso\sins of a solar empire\sins of a solar empire.exe | 

"{A4A5F3A3-1F0D-476E-8893-114742820821}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. demo\ruse.exe | 

"{A5E67B03-70DB-4662-B9BC-07E1D617EFB0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{A64277D5-CF5B-4E55-A00B-E4FE3BBCB9C8}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe | 

"{A87C2CE2-C04A-49A8-9547-09E35EF51FC1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 

"{B4328495-3A39-4436-8185-CD44961035BB}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault\uawea.exe | 

"{BE045FD5-EDB3-4E37-8A09-C37AFA4586B3}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 

"{BEB9132B-14CD-47AA-B170-4806BB42B94F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{BEF84E59-E145-4B24-B8EC-6CEBFB65E4A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 

"{BF968156-ABED-4A90-AF8E-75EBABAF051C}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 

"{BFE0CED4-C50C-49F7-9CA1-3DF2828A5387}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | 

"{C05BA984-6E77-4F02-AE0A-17CCC52B562E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 

"{C382C00D-1C01-47B0-9213-4BA6F3F4CDE3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 

"{C8B4F9DB-2402-436B-AADE-DA008AC05534}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe | 

"{CF67D649-74CA-4D41-95C8-A642FD47DD5A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe | 

"{CFFD61CA-5B42-4372-8F80-60E19746DEA5}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | 

"{D6249236-07AA-41FF-A3EB-BB5624730F05}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe | 

"{D76DCE6D-7338-437B-8EC0-C25DEFE86E98}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 

"{D9DA1ACE-AD35-490B-987A-E0C3BAE75C31}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 

"{DAF73498-8022-4C06-A022-28316436715C}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | 

"{DB09C4C4-34C3-475D-AB49-2EF1B58B84DA}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe | 

"{DC22A324-D58C-4956-945F-3037E165A5DC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 

"{DC620B26-66EE-48FD-8E36-165BE38648BE}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | 

"{DFE77AE2-7399-4BA9-94FC-9266CD7E4BFB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe | 

"{E2C5BB94-C83E-4DBE-8395-3D582177D7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | 

"{E5E9FDAB-E3DA-410D-A232-8DF6C6085C7B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe | 

"{E64B3BCB-CBE8-4820-9DF5-B569D879FC5F}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 

"{E73A9918-24AE-4C91-B9F6-3EC6D474EAB5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe | 

"{E914FC70-09FE-43A4-85DF-76DE9A2B1511}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 

"{E984ED0A-957F-4E96-AA0A-76DEA174BB71}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | 

"{EEB63646-E60C-4555-95D1-2846C06CE17C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | 

"{F6555EDA-2191-4411-B203-C35D078B4BB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 

"{F7655D6D-355E-44DA-853C-A7B6F4616F9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine demo\spacemarine.exe | 

"{F78B913C-D5A6-49A5-BB97-0DD4FE63538B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe | 

"{F9FBFAD2-2AB0-466F-B846-063AA72A2094}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 

"TCP Query User{059645BA-1F00-4FC3-B492-C7D3B2406B76}C:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\b0hp8643\download[1].exe" = protocol=6 | dir=in | app=c:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\b0hp8643\download[1].exe | 

"TCP Query User{453A4EC6-8D3F-4EEB-BBAB-B1B1462E7834}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 

"TCP Query User{7353496C-5752-4DE1-BC75-5C1C9EF8EEEA}C:\users\steffen\desktop\krempel\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\krempel\starcraft_2_eu_de-de.exe | 

"TCP Query User{7CAD1085-9014-4DE1-AAE2-E24CD1E7805E}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | 

"TCP Query User{8972FFD0-6206-417F-A590-110023CDBD60}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 

"TCP Query User{8DA69ACC-3F37-462F-87BB-6D8CD8001425}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | 

"TCP Query User{9BA2BCF7-18E0-4B3F-87D6-DC998E308907}C:\ mechwarrior 4\mw4mercs.exe" = protocol=6 | dir=in | app=c:\ mechwarrior 4\mw4mercs.exe | 

"TCP Query User{9E4A0FE9-1745-4B49-A569-260E8F37AD83}C:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\2jw4a73k\download[1].exe" = protocol=6 | dir=in | app=c:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\2jw4a73k\download[1].exe | 

"TCP Query User{9F72CCB3-8D95-428D-BE55-6975BA1247C7}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 

"TCP Query User{A6FE6694-9CA3-4C6B-8A76-BEBB11CC10C1}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 

"TCP Query User{ADB52803-2F52-4728-AD83-C517E386CC14}C:\users\steffen\desktop\starcraft_2_eu_de-de(2).exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\starcraft_2_eu_de-de(2).exe | 

"TCP Query User{D67178D7-CE0E-4AC4-9838-DEE9F6ACF334}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe | 

"TCP Query User{EC2B6683-FE4B-469C-9239-CEE563830BD1}C:\program files (x86)\oldgames\dune 2000\dune2000.dat" = protocol=6 | dir=in | app=c:\program files (x86)\oldgames\dune 2000\dune2000.dat | 

"UDP Query User{15B1AA19-7658-4190-88F2-4AD2FCC1ADE2}C:\program files (x86)\oldgames\dune 2000\dune2000.dat" = protocol=17 | dir=in | app=c:\program files (x86)\oldgames\dune 2000\dune2000.dat | 

"UDP Query User{2AF69C6E-8483-45E4-BF79-3D951885B34A}C:\users\steffen\desktop\krempel\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\krempel\starcraft_2_eu_de-de.exe | 

"UDP Query User{3E056F6E-DAC1-4C9A-AAF3-0702D3F44A57}C:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\2jw4a73k\download[1].exe" = protocol=17 | dir=in | app=c:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\2jw4a73k\download[1].exe | 

"UDP Query User{424030DE-1643-430D-8FB2-6B8738B81DF5}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | 

"UDP Query User{61868016-D3B5-4FAF-9E8D-0AAD4608B6FF}C:\ mechwarrior 4\mw4mercs.exe" = protocol=17 | dir=in | app=c:\ mechwarrior 4\mw4mercs.exe | 

"UDP Query User{8950B73E-05D5-4D3D-B235-3425CC634B02}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe | 

"UDP Query User{BA7B57CB-D063-4E3D-A098-2DD33532DC96}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 

"UDP Query User{C8B14292-1F1F-4033-B67F-5B258A7854AD}C:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\b0hp8643\download[1].exe" = protocol=17 | dir=in | app=c:\users\steffen\appdata\local\microsoft\windows\temporary internet files\content.ie5\b0hp8643\download[1].exe | 

"UDP Query User{D3A36D4E-EF2F-4CA5-8619-59F46F4358A0}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 

"UDP Query User{D783FF1C-A23A-4D48-B61D-19B5E7EEE385}C:\users\steffen\desktop\starcraft_2_eu_de-de(2).exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\starcraft_2_eu_de-de(2).exe | 

"UDP Query User{E3327638-581E-4881-9D56-E2406BC53FDC}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 

"UDP Query User{F31CE2BC-4E59-4805-8B5B-D73B36F59AF7}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | 

"UDP Query User{FF3C2601-93B5-41A8-9C92-48F44DD92F82}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{2364CFB2-935A-C838-AA5A-774FEC1E588D}" = ccc-utility64

"{26A24AE4-039D-4CA4-87B4-2F86416037FF}" = Java(TM) 6 Update 37 (64-bit)

"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6F89043A-D077-E434-FCDF-9D7179BE737A}" = AMD Media Foundation Decoders

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.051

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BDAF38DA-C834-6D42-B314-B97BB214E140}" = AMD Drag and Drop Transcoding

"{EDF6B241-8C7B-E74C-A387-5603C41AEEAA}" = AMD AVIVO64 Codecs

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F7303166-C685-DCF3-5DE4-3CDA117DCEFF}" = AMD Catalyst Install Manager

"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05757DB5-6E9F-97E2-111F-DA2B6E75290F}" = CCC Help Chinese Traditional

"{0983F01E-51B9-AB95-A359-4EA7E06A3B8E}" = CCC Help Korean

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{136E21EB-B3DC-A814-E7FC-EF9D1DC81689}" = CCC Help Hungarian

"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BitGuard

"{17FAA4AF-EB06-0050-D3B1-9F1747B9E4AA}" = CCC Help Swedish

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding

"{1A837B5C-AC31-2F10-DE76-E019DA223EDC}" = Catalyst Control Center Localization All

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1F3630F5-C636-49FF-9BF0-F9E2A221E60B}" = Republic at War 1.1.5

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander

"{287A4E96-AC57-4A19-9B51-C5EED2EAB382}" = Star Trek Legacy

"{29D84B61-2248-564D-4255-573E3825ED97}" = Catalyst Control Center

"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3C9EAF02-35EA-4568-B317-65367828F2CD}_is1" = Geonezis addon for SGM 2.0, âåðñèÿ 2.0

"{3D035310-3D86-4537-93B5-D390A6CF1778}" = ANNO 2070 DEMO

"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]

"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4

"{450A2869-616A-48C6-ECCC-59636695F35D}" = CCC Help Danish

"{4912B33D-2F49-5626-103B-6E1F01A82FD3}" = CCC Help Portuguese

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{52516A9C-C9DE-6745-DB13-D9628EB99D12}" = CCC Help Turkish

"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands

"{5504E94C-35E0-45EB-9E62-A5EA9281CF1D}_is1" = The Cursed Zone (BETA) version 1.0

"{57E489DE-46DB-2546-EA42-FB0D704559BE}" = Catalyst Control Center InstallProxy

"{59BB3D25-77C9-EDBC-FF56-5952567BD070}" = CCC Help Thai

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X

"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0

"{73BFA936-50E9-0DF6-ADE1-2B22FEDF1C29}" = CCC Help Finnish

"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}" = Tom Clancy's EndWar

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B2F67C8-C4AC-9093-A94C-CD89566740A7}" = CCC Help Chinese Standard

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility

"{A1459FB6-CCF0-4A18-A6FD-9633B297BC57}_is1" = BlackOps: Unleashed Unitpack 1

"{A1AE7AED-A090-0CD8-BE77-5EE59218F994}" = CCC Help Greek

"{A1C29F65-FA94-88FA-7716-71C842050A19}" = CCC Help Spanish

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5

"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1

"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War

"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C38F5ADE-EA15-147A-1539-FB9E48F544B5}" = CCC Help English

"{C4B3B964-173A-2324-D28E-D222026486F7}" = CCC Help Norwegian

"{C6369A55-984D-806C-5725-1A9F663DCCE8}" = CCC Help Czech

"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion

"{C8F3F9A3-5FD9-463A-939D-946C87B26A75}_is1" = Faction Fronts Clear Sky 1.2.3

"{CA9DAC4A-ADB2-B128-FD79-86DCE24FB8D3}" = CCC Help Italian

"{CB713051-DE08-4700-B43F-6853BE1C35E3}_is1" = ARS Call of Pripyat Mod 0.5

"{CCE4DF4E-0EBE-4380-9F5F-A4762D7FC296}" = Unstoppable Gorg Demo

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia

"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4

"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge

"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DB3812C4-8ECB-4151-6256-CE86C52067C1}" = CCC Help German

"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E27E5F62-7AB0-3789-56EF-5774482E4DC8}" = CCC Help Russian

"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3

"{E3CA67A5-53E8-602E-D17A-45EFDE3DDD53}" = HydraVision

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E78B0798-2AD2-25FC-F3F9-C8E4A1131630}" = CCC Help French

"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

"{E8A606FD-B650-34EE-164E-F6A9FAC38421}" = CCC Help Japanese

"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EF0407CF-760A-46CC-EE33-43CFDCE0FCE5}" = Catalyst Control Center Graphics Previews Common

"{EF175304-DE47-65A8-3D7C-4C78EF05976C}" = CCC Help Polish

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F60DDBEA-DCF6-BC00-5B7B-A5253CEFBAC0}" = CCC Help Dutch

"{F6D7FFA6-7DE4-491C-B80F-800FF456CD7E}" = Star Wars Galactic Battlegrounds Trial

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FC4E0C7A-BF41-4213-8183-20FB3188B621}_is1" = S.T.A.L.K.E.R.: Ïóòü â Íèêóäà version 1.1

"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"«Sigerous Mod äëÿ ÇÏ»_is1" = «Sigerous Mod v2.1»

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Alliance 4.7B_is1" = Alliance4.7B

"Alliance Star Trek TOS 2.0_is1" = AllianceSTTOS2.0

"AllianceCW 0.5B_is1" = AllianceCW0.5B

"AllianceSTTOS1.0X_is1" = AllianceSTTOS1.0X

"AVG Secure Search" = AVG Security Toolbar

"Awakening of the Rebellion - Return of the Gameplay" = Awakening of the Rebellion - Return of the Gameplay 1.1 

"Awakening of the Rebellion 2.05" = Awakening of the Rebellion 2.05

"Awakening of the Rebellion2.5 RC-9d" = Awakening of the Rebellion

"Battleships Forever_is1" = Battleships Forever v0.90d

"BattlEye for A2" = BattlEye Uninstall

"Centurion - Defender of Rome_is1" = Centurion - Defender of Rome

"Dawn of War II - Destroyer 40k" = Dawn of War II - Destroyer 40k

"DealPly" = DealPly (remove only)

"Delta Chrome Toolbar" = Delta Chrome Toolbar

"Dune200078" = DJ OldGames Package: Dune 2000

"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar

"EB Documentation_is1" = EB Documentation 1.1

"FinalMediaPlayer_is1" = Final Media Player 2011

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031

"FreeFileViewer_is1" = Free File Viewer 2011

"Google Chrome" = Google Chrome

"Inquisition Daemonhunt" = Inquisition Daemonhunt

"InstallShield_{D2BBEABB-A8DF-4451-A7C4-63C87B31E325}" = IL-2 Sturmovik: Forgotten Battles AEP

"InstallShield_{E149E957-F289-45E3-8645-1794A173F5AB}" = Pacific Fighters

"Light Alliance 2.42X_is1" = AllianceL2.42

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300

"McAfee Security Scan" = McAfee Security Scan Plus

"MISERY_is1" = MISERY for S.T.A.L.K.E.R - Call of Pripyat

"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Mplayer.com" = Mplayer.com

"OpenAL" = OpenAL

"Osoznanie-MOD" = Osoznanie-MOD 8.5

"Plus-HD-2.3" = Plus-HD-2.3

"PunkBusterSvc" = PunkBuster Services

"Republic at War 1.1" = Republic at War 1.1

"RiseOfNations 1.0" = Microsoft Rise Of Nations

"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots

"Roma Surrectum II" = Roma Surrectum II 2.5

"S.A.T.-Zaton ver. 1.00" = S.A.T.-Zaton ver. 1.00

"S.T.A.L.K.E.R. - Dead City Mod 4.80" = S.T.A.L.K.E.R. - Dead City Mod 4.80

"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]

"S.T.A.L.K.E.R. Nature Winter 2.3_is1" = S.T.A.L.K.E.R. Nature Winter 2.3

"S.T.A.L.K.E.R_Долина Шорохов_is1" = S.T.A.L.K.E.R_Долина Шорохов

"S.T.A.L.K.E.R_Смерти вопреки_is1" = S.T.A.L.K.E.R_Смерти вопреки

"Sins of a Solar Empire" = Sins of a Solar Empire

"SOTE 1.0B_is1" = SOTE1.0B

"StarCraft II" = StarCraft II

"Starfleet Command" = Starfleet Command

"Starpoint Gemini1.010 DE" = Starpoint Gemini

"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II

"Steam App 206310" = Crusader Kings II Demo

"Steam App 208140" = Endless Space

"Steam App 210290" = Naval War: Arctic Circle Demo

"Steam App 212070" = Star Conflict

"Steam App 217750" = Age of Conan: Unchained - EU version

"Steam App 218450" = Jagged Alliance Online - Steam Edition

"Steam App 21970" = R.U.S.E

"Steam App 221040" = RESIDENT EVIL 6 / BIOHAZARD 6

"Steam App 221770" = Tryst Demo

"Steam App 222700" = Carrier Command: Gaea Mission Demo

"Steam App 222750" = Wargame: AirLand Battle

"Steam App 22350" = Brink

"Steam App 226240" = Miner Wars 2081 Demo

"Steam App 227960" = Iron Sky Invasion Demo

"Steam App 236390" = War Thunder

"Steam App 257190" = Alien Rage - Demo

"Steam App 40100" = Supreme Commander 2

"Steam App 41810" = Gratuitous Space Battles - Demo

"Steam App 42990" = Sword of the Stars II: Enhanced Edition

"Steam App 43110" = Metro 2033

"Steam App 43160" = Metro: Last Light

"Steam App 49520" = Borderlands 2

"Steam App 55410" = Warhammer 40,000: Space Marine Demo

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 9200" = RAGE

"Trusted Software Assistant_is1" = File Type Assistant

"UA Grand Release" = UA Grand Release

"UEAW v4 " = UEAW v4 

"Uninstall_is1" = Uninstall 1.0.0.1

"Uplay" = Uplay

"uTorrent" = µTorrent

"VASSAL (3.2.5)" = VASSAL (3.2.5)

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"Xfire" = Xfire (remove only)

 

< End of report >

Hi,

jetzt ist die Sache doch etwas klarer geworden..
Kannst du bitte nochmals einen Scan mit FRST in den Reperaturoptionen machen. Nach Start der Reperaturoptionen kannst du auswählen, welches Betriebssystem verwendet werden soll. Ist es korrekt, dass du dort zwei Möglichkeiten zur Auswahl hast? Dann wähle dort dieses Mal bitte die andere Option und lass FRST dann wieder nach Anleitung scannen.

Soo

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013

Ran by SYSTEM at 2013-10-25 08:59:27 Run:1

Running from K:\

Boot Mode: Recovery

==============================================
 

Content of fixlist:

*****************

C:\Users\Steffen\AppData\Local\Temp\*.exe

C:\Users\Steffen\AppData\Local\Temp\*.dll

C:\Users\Steffen\AppData\Local\Temp\*
 

*****************
 

C:\Users\Steffen\AppData\Local\Temp\*.exe => Moved successfully.

C:\Users\Steffen\AppData\Local\Temp\*.dll => Moved successfully.

"C:\Users\Steffen\AppData\Local\Temp\*" => Could not move.
 

==== End of Fixlog ====

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013

Ran by SYSTEM on MININT-VFECQCM on 25-10-2013 13:58:14

Running from K:\

Windows 7 Home Premium (X64) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Recovery
 

The current controlset is ControlSet002
 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)

HKLM-x32\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <=== ATTENTION

HKLM-x32\...\Command Processor: "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" <======= ATTENTION

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2404376 2013-10-02] ()

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-03] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [1TRi7sGavqT.exe] - C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe [201600 2013-10-22] (Microsoft Corporation)

HKLM-x32\...\Run: [SSoonrEj.exe] - C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe [201600 2013-10-23] (Microsoft Corporation)

HKLM-x32\...\Run: [lF40kc2sqeD.exe] - C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe [201600 2013-10-23] (Microsoft Corporation)

HKU\Gast\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-10] (Google Inc.)

HKU\Gast\...\Run: [Qyaxseacha] - C:\Users\Gast\AppData\Roaming\Yhud\olepf.exe [303104 2013-07-21] (X-Ways Software Technology AG)

HKU\Steffen\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1813928 2013-10-09] (Valve Corporation)

HKU\Steffen\...\Run: [Facebook Update] - C:\Users\Steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-21] (Facebook Inc.)

HKU\Steffen\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-10] (Google Inc.)

HKU\Steffen\...\Run: [Yontoo Desktop] - C:\Users\Steffen\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-23] (Yontoo LLC)

HKU\Steffen\...\Run: [Desura] - C:\Program Files (x86)\Desura\desura.exe -autostart

HKU\Steffen\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe  "C:\Users\Steffen\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run

HKU\Steffen\...\Run: [Yqinho] - C:\Users\Steffen\AppData\Roaming\Liypaz\punoq.exe

HKU\Steffen\...\Run: [1TRi7sGavqT.exe] - C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe [201600 2013-10-22] (Microsoft Corporation)

HKU\Steffen\...\Run: [SSoonrEj.exe] - C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe [201600 2013-10-23] (Microsoft Corporation)

HKU\Steffen\...\Run: [lF40kc2sqeD.exe] - C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe [201600 2013-10-23] (Microsoft Corporation)

HKU\Steffen\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 

HKU\Steffen\...\Command Processor: "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" <===== ATTENTION!

AppInit_DLLs-x32: c:\progra~4\bitguard\261694~1.246\{c16c1~1\bitguard.dll [ ] ()

SubSystems: [Windows] ATTENTION! ====> ZeroAccess

Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ssmymagwwxdmyyqkkfu.lnk

ShortcutTarget: ssmymagwwxdmyyqkkfu.lnk -> C:\Users\Steffen\AppData\Local\Temp\ufkkqyymdxwwgamymss.bfg (No File)
 

==================== Services (Whitelisted) =================
 

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)

S2 idebusdr; C:\Windows\system32\ADIDTSFiltService.dll [6656 2009-07-14] (Oak Technology Inc.)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)

S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)

S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-09] ()

S2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\Rtlservice.exe [36864 2010-04-16] (Realtek)

S2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)

S2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)

S2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]

S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /svc [x]

S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /medsvc [x]

S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service [x]

S2 Yontoo Desktop Updater; "C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\Steffen\AppData\Roaming\Yontoo\YontooDesktop.exe"
 

==================== Drivers (Whitelisted) ====================
 

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-08-10] ()

S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)

S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-08-10] ()

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 

NETSVC: idebusdr -> C:\Windows\system32\ADIDTSFiltService.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
 

==================== One Month Created Files and Folders ========
 

2013-10-25 13:58 - 2013-10-25 13:58 - 00000000 ____D C:\FRST

2013-10-25 11:37 - 2013-10-25 11:37 - 00002164 _____ C:\Users\Gast\Desktop\S.T.A.L.K.E.R. COP Trainer +10_.exe - Verknüpfung.lnk

2013-10-25 11:21 - 2013-10-25 11:21 - 00084698 _____ C:\Users\Gast\Desktop\Extras.Txt

2013-10-25 11:21 - 2013-10-25 11:21 - 00067742 _____ C:\Users\Gast\Desktop\OTL.Txt

2013-10-25 11:14 - 2013-10-25 11:14 - 00602112 _____ (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe

2013-10-25 09:23 - 2013-10-25 09:25 - 127231689 _____ (Igor Pavlov) C:\Users\Gast\Desktop\OTLPENet.exe

2013-10-25 09:09 - 2013-10-25 09:09 - 00274368 _____ C:\Windows\Minidump\102513-13962-01.dmp

2013-10-25 07:34 - 2013-10-25 07:34 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search

2013-10-24 21:38 - 2013-10-24 21:38 - 00274368 _____ C:\Windows\Minidump\102413-15787-01.dmp

2013-10-24 17:30 - 2013-10-24 17:30 - 00274368 _____ C:\Windows\Minidump\102413-16489-01.dmp

2013-10-24 15:27 - 2013-10-25 09:14 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Guux

2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Yhud

2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Abymeb

2013-10-24 15:25 - 2013-10-24 15:26 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner

2013-10-24 14:29 - 2013-10-24 14:29 - 00000460 _____ C:\Users\Gast\Documents\aswMBR.txt

2013-10-24 13:59 - 2013-10-24 13:59 - 00000000 ____D C:\Users\Gast\mbar

2013-10-24 13:51 - 2013-10-24 13:52 - 00000000 ____D C:\ProgramData\Oracle

2013-10-24 07:39 - 2013-10-24 09:39 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Petroglyph

2013-10-24 07:37 - 2013-10-24 07:37 - 00027648 _____ C:\Users\Gast\Desktop\ModLauncher.exe

2013-10-23 20:20 - 2013-10-23 20:20 - 00000000 ____D C:\Users\Gast\AppData\Roaming\WinRAR

2013-10-23 16:56 - 2013-10-23 16:57 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe

2013-10-23 16:28 - 2013-10-25 09:09 - 385355457 _____ C:\Windows\MEMORY.DMP

2013-10-23 16:28 - 2013-10-23 16:28 - 00274368 _____ C:\Windows\Minidump\102313-22932-01.dmp

2013-10-23 14:57 - 2013-10-23 18:15 - 00000000 ____D C:\Users\Gast\AppData\Local\Google

2013-10-23 14:57 - 2013-10-23 16:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe

2013-10-23 14:57 - 2013-10-23 14:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Google

2013-10-23 14:57 - 2013-10-23 14:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia

2013-10-23 14:52 - 2013-10-23 14:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes

2013-10-23 14:26 - 2013-10-23 14:28 - 00000000 ____D C:\Users\Steffen\AppData\Local\lYwRqX78

2013-10-23 07:50 - 2013-10-23 14:24 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard

2013-10-23 07:45 - 2013-10-23 14:26 - 00000000 ____D C:\Users\Steffen\AppData\Local\XFoycNjMP2

2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Roaming\VinhMzalfT

2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Local\EFGWNMnkjDJ

2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\ProgramData\MXJ5mE8ZNh

2013-10-22 21:42 - 2013-10-23 07:45 - 00000000 ____D C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9

2013-10-21 13:14 - 2013-10-21 13:14 - 00001821 _____ C:\Users\Steffen\Desktop\Stargate - Verknüpfung.lnk

2013-10-21 12:47 - 2013-10-23 08:38 - 00000000 ____D C:\Users\Steffen\Desktop\Babylon 5 Wars

2013-10-17 08:17 - 2013-10-17 08:17 - 00027648 _____ C:\Users\Steffen\Desktop\ModLauncher.exe

2013-10-08 20:35 - 2013-10-08 20:35 - 00000000 ____D C:\Users\Steffen\AppData\Local\Targem

2013-10-08 19:45 - 2013-10-08 19:45 - 00000222 _____ C:\Users\Steffen\Desktop\Star Conflict.url

2013-10-08 11:50 - 2013-10-08 11:59 - 00000000 ____D C:\ProgramData\WarThunder

2013-10-08 11:50 - 2013-10-08 11:50 - 00000000 ____D C:\Users\Steffen\AppData\Local\WarThunder

2013-10-08 09:49 - 2013-10-08 09:49 - 00000222 _____ C:\Users\Steffen\Desktop\War Thunder.url

2013-10-08 08:44 - 2013-10-08 08:44 - 00003156 _____ C:\Windows\System32\Tasks\{EB9FF8E1-7E37-413B-811D-EF5CD26E5573}

2013-10-08 07:19 - 2013-10-08 07:19 - 00000000 ____D C:\Users\Steffen\AppData\Local\Chromium

2013-10-07 11:24 - 2013-10-17 13:37 - 00000178 _____ C:\Users\Steffen\Desktop\Age of Conan Unchained - EU version.url

2013-10-06 15:29 - 2013-10-06 15:30 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\MinerWars

2013-10-06 15:28 - 2013-10-06 15:28 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-06 14:41 - 2013-10-06 14:41 - 00000222 _____ C:\Users\Steffen\Desktop\Jagged Alliance Online - Steam Edition.url

2013-09-28 22:11 - 2013-09-28 22:11 - 00414241 _____ C:\Uninstall.ini

2013-09-26 19:58 - 2013-09-26 19:58 - 00003288 _____ C:\Windows\System32\Tasks\{4A8C961A-01B8-4F5C-9F69-8316C44F007C}

2013-09-26 19:48 - 2013-09-26 19:48 - 00000000 ____D C:\ProgramData\ATI

2013-09-26 19:48 - 2013-09-26 19:48 - 00000000 ____D C:\Program Files (x86)\AMD APP

2013-09-26 19:46 - 2013-09-26 19:46 - 00018357 _____ C:\Windows\SysWOW64\CCCInstall_201309262046523347.log

2013-09-26 19:46 - 2013-09-26 19:46 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies

2013-09-26 19:43 - 2013-09-26 19:43 - 00000000 ____D C:\AMD

2013-09-25 19:56 - 2013-10-05 22:09 - 00000890 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk

2013-09-25 19:45 - 2013-09-25 19:59 - 00000000 ____D C:\Users\Public\Documents\STALKER-SHOC
 

==================== One Month Modified Files and Folders =======
 

2013-10-25 13:58 - 2013-10-25 13:58 - 00000000 ____D C:\FRST

2013-10-25 12:55 - 2010-10-04 05:53 - 02032322 _____ C:\Windows\WindowsUpdate.log

2013-10-25 12:45 - 2013-02-03 16:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-25 12:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At28.job

2013-10-25 12:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At27.job

2013-10-25 12:22 - 2013-07-21 17:17 - 00000908 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job

2013-10-25 12:22 - 2011-03-10 00:20 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-25 12:16 - 2013-07-21 17:16 - 00000298 _____ C:\Windows\Tasks\Dealply.job

2013-10-25 11:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At26.job

2013-10-25 11:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At25.job

2013-10-25 11:38 - 2012-04-13 20:21 - 00001146 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3988711392-2741257696-3300269237-1000UA.job

2013-10-25 11:37 - 2013-10-25 11:37 - 00002164 _____ C:\Users\Gast\Desktop\S.T.A.L.K.E.R. COP Trainer +10_.exe - Verknüpfung.lnk

2013-10-25 11:34 - 2012-03-06 16:45 - 00000406 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job

2013-10-25 11:21 - 2013-10-25 11:21 - 00084698 _____ C:\Users\Gast\Desktop\Extras.Txt

2013-10-25 11:21 - 2013-10-25 11:21 - 00067742 _____ C:\Users\Gast\Desktop\OTL.Txt

2013-10-25 11:18 - 2013-07-21 17:18 - 00001198 _____ C:\Windows\Tasks\Plus-HD-2.3-updater.job

2013-10-25 11:17 - 2013-07-21 17:17 - 00001202 _____ C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job

2013-10-25 11:17 - 2013-07-21 17:17 - 00001102 _____ C:\Windows\Tasks\Plus-HD-2.3-enabler.job

2013-10-25 11:16 - 2013-07-21 17:16 - 00001910 _____ C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job

2013-10-25 11:16 - 2013-07-21 17:16 - 00001834 _____ C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job

2013-10-25 11:15 - 2013-07-21 17:17 - 00000904 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job

2013-10-25 11:15 - 2013-06-09 04:27 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job

2013-10-25 11:15 - 2013-06-04 17:13 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2013-10-25 11:15 - 2011-03-10 00:20 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-25 11:14 - 2013-10-25 11:14 - 00602112 _____ (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe

2013-10-25 10:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At24.job

2013-10-25 10:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At23.job

2013-10-25 09:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At22.job

2013-10-25 09:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At21.job

2013-10-25 09:25 - 2013-10-25 09:23 - 127231689 _____ (Igor Pavlov) C:\Users\Gast\Desktop\OTLPENet.exe

2013-10-25 09:20 - 2009-07-14 05:45 - 00014608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-25 09:20 - 2009-07-14 05:45 - 00014608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-25 09:14 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Guux

2013-10-25 09:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-25 09:12 - 2009-07-14 05:51 - 00325320 _____ C:\Windows\setupact.log

2013-10-25 09:09 - 2013-10-25 09:09 - 00274368 _____ C:\Windows\Minidump\102513-13962-01.dmp

2013-10-25 09:09 - 2013-10-23 16:28 - 385355457 _____ C:\Windows\MEMORY.DMP

2013-10-25 09:09 - 2011-07-26 18:28 - 00000000 ____D C:\Windows\Minidump

2013-10-25 08:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At20.job

2013-10-25 08:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At19.job

2013-10-25 07:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At18.job

2013-10-25 07:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At17.job

2013-10-25 07:34 - 2013-10-25 07:34 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search

2013-10-24 21:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At46.job

2013-10-24 21:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At45.job

2013-10-24 21:38 - 2013-10-24 21:38 - 00274368 _____ C:\Windows\Minidump\102413-15787-01.dmp

2013-10-24 20:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At44.job

2013-10-24 20:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At43.job

2013-10-24 19:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At42.job

2013-10-24 19:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At41.job

2013-10-24 18:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At40.job

2013-10-24 18:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At39.job

2013-10-24 17:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At38.job

2013-10-24 17:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At37.job

2013-10-24 17:38 - 2012-04-13 20:21 - 00001124 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3988711392-2741257696-3300269237-1000Core.job

2013-10-24 17:30 - 2013-10-24 17:30 - 00274368 _____ C:\Windows\Minidump\102413-16489-01.dmp

2013-10-24 17:03 - 2009-07-14 18:58 - 00696848 _____ C:\Windows\System32\perfh007.dat

2013-10-24 17:03 - 2009-07-14 18:58 - 00148144 _____ C:\Windows\System32\perfc007.dat

2013-10-24 17:03 - 2009-07-14 06:13 - 01613412 _____ C:\Windows\System32\PerfStringBackup.INI

2013-10-24 16:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At36.job

2013-10-24 16:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At35.job

2013-10-24 15:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At34.job

2013-10-24 15:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At33.job

2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Yhud

2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Abymeb

2013-10-24 15:27 - 2011-04-07 07:16 - 00000000 ____D C:\users\Gast

2013-10-24 15:26 - 2013-10-24 15:25 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner

2013-10-24 14:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At32.job

2013-10-24 14:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At31.job

2013-10-24 14:29 - 2013-10-24 14:29 - 00000460 _____ C:\Users\Gast\Documents\aswMBR.txt

2013-10-24 13:59 - 2013-10-24 13:59 - 00000000 ____D C:\Users\Gast\mbar

2013-10-24 13:52 - 2013-10-24 13:51 - 00000000 ____D C:\ProgramData\Oracle

2013-10-24 13:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At30.job

2013-10-24 13:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At29.job

2013-10-24 09:39 - 2013-10-24 07:39 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Petroglyph

2013-10-24 07:37 - 2013-10-24 07:37 - 00027648 _____ C:\Users\Gast\Desktop\ModLauncher.exe

2013-10-24 06:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At16.job

2013-10-24 06:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At15.job

2013-10-24 05:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At14.job

2013-10-24 05:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At13.job

2013-10-24 04:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At12.job

2013-10-24 04:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At11.job

2013-10-24 03:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At10.job

2013-10-24 03:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At9.job

2013-10-24 02:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At8.job

2013-10-24 02:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At7.job

2013-10-24 01:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At6.job

2013-10-24 01:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At5.job

2013-10-24 00:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At4.job

2013-10-24 00:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At3.job

2013-10-23 23:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At2.job

2013-10-23 23:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At1.job

2013-10-23 22:40 - 2012-02-04 16:16 - 00000354 _____ C:\Windows\Tasks\At48.job

2013-10-23 22:40 - 2012-02-04 16:16 - 00000352 _____ C:\Windows\Tasks\At47.job

2013-10-23 20:57 - 2013-04-01 16:04 - 00000000 ____D C:\Program Files (x86)\RelevantKnowledge

2013-10-23 20:20 - 2013-10-23 20:20 - 00000000 ____D C:\Users\Gast\AppData\Roaming\WinRAR

2013-10-23 20:13 - 2009-07-14 05:45 - 00006144 _____ C:\Windows\System32\umstartup.etl

2013-10-23 18:15 - 2013-10-23 14:57 - 00000000 ____D C:\Users\Gast\AppData\Local\Google

2013-10-23 16:57 - 2013-10-23 16:56 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe

2013-10-23 16:57 - 2013-10-23 14:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe

2013-10-23 16:56 - 2011-11-14 18:17 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader 8.lnk

2013-10-23 16:56 - 2011-11-14 18:17 - 00000000 ____D C:\ProgramData\Adobe

2013-10-23 16:28 - 2013-10-23 16:28 - 00274368 _____ C:\Windows\Minidump\102313-22932-01.dmp

2013-10-23 14:58 - 2013-10-23 14:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Google

2013-10-23 14:57 - 2013-10-23 14:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia

2013-10-23 14:52 - 2013-10-23 14:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes

2013-10-23 14:52 - 2011-04-07 07:17 - 00058144 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-23 14:51 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-23 14:28 - 2013-10-23 14:26 - 00000000 ____D C:\Users\Steffen\AppData\Local\lYwRqX78

2013-10-23 14:26 - 2013-10-23 07:45 - 00000000 ____D C:\Users\Steffen\AppData\Local\XFoycNjMP2

2013-10-23 14:26 - 2013-04-01 20:42 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Yontoo

2013-10-23 14:26 - 2011-03-24 09:13 - 00000000 ____D C:\Program Files (x86)\Steam

2013-10-23 14:25 - 2011-02-11 14:12 - 00481436 _____ C:\Windows\PFRO.log

2013-10-23 14:24 - 2013-10-23 07:50 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard

2013-10-23 14:23 - 2013-07-21 17:16 - 00000000 ____D C:\Program Files (x86)\DealPly

2013-10-23 08:38 - 2013-10-21 12:47 - 00000000 ____D C:\Users\Steffen\Desktop\Babylon 5 Wars

2013-10-23 07:45 - 2013-10-22 21:42 - 00000000 ____D C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9

2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Roaming\VinhMzalfT

2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Local\EFGWNMnkjDJ

2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\ProgramData\MXJ5mE8ZNh

2013-10-22 14:55 - 2011-09-27 17:36 - 00000000 ____D C:\Users\Steffen\Desktop\Stoner-Doom Metal

2013-10-22 13:05 - 2013-06-06 15:32 - 00006633 _____ C:\Users\Public\Documents\stalke~1.ltx

2013-10-22 08:49 - 2013-09-06 23:06 - 00000000 ____D C:\Users\Steffen\Desktop\Doom 2

2013-10-21 13:14 - 2013-10-21 13:14 - 00001821 _____ C:\Users\Steffen\Desktop\Stargate - Verknüpfung.lnk

2013-10-20 17:49 - 2011-09-28 14:25 - 00000000 ____D C:\Users\Steffen\Desktop\Games

2013-10-20 12:42 - 2013-09-02 21:21 - 00000000 ____D C:\Users\Steffen\Desktop\Space Battleships

2013-10-20 11:08 - 2010-11-21 19:53 - 00000000 ____D C:\Users\Steffen\Documents\My Games

2013-10-18 09:25 - 2013-07-13 11:54 - 00002188 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-10-17 13:37 - 2013-10-07 11:24 - 00000178 _____ C:\Users\Steffen\Desktop\Age of Conan Unchained - EU version.url

2013-10-17 08:17 - 2013-10-17 08:17 - 00027648 _____ C:\Users\Steffen\Desktop\ModLauncher.exe

2013-10-16 09:24 - 2013-08-23 07:28 - 00000000 ____D C:\Users\Steffen\Desktop\Star Wars Mods

2013-10-09 14:17 - 2011-03-10 00:20 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-10-09 14:17 - 2011-03-10 00:20 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-10-09 09:45 - 2013-02-03 16:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-10-09 09:45 - 2012-06-05 20:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-09 09:45 - 2012-06-05 20:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-08 23:15 - 2013-09-13 18:40 - 00000000 ____D C:\ProgramData\BitGuard

2013-10-08 20:35 - 2013-10-08 20:35 - 00000000 ____D C:\Users\Steffen\AppData\Local\Targem

2013-10-08 19:45 - 2013-10-08 19:45 - 00000222 _____ C:\Users\Steffen\Desktop\Star Conflict.url

2013-10-08 19:30 - 2013-09-16 08:45 - 00000000 ____D C:\Users\Steffen\Desktop\Codex

2013-10-08 11:59 - 2013-10-08 11:50 - 00000000 ____D C:\ProgramData\WarThunder

2013-10-08 11:57 - 2011-08-10 11:10 - 00000000 ___HD C:\Windows\msdownld.tmp

2013-10-08 11:57 - 2011-08-10 11:10 - 00000000 ____D C:\Windows\SysWOW64\directx

2013-10-08 11:50 - 2013-10-08 11:50 - 00000000 ____D C:\Users\Steffen\AppData\Local\WarThunder

2013-10-08 09:49 - 2013-10-08 09:49 - 00000222 _____ C:\Users\Steffen\Desktop\War Thunder.url

2013-10-08 08:44 - 2013-10-08 08:44 - 00003156 _____ C:\Windows\System32\Tasks\{EB9FF8E1-7E37-413B-811D-EF5CD26E5573}

2013-10-08 07:19 - 2013-10-08 07:19 - 00000000 ____D C:\Users\Steffen\AppData\Local\Chromium

2013-10-07 12:42 - 2011-11-21 14:55 - 00000000 ___RD C:\Users\Steffen\Desktop\FILME!!!

2013-10-07 12:14 - 2010-10-04 06:41 - 00000000 ____D C:\Users\Steffen\Desktop\Krempel

2013-10-07 10:19 - 2012-06-10 14:35 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\uTorrent

2013-10-06 15:30 - 2013-10-06 15:29 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\MinerWars

2013-10-06 15:28 - 2013-10-06 15:28 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-06 14:41 - 2013-10-06 14:41 - 00000222 _____ C:\Users\Steffen\Desktop\Jagged Alliance Online - Steam Edition.url

2013-10-05 22:09 - 2013-09-25 19:56 - 00000890 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk

2013-10-05 11:56 - 2010-06-16 15:52 - 00000000 ____D C:\Program Data

2013-10-03 23:20 - 2010-10-04 06:37 - 00475388 _____ C:\Windows\DirectX.log

2013-10-02 08:13 - 2013-06-27 09:12 - 00003728 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml

2013-10-02 08:12 - 2012-06-23 15:09 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search

2013-10-02 08:10 - 2012-11-30 07:05 - 00046368 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys

2013-09-28 22:11 - 2013-09-28 22:11 - 00414241 _____ C:\Uninstall.ini

2013-09-28 22:11 - 2011-03-04 15:31 - 00273164 _____ C:\Uninstall.exe

2013-09-26 19:58 - 2013-09-26 19:58 - 00003288 _____ C:\Windows\System32\Tasks\{4A8C961A-01B8-4F5C-9F69-8316C44F007C}

2013-09-26 19:48 - 2013-09-26 19:48 - 00000000 ____D C:\ProgramData\ATI

2013-09-26 19:48 - 2013-09-26 19:48 - 00000000 ____D C:\Program Files (x86)\AMD APP

2013-09-26 19:48 - 2010-10-04 06:58 - 00000000 ____D C:\Program Files (x86)\ATI Technologies

2013-09-26 19:48 - 2010-10-04 06:57 - 00000000 ____D C:\Program Files\ATI Technologies

2013-09-26 19:46 - 2013-09-26 19:46 - 00018357 _____ C:\Windows\SysWOW64\CCCInstall_201309262046523347.log

2013-09-26 19:46 - 2013-09-26 19:46 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies

2013-09-26 19:43 - 2013-09-26 19:43 - 00000000 ____D C:\AMD

2013-09-25 19:59 - 2013-09-25 19:45 - 00000000 ____D C:\Users\Public\Documents\STALKER-SHOC

2013-09-25 12:22 - 2013-07-21 16:18 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoftTB
 

ZeroAccess:

C:\Windows\System32\consrv.dll
 

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini
 

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini
 

Files to move or delete:

====================

C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe

C:\ProgramData\exCKK8Qm.dat

C:\ProgramData\ssmymagwwxdmyyqkkfu.bat

C:\ProgramData\ssmymagwwxdmyyqkkfu.reg

C:\Windows\Tasks\At1.job

C:\Windows\Tasks\At10.job

C:\Windows\Tasks\At11.job

C:\Windows\Tasks\At12.job

C:\Windows\Tasks\At13.job

C:\Windows\Tasks\At14.job

C:\Windows\Tasks\At15.job

C:\Windows\Tasks\At16.job

C:\Windows\Tasks\At17.job

C:\Windows\Tasks\At18.job

C:\Windows\Tasks\At19.job

C:\Windows\Tasks\At2.job

C:\Windows\Tasks\At20.job

C:\Windows\Tasks\At21.job

C:\Windows\Tasks\At22.job

C:\Windows\Tasks\At23.job

C:\Windows\Tasks\At24.job

C:\Windows\Tasks\At25.job

C:\Windows\Tasks\At26.job

C:\Windows\Tasks\At27.job

C:\Windows\Tasks\At28.job

C:\Windows\Tasks\At29.job

C:\Windows\Tasks\At3.job

C:\Windows\Tasks\At30.job

C:\Windows\Tasks\At31.job

C:\Windows\Tasks\At32.job

C:\Windows\Tasks\At33.job

C:\Windows\Tasks\At34.job

C:\Windows\Tasks\At35.job

C:\Windows\Tasks\At36.job

C:\Windows\Tasks\At37.job

C:\Windows\Tasks\At38.job

C:\Windows\Tasks\At39.job

C:\Windows\Tasks\At4.job

C:\Windows\Tasks\At40.job

C:\Windows\Tasks\At41.job

C:\Windows\Tasks\At42.job

C:\Windows\Tasks\At43.job

C:\Windows\Tasks\At44.job

C:\Windows\Tasks\At45.job

C:\Windows\Tasks\At46.job

C:\Windows\Tasks\At47.job

C:\Windows\Tasks\At48.job

C:\Windows\Tasks\At5.job

C:\Windows\Tasks\At6.job

C:\Windows\Tasks\At7.job

C:\Windows\Tasks\At8.job

C:\Windows\Tasks\At9.job
 
 

Some content of TEMP:

====================

C:\Users\Gast\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Gast\AppData\Local\Temp\InstHelper.exe

C:\Users\Gast\AppData\Local\Temp\Quarantine.exe

C:\Users\Gast\AppData\Local\Temp\Uninstall_2.exe

C:\Users\Steffen\AppData\Local\Temp\1sysconf.exe

C:\Users\Steffen\AppData\Local\Temp\avguidx.dll

C:\Users\Steffen\AppData\Local\Temp\AVG_toolbar.exe

C:\Users\Steffen\AppData\Local\Temp\binkw32.dll

C:\Users\Steffen\AppData\Local\Temp\CH.dll

C:\Users\Steffen\AppData\Local\Temp\CommonInstaller.exe

C:\Users\Steffen\AppData\Local\Temp\contentDATs.exe

C:\Users\Steffen\AppData\Local\Temp\d2l_Install.exe

C:\Users\Steffen\AppData\Local\Temp\d2l_PlayD2.exe

C:\Users\Steffen\AppData\Local\Temp\DataCard_Setup64.exe

C:\Users\Steffen\AppData\Local\Temp\DeltaTB.exe

C:\Users\Steffen\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7290008.dll

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7330017.dll

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7340014.dll

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7350008.dll

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7370007.dll

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7370010.dll

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7370014.dll

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7400006.dll

C:\Users\Steffen\AppData\Local\Temp\drm_dyndata_7400009.dll

C:\Users\Steffen\AppData\Local\Temp\EBU1024.EXE

C:\Users\Steffen\AppData\Local\Temp\EBU46FD.DLL

C:\Users\Steffen\AppData\Local\Temp\flcsup.exe

C:\Users\Steffen\AppData\Local\Temp\fp_pl_pfs_installer-1.exe

C:\Users\Steffen\AppData\Local\Temp\fp_pl_pfs_installer-2.exe

C:\Users\Steffen\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Steffen\AppData\Local\Temp\htmlayout.dll

C:\Users\Steffen\AppData\Local\Temp\ICReinstall_DAEMONToolsLiteSetup.exe

C:\Users\Steffen\AppData\Local\Temp\ICReinstall_installer.exe

C:\Users\Steffen\AppData\Local\Temp\ICReinstall_Notepad++Setup.exe

C:\Users\Steffen\AppData\Local\Temp\iGearedHelper.dll

C:\Users\Steffen\AppData\Local\Temp\LyricsPal.exe

C:\Users\Steffen\AppData\Local\Temp\MachineIdCreator.exe

C:\Users\Steffen\AppData\Local\Temp\mfc80.dll

C:\Users\Steffen\AppData\Local\Temp\mfc80u.dll

C:\Users\Steffen\AppData\Local\Temp\mfcm80.dll

C:\Users\Steffen\AppData\Local\Temp\mfcm80u.dll

C:\Users\Steffen\AppData\Local\Temp\msvcm80.dll

C:\Users\Steffen\AppData\Local\Temp\msvcp80.dll

C:\Users\Steffen\AppData\Local\Temp\msvcr80.dll

C:\Users\Steffen\AppData\Local\Temp\MyBabylonTB.exe

C:\Users\Steffen\AppData\Local\Temp\OSU.exe

C:\Users\Steffen\AppData\Local\Temp\ResetDevice.exe

C:\Users\Steffen\AppData\Local\Temp\SCC.dll

C:\Users\Steffen\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\Steffen\AppData\Local\Temp\setup_fsu_cid.exe

C:\Users\Steffen\AppData\Local\Temp\SIntf16.dll

C:\Users\Steffen\AppData\Local\Temp\SIntf32.dll

C:\Users\Steffen\AppData\Local\Temp\SIntfNT.dll

C:\Users\Steffen\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Steffen\AppData\Local\Temp\toolbar5709277.exe

C:\Users\Steffen\AppData\Local\Temp\ToolbarHelper.exe

C:\Users\Steffen\AppData\Local\Temp\ToolbarInstaller.exe

C:\Users\Steffen\AppData\Local\Temp\ubi687C.tmp.exe

C:\Users\Steffen\AppData\Local\Temp\ubiBC92.tmp.exe

C:\Users\Steffen\AppData\Local\Temp\Uninstall.exe

C:\Users\Steffen\AppData\Local\Temp\uninstall5847681.exe

C:\Users\Steffen\AppData\Local\Temp\Uninstaller.exe

C:\Users\Steffen\AppData\Local\Temp\UninstallerGer.dll

C:\Users\Steffen\AppData\Local\Temp\Uninstall_2.exe

C:\Users\Steffen\AppData\Local\Temp\Uninst_eng_reborn.exe

C:\Users\Steffen\AppData\Local\Temp\Verbindungsassistent.exe

C:\Users\Steffen\AppData\Local\Temp\VersionUpdater.exe

C:\Users\Steffen\AppData\Local\Temp\WtgDriverInstallX.dll

C:\Users\Steffen\AppData\Local\Temp\WTGXMLUtil.dll

C:\Users\Steffen\AppData\Local\Temp\WtgZip.dll

C:\Users\Steffen\AppData\Local\Temp\_is1291.exe

C:\Users\Steffen\AppData\Local\Temp\_is16E0.exe

C:\Users\Steffen\AppData\Local\Temp\_is186.exe

C:\Users\Steffen\AppData\Local\Temp\_is18AE.exe

C:\Users\Steffen\AppData\Local\Temp\_is1B5.exe

C:\Users\Steffen\AppData\Local\Temp\_is1F.exe

C:\Users\Steffen\AppData\Local\Temp\_is2222.exe

C:\Users\Steffen\AppData\Local\Temp\_is28DA.exe

C:\Users\Steffen\AppData\Local\Temp\_is341A.exe

C:\Users\Steffen\AppData\Local\Temp\_is3976.exe

C:\Users\Steffen\AppData\Local\Temp\_is3DDA.exe

C:\Users\Steffen\AppData\Local\Temp\_is3E88.exe

C:\Users\Steffen\AppData\Local\Temp\_is3F32.exe

C:\Users\Steffen\AppData\Local\Temp\_is3FDD.exe

C:\Users\Steffen\AppData\Local\Temp\_is44A3.exe

C:\Users\Steffen\AppData\Local\Temp\_is4E64.exe

C:\Users\Steffen\AppData\Local\Temp\_is5123.exe

C:\Users\Steffen\AppData\Local\Temp\_is5512.exe

C:\Users\Steffen\AppData\Local\Temp\_is6192.exe

C:\Users\Steffen\AppData\Local\Temp\_is63F0.exe

C:\Users\Steffen\AppData\Local\Temp\_is65F9.exe

C:\Users\Steffen\AppData\Local\Temp\_is6666.exe

C:\Users\Steffen\AppData\Local\Temp\_is746.exe

C:\Users\Steffen\AppData\Local\Temp\_is785C.exe

C:\Users\Steffen\AppData\Local\Temp\_is78BF.exe

C:\Users\Steffen\AppData\Local\Temp\_is7B38.exe

C:\Users\Steffen\AppData\Local\Temp\_is855F.exe

C:\Users\Steffen\AppData\Local\Temp\_is9591.exe

C:\Users\Steffen\AppData\Local\Temp\_is9E43.exe

C:\Users\Steffen\AppData\Local\Temp\_isA42B.exe

C:\Users\Steffen\AppData\Local\Temp\_isA822.exe

C:\Users\Steffen\AppData\Local\Temp\_isC390.exe

C:\Users\Steffen\AppData\Local\Temp\_isCBAD.exe

C:\Users\Steffen\AppData\Local\Temp\_isD162.exe

C:\Users\Steffen\AppData\Local\Temp\_isD816.exe

C:\Users\Steffen\AppData\Local\Temp\_isDC60.exe

C:\Users\Steffen\AppData\Local\Temp\_isF16A.exe

C:\Users\Steffen\AppData\Local\Temp\_isF27E.exe

C:\Users\Steffen\AppData\Local\Temp\_isF349.exe

C:\Users\Steffen\AppData\Local\Temp\_isF50.exe

C:\Users\Steffen\AppData\Local\Temp\_isFCF5.exe

C:\Users\Steffen\AppData\Local\Temp\~tmf1687602911666546219.dll
 
 

==================== Known DLLs (Whitelisted) ================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 15%

Total physical RAM: 4059.49 MB

Available physical RAM: 3412.3 MB

Total Pagefile: 4057.64 MB

Available Pagefile: 3418.91 MB

Total Virtual: 8192 MB

Available Virtual: 8191.87 MB
 

==================== Drives ================================
 

Drive c: (Daten) (Fixed) (Total:831.51 GB) (Free:25.52 GB) NTFS

Drive k: (INTENSO) (Removable) (Total:14.73 GB) (Free:14.73 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System) (Fixed) (Total:100 GB) (Free:27.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0C19B2D7)

Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=832 GB) - (Type=07 NTFS)
 

========================================================

Disk: 5 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 
 

LastRegBack: 2013-10-25 11:33
 

==================== End Of Log ============================

--- --- ---

--- --- ---

So und jetzt sieht man auch was..
Und man sieht ordentlich was, du hast dir da eine ziemlich imposante Malware-Sammlung zugelegt... ;)
Aber Schritt für Schritt - zuerst kommt mal der Sperrbildschirm weg. Kannst du nach folgendem Fix wieder normal in dein Admin-Konto starten?

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKLM-x32\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <=== ATTENTION

HKLM-x32\...\Command Processor: "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" <======= ATTENTION

HKLM-x32\...\Run: [1TRi7sGavqT.exe] - C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe [201600 2013-10-22] (Microsoft Corporation)

HKLM-x32\...\Run: [SSoonrEj.exe] - C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe [201600 2013-10-23] (Microsoft Corporation)

HKLM-x32\...\Run: [lF40kc2sqeD.exe] - C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe [201600 2013-10-23] (Microsoft Corporation)

HKU\Gast\...\Run: [Qyaxseacha] - C:\Users\Gast\AppData\Roaming\Yhud\olepf.exe [303104 2013-07-21] (X-Ways Software Technology AG)

HKU\Steffen\...\Run: [Yqinho] - C:\Users\Steffen\AppData\Roaming\Liypaz\punoq.exe

C:\Users\Steffen\AppData\Roaming\Liypaz

HKU\Steffen\...\Run: [1TRi7sGavqT.exe] - C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe [201600 2013-10-22] (Microsoft Corporation)

HKU\Steffen\...\Run: [SSoonrEj.exe] - C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe [201600 2013-10-23] (Microsoft Corporation)

HKU\Steffen\...\Run: [lF40kc2sqeD.exe] - C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe [201600 2013-10-23] (Microsoft Corporation)

HKU\Steffen\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 

HKU\Steffen\...\Command Processor: "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" <===== ATTENTION!

Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ssmymagwwxdmyyqkkfu.lnk

ShortcutTarget: ssmymagwwxdmyyqkkfu.lnk -> C:\Users\Steffen\AppData\Local\Temp\ufkkqyymdxwwgamymss.bfg (No File)

2013-10-24 15:27 - 2013-10-25 09:14 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Guux

2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Yhud

2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Abymeb

2013-10-23 14:26 - 2013-10-23 14:28 - 00000000 ____D C:\Users\Steffen\AppData\Local\lYwRqX78

2013-10-23 07:45 - 2013-10-23 14:26 - 00000000 ____D C:\Users\Steffen\AppData\Local\XFoycNjMP2

2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Roaming\VinhMzalfT

2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Local\EFGWNMnkjDJ

2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\ProgramData\MXJ5mE8ZNh

2013-10-22 21:42 - 2013-10-23 07:45 - 00000000 ____D C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9

C:\ProgramData\exCKK8Qm.dat

C:\Windows\system32\config\systemprofile\AppData\Local\ijeluxa.dll

C:\ProgramData\ssmymagwwxdmyyqkkfu.bat

C:\ProgramData\ssmymagwwxdmyyqkkfu.reg

C:\Windows\Tasks\At*.job

C:\Users\Steffen\AppData\Local\Temp\*.exe

C:\Users\Steffen\AppData\Local\Temp\*.dll

CMD: dir /a/b "C:\Users\Steffen\AppData\Roaming"

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Ja kann das Admin-Konto wieder starten...ohne Sperrbildschirm! ;)

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013

Ran by SYSTEM at 2013-10-25 14:58:17 Run:1

Running from K:\

Boot Mode: Recovery

==============================================
 

Content of fixlist:

*****************

HKLM-x32\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <=== ATTENTION

HKLM-x32\...\Command Processor: "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" <======= ATTENTION

HKLM-x32\...\Run: [1TRi7sGavqT.exe] - C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe [201600 2013-10-22] (Microsoft Corporation)

HKLM-x32\...\Run: [SSoonrEj.exe] - C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe [201600 2013-10-23] (Microsoft Corporation)

HKLM-x32\...\Run: [lF40kc2sqeD.exe] - C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe [201600 2013-10-23] (Microsoft Corporation)

HKU\Gast\...\Run: [Qyaxseacha] - C:\Users\Gast\AppData\Roaming\Yhud\olepf.exe [303104 2013-07-21] (X-Ways Software Technology AG)

HKU\Steffen\...\Run: [Yqinho] - C:\Users\Steffen\AppData\Roaming\Liypaz\punoq.exe

C:\Users\Steffen\AppData\Roaming\Liypaz

HKU\Steffen\...\Run: [1TRi7sGavqT.exe] - C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9\1TRi7sGavqT.exe [201600 2013-10-22] (Microsoft Corporation)

HKU\Steffen\...\Run: [SSoonrEj.exe] - C:\Users\Steffen\AppData\Local\XFoycNjMP2\SSoonrEj.exe [201600 2013-10-23] (Microsoft Corporation)

HKU\Steffen\...\Run: [lF40kc2sqeD.exe] - C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe [201600 2013-10-23] (Microsoft Corporation)

HKU\Steffen\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 

HKU\Steffen\...\Command Processor: "C:\Users\Steffen\AppData\Local\lYwRqX78\lF40kc2sqeD.exe" <===== ATTENTION!

Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ssmymagwwxdmyyqkkfu.lnk

ShortcutTarget: ssmymagwwxdmyyqkkfu.lnk -> C:\Users\Steffen\AppData\Local\Temp\ufkkqyymdxwwgamymss.bfg (No File)

2013-10-24 15:27 - 2013-10-25 09:14 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Guux

2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Yhud

2013-10-24 15:27 - 2013-10-24 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Abymeb

2013-10-23 14:26 - 2013-10-23 14:28 - 00000000 ____D C:\Users\Steffen\AppData\Local\lYwRqX78

2013-10-23 07:45 - 2013-10-23 14:26 - 00000000 ____D C:\Users\Steffen\AppData\Local\XFoycNjMP2

2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Roaming\VinhMzalfT

2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\Users\Steffen\AppData\Local\EFGWNMnkjDJ

2013-10-22 21:43 - 2013-10-22 21:43 - 00321536 _____ C:\ProgramData\MXJ5mE8ZNh

2013-10-22 21:42 - 2013-10-23 07:45 - 00000000 ____D C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9

C:\ProgramData\exCKK8Qm.dat

C:\Windows\system32\config\systemprofile\AppData\Local\ijeluxa.dll

C:\ProgramData\ssmymagwwxdmyyqkkfu.bat

C:\ProgramData\ssmymagwwxdmyyqkkfu.reg

C:\Windows\Tasks\At*.job

C:\Users\Steffen\AppData\Local\Temp\*.exe

C:\Users\Steffen\AppData\Local\Temp\*.dll

CMD: dir /a/b "C:\Users\Steffen\AppData\Roaming"

         

*****************
 

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Command Processor\\AutoRun => Value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\1TRi7sGavqT.exe => Value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SSoonrEj.exe => Value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\lF40kc2sqeD.exe => Value deleted successfully.

HKU\Gast\Software\Microsoft\Windows\CurrentVersion\Run\\Qyaxseacha => Value deleted successfully.

HKU\Steffen\Software\Microsoft\Windows\CurrentVersion\Run\\Yqinho => Value deleted successfully.

C:\Users\Steffen\AppData\Roaming\Liypaz => Moved successfully.

HKU\Steffen\Software\Microsoft\Windows\CurrentVersion\Run\\1TRi7sGavqT.exe => Value deleted successfully.

HKU\Steffen\Software\Microsoft\Windows\CurrentVersion\Run\\SSoonrEj.exe => Value deleted successfully.

HKU\Steffen\Software\Microsoft\Windows\CurrentVersion\Run\\lF40kc2sqeD.exe => Value deleted successfully.

HKU\Steffen\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

HKU\Steffen\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.

C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ssmymagwwxdmyyqkkfu.lnk => Moved successfully.

C:\Users\Steffen\AppData\Local\Temp\ufkkqyymdxwwgamymss.bfg not found.

C:\Users\Gast\AppData\Roaming\Guux => Moved successfully.

C:\Users\Gast\AppData\Roaming\Yhud => Moved successfully.

C:\Users\Gast\AppData\Roaming\Abymeb => Moved successfully.

C:\Users\Steffen\AppData\Local\lYwRqX78 => Moved successfully.

C:\Users\Steffen\AppData\Local\XFoycNjMP2 => Moved successfully.

C:\Users\Steffen\AppData\Roaming\VinhMzalfT => Moved successfully.

C:\Users\Steffen\AppData\Local\EFGWNMnkjDJ => Moved successfully.

C:\ProgramData\MXJ5mE8ZNh => Moved successfully.

C:\Users\Steffen\AppData\Local\r1oZz7sWrJ9 => Moved successfully.

C:\ProgramData\exCKK8Qm.dat => Moved successfully.

"C:\Windows\system32\config\systemprofile\AppData\Local\ijeluxa.dll" => File/Directory not found.

C:\ProgramData\ssmymagwwxdmyyqkkfu.bat => Moved successfully.

C:\ProgramData\ssmymagwwxdmyyqkkfu.reg => Moved successfully.

C:\Windows\Tasks\At*.job => Moved successfully.

C:\Users\Steffen\AppData\Local\Temp\*.exe => Moved successfully.

C:\Users\Steffen\AppData\Local\Temp\*.dll => Moved successfully.
 

=========  dir /a/b "C:\Users\Steffen\AppData\Roaming" =========
 

1O1L1I1PtF1F1C1N

Adobe

AppClient

ATI

BabSolution

Babylon

DAEMON Tools Pro

Dealply

DVDVideoSoft

DVDVideoSoftIEHelpers

FFSJ

File Scout

FinalMediaPlayer

FreeFileViewer

GetRightToGo

Google

Identities

InstallShield

Macromedia

Malwarebytes

Media Center Programs

Microsoft

Microsoft Games

MinerWars

Mozilla

My Games

OpenCandy

Petroglyph

runic games

SecuROM

Skype

skypePM

Temp

Titub

Tropico 4 Demo

Tryst

TuneUp Software

Ubisoft

UserTile.png

uTorrent

Vowoy

WinRAR

Xfire

XRay Engine

Yontoo

YourFileDownloader
 

========= End of CMD: =========
 
 

==== End of Fixlog ====

Prima, dann jetzt weiter im Admin-Konto:

Verschiebe die frst64.exe vom USB-Stick auf den Desktop.

Starte dann FRST.
Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Okay! Ist das Erste was ich mache wenn ich von der Arbeit komme!

Aber schon mal ein grosses DANKE für die bereits geleistete Hilfe!!!!:daumenhoc

So das wäre auch erledigt.

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013

Ran by Steffen (administrator) on STEFFEN-PC on 26-10-2013 08:37:29

Running from C:\Users\Steffen\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\Rtlservice.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Yontoo LLC) C:\Users\Steffen\AppData\Roaming\Yontoo\YontooDesktop.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe

() C:\Program Files (x86)\AVG Secure Search\vprot.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Trusted Software ApS) C:\Program Files (x86)\File Type Assistant\TSAssist.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(AMD) C:\Windows\system32\atieclxx.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

() C:\Program Files (x86)\AVG Secure Search\vprot.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
 

==================== Registry (Whitelisted) ==================
 

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1813928 2013-10-09] (Valve Corporation)

HKCU\...\Run: [Facebook Update] - C:\Users\Steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-21] (Facebook Inc.)

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-10] (Google Inc.)

HKCU\...\Run: [Yontoo Desktop] - C:\Users\Steffen\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-23] (Yontoo LLC)

HKCU\...\Run: [Desura] - C:\Program Files (x86)\Desura\desura.exe -autostart

HKCU\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe  "C:\Users\Steffen\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run

MountPoints2: E - E:\setup\rsrc\Autorun.exe

MountPoints2: G - G:\AutoRun.exe

MountPoints2: J - J:\AutoRun.exe

MountPoints2: K - K:\AutoRun.exe

MountPoints2: {0804d94a-4969-11e0-b9fe-ca997159e56d} - J:\AutoRun.exe

MountPoints2: {0804d950-4969-11e0-b9fe-ca997159e56d} - K:\AutoRun.exe

MountPoints2: {34bda76a-b064-11e1-a5e7-9419690ce16b} - G:\AutoRun.exe

MountPoints2: {40926667-af9d-11e1-9bec-9a5259183969} - G:\AutoRun.exe

MountPoints2: {69b2bc64-654c-11e0-bbb4-806e6f6e6963} - J:\AutoRun.exe

MountPoints2: {933863d4-5a71-11e1-9dc4-c83485033601} - J:\AutoRun.exe

MountPoints2: {93386410-5a71-11e1-9dc4-c83485033601} - H:\AutoRun.exe

MountPoints2: {b1a76898-e639-11e1-a47c-d7bdb6205215} - F:\AutoRun.exe

MountPoints2: {b1a7689c-e639-11e1-a47c-d7bdb6205215} - F:\AutoRun.exe

MountPoints2: {b57c4aab-1fd8-11e1-970d-96cd778e2036} - J:\AutoRun.exe

MountPoints2: {b57c4aaf-1fd8-11e1-970d-96cd778e2036} - J:\AutoRun.exe

MountPoints2: {d6c996a7-61c2-11e0-9837-b73251542568} - I:\autorun.exe

MountPoints2: {dcac8041-c4fd-11e1-a4ad-806e6f6e6963} - F:\EAWXLauncher.exe

MountPoints2: {e68a8043-fd8c-11e0-9864-88f24a0f2662} - J:\AutoRun.exe

MountPoints2: {e68a8047-fd8c-11e0-9864-88f24a0f2662} - H:\AutoRun.exe

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2404376 2013-10-02] ()

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-03] (Advanced Micro Devices, Inc.)

AppInit_DLLs-x32: c:\progra~4\bitguard\261694~1.246\{c16c1~1\bitguard.dll [ ] ()

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFB3865A8AEDECB01

HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=C458001333ABAFC0&affID=119357&tt=210713_nt&tsp=4950

URLSearchHook: (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  No File

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - DefaultScope {B87D517D-37D3-4ECA-B1AD-DD0987BBDDE9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&CUI=UN15765694262647729&UM=1&SSPV=TB_TS7

SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C458001333ABAFC0&affID=119357&tt=210713_nt&tsp=4950

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={44BAB095-614A-45C5-B6BE-02213C1DD91A}&mid=2b3a49def34747d0b6d916a72c3389c2-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=pp011&pr=sa&d=2012-06-23 16:09:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {B87D517D-37D3-4ECA-B1AD-DD0987BBDDE9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&CUI=UN15765694262647729&UM=1&SSPV=TB_TS7

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO-x32: Plus-HD-2.3 - {11111111-1111-1111-1111-110311341126} - C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)

BHO-x32: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: DealPly Shopping - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files (x86)\DealPly\DealPlyIE.dll No File

BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)

Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File

DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog9 01 mswsock.dll File Not found ()

Winsock: Catalog9 02 mswsock.dll File Not found ()

Winsock: Catalog9 03 mswsock.dll File Not found ()

Winsock: Catalog9 04 mswsock.dll File Not found ()

Winsock: Catalog9 05 mswsock.dll File Not found ()

Winsock: Catalog9 06 mswsock.dll File Not found ()

Winsock: Catalog9 07 mswsock.dll File Not found ()

Winsock: Catalog9 08 mswsock.dll File Not found ()

Winsock: Catalog9 09 mswsock.dll File Not found ()

Winsock: Catalog9 10 mswsock.dll File Not found ()

Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog9-x64 01 mswsock.dll File Not found ()

Winsock: Catalog9-x64 02 mswsock.dll File Not found ()

Winsock: Catalog9-x64 03 mswsock.dll File Not found ()

Winsock: Catalog9-x64 04 mswsock.dll File Not found ()

Winsock: Catalog9-x64 05 mswsock.dll File Not found ()

Winsock: Catalog9-x64 06 mswsock.dll File Not found ()

Winsock: Catalog9-x64 07 mswsock.dll File Not found ()

Winsock: Catalog9-x64 08 mswsock.dll File Not found ()

Winsock: Catalog9-x64 09 mswsock.dll File Not found ()

Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
 

Hosts: Hosts file not detected in the default directory

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default

FF user.js: detected! => C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\user.js

FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=C458001333ABAFC0&affID=119357&tt=210713_nt&tsp=4950

FF SearchEngineOrder.1: Delta Search

FF SelectedSearchEngine: Delta Search

FF Homepage: hxxp://search.babylon.com/?babsrc=HP_ss_sps&mntrId=C458001333ABAFC0&affID=119357&tt=210713_nt&tsp=4950

FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?octid=CT2269050&ctid=CT2269050&SearchSource=2&CUI=UN18699443131722559&UM=1&sspv=TB_CH5&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)

FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Steffen\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF SearchPlugin: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\searchplugins\Babylon.xml

FF SearchPlugin: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\searchplugins\BrowserDefender.xml

FF SearchPlugin: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\searchplugins\delta.xml

FF SearchPlugin: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\searchplugins\dvdvideosofttb-customized-web-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: No Name - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com

FF Extension: Yontoo - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Extensions\plugin@yontoo.com

FF Extension: DVDVideoSoftTB  - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

FF Extension: torntv2 - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Extensions\torntv2@torntv.com.xpi

FF Extension: No Name - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12

FF Extension: No Name - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12

FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox

FF Extension: No Name - C:\Program Files (x86)\RelevantKnowledge\firefox
 

Chrome: 

=======

CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=C458001333ABAFC0&affID=119557&tt=160713_9127&tsp=4946"

CHR DefaultSearchURL: (Delta Search) - hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C458001333ABAFC0&affID=119357&tt=210713_nt&tsp=4950

CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)

CHR Plugin: (DealPlyLive Update) - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

CHR Plugin: (Facebook Desktop) - C:\Users\Steffen\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

CHR Extension: (Delta Toolbar) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.5.2_0

CHR Extension: (AVG Secure Search) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.1.12_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (Plus-HD-2.3) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.17_0

CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx

CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Steffen\AppData\Roaming\BabSolution\CR\Delta.crx

CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx

CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx

CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx
 

==================== Services (Whitelisted) =================
 

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)

R2 idebusdr; C:\Windows\system32\ADIDTSFiltService.dll [6656 2009-07-14] (Oak Technology Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)

S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-09] ()

R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\Rtlservice.exe [36864 2010-04-16] (Realtek)

R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)

R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)

S2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]

S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /svc [x]

S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /medsvc [x]

S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service [x]

S2 Yontoo Desktop Updater; "C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\Steffen\AppData\Roaming\Yontoo\YontooDesktop.exe"
 

==================== Drivers (Whitelisted) ====================
 

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-08-10] ()

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-08-10] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
 

========================== Drivers MD5 =======================
 

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\atikmdag.sys 78546921D348E9F917E00B9ED8279C3C

C:\Windows\System32\DRIVERS\atikmpag.sys 619C03C378BE737B779E2CD9ECB9C778

C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49

C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\System32\drivers\AtihdW76.sys DBB487D09F56C674430AC454FD8BCAB9

C:\Windows\System32\drivers\AtiHdmi.sys 77C149E6D702737B2E372DEE166FAEF8

C:\Windows\System32\DRIVERS\atksgt.sys B4BDE3F758A34658A37DFED3D9783CD8

C:\Windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06

C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys C4943B6C962E4B82197542447AD599F4

C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit

C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B

C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A

C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ewusbmdm.sys CDAA8E257BB625B2387219E605DDE37D

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit

C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366

C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit

C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys DA1E991A61CFDD755A589E206B97644B

C:\Windows\System32\Drivers\ksecpkg.sys 7E33198D956943A4F11A5474C1E9106F

C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lirsgt.sys 955982BF4421B77722196552B62E8DC2

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910

C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC

C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163

C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C

C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8

C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD

C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\RDPWD.sys 6D76E6433574B058ADCB0C50DF834492

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RTL8192su.sys 9F0926BC1544AC13E7F153E3E77B1B17

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B

C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28

C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3

C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit

C:\Windows\System32\drivers\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9

C:\Windows\System32\DRIVERS\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9

C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8

C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit

C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit

C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A

C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C

C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B

C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24

C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31

C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6

C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\xnacc.sys 4A5CE13408945E525503B5F73D29B9C5
 

==================== NetSvcs (Whitelisted) ===================
 

NETSVC: idebusdr -> C:\Windows\system32\ADIDTSFiltService.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
 

==================== One Month Created Files and Folders ========
 

2013-10-26 08:37 - 2013-10-24 18:23 - 01955412 _____ (Farbar) C:\Users\Steffen\Desktop\FRST64.exe

2013-10-25 14:58 - 2013-10-25 14:58 - 00000000 ____D C:\FRST

2013-10-25 12:37 - 2013-10-25 12:37 - 00002164 _____ C:\Users\Gast\Desktop\S.T.A.L.K.E.R. COP Trainer +10_.exe - Verknüpfung.lnk

2013-10-25 12:21 - 2013-10-25 12:21 - 00084698 _____ C:\Users\Gast\Desktop\Extras.Txt

2013-10-25 12:21 - 2013-10-25 12:21 - 00067742 _____ C:\Users\Gast\Desktop\OTL.Txt

2013-10-25 12:14 - 2013-10-25 12:14 - 00602112 _____ (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe

2013-10-25 10:23 - 2013-10-25 10:25 - 127231689 _____ (Igor Pavlov) C:\Users\Gast\Desktop\OTLPENet.exe

2013-10-25 10:09 - 2013-10-25 10:09 - 00274368 _____ C:\Windows\Minidump\102513-13962-01.dmp

2013-10-25 08:34 - 2013-10-25 08:34 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search

2013-10-24 22:38 - 2013-10-24 22:38 - 00274368 _____ C:\Windows\Minidump\102413-15787-01.dmp

2013-10-24 18:30 - 2013-10-24 18:30 - 00274368 _____ C:\Windows\Minidump\102413-16489-01.dmp

2013-10-24 16:25 - 2013-10-24 16:26 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner

2013-10-24 15:29 - 2013-10-24 15:29 - 00000460 _____ C:\Users\Gast\Documents\aswMBR.txt

2013-10-24 14:59 - 2013-10-24 14:59 - 00000000 ____D C:\Users\Gast\mbar

2013-10-24 14:51 - 2013-10-24 14:52 - 00000000 ____D C:\ProgramData\Oracle

2013-10-24 08:39 - 2013-10-24 10:39 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Petroglyph

2013-10-24 08:37 - 2013-10-24 08:37 - 00027648 _____ C:\Users\Gast\Desktop\ModLauncher.exe

2013-10-23 21:20 - 2013-10-23 21:20 - 00000000 ____D C:\Users\Gast\AppData\Roaming\WinRAR

2013-10-23 19:02 - 2013-10-23 19:02 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-10-23 17:56 - 2013-10-23 17:57 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe

2013-10-23 17:28 - 2013-10-25 10:09 - 385355457 _____ C:\Windows\MEMORY.DMP

2013-10-23 17:28 - 2013-10-23 17:28 - 00274368 _____ C:\Windows\Minidump\102313-22932-01.dmp

2013-10-23 15:57 - 2013-10-23 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\Google

2013-10-23 15:57 - 2013-10-23 17:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe

2013-10-23 15:57 - 2013-10-23 15:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Google

2013-10-23 15:57 - 2013-10-23 15:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia

2013-10-23 15:52 - 2013-10-23 15:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes

2013-10-23 08:50 - 2013-10-23 15:24 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard

2013-10-21 14:14 - 2013-10-21 14:14 - 00001821 _____ C:\Users\Steffen\Desktop\Stargate - Verknüpfung.lnk

2013-10-21 13:47 - 2013-10-23 09:38 - 00000000 ____D C:\Users\Steffen\Desktop\Babylon 5 Wars

2013-10-17 09:17 - 2013-10-17 09:17 - 00027648 _____ C:\Users\Steffen\Desktop\ModLauncher.exe

2013-10-08 21:35 - 2013-10-08 21:35 - 00000000 ____D C:\Users\Steffen\AppData\Local\Targem

2013-10-08 20:45 - 2013-10-08 20:45 - 00000222 _____ C:\Users\Steffen\Desktop\Star Conflict.url

2013-10-08 20:03 - 2013-10-08 20:03 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

2013-10-08 12:50 - 2013-10-08 12:59 - 00000000 ____D C:\ProgramData\WarThunder

2013-10-08 12:50 - 2013-10-08 12:50 - 00000000 ____D C:\Users\Steffen\AppData\Local\WarThunder

2013-10-08 10:49 - 2013-10-08 10:49 - 00000222 _____ C:\Users\Steffen\Desktop\War Thunder.url

2013-10-08 09:44 - 2013-10-08 09:44 - 00003156 _____ C:\Windows\System32\Tasks\{EB9FF8E1-7E37-413B-811D-EF5CD26E5573}

2013-10-08 08:19 - 2013-10-08 08:19 - 00000000 ____D C:\Users\Steffen\AppData\Local\Chromium

2013-10-07 12:24 - 2013-10-17 14:37 - 00000178 _____ C:\Users\Steffen\Desktop\Age of Conan Unchained - EU version.url

2013-10-06 16:29 - 2013-10-06 16:30 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\MinerWars

2013-10-06 16:28 - 2013-10-06 16:28 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-06 15:41 - 2013-10-06 15:41 - 00000222 _____ C:\Users\Steffen\Desktop\Jagged Alliance Online - Steam Edition.url

2013-09-28 23:11 - 2013-09-28 23:11 - 00414241 _____ C:\Uninstall.ini

2013-09-26 20:58 - 2013-09-26 20:58 - 00003288 _____ C:\Windows\System32\Tasks\{4A8C961A-01B8-4F5C-9F69-8316C44F007C}

2013-09-26 20:48 - 2013-09-26 20:48 - 00000000 ____D C:\ProgramData\ATI

2013-09-26 20:48 - 2013-09-26 20:48 - 00000000 ____D C:\Program Files (x86)\AMD APP

2013-09-26 20:46 - 2013-09-26 20:46 - 00018357 _____ C:\Windows\SysWOW64\CCCInstall_201309262046523347.log

2013-09-26 20:46 - 2013-09-26 20:46 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies

2013-09-26 20:43 - 2013-09-26 20:43 - 00000000 ____D C:\AMD
 

==================== One Month Modified Files and Folders =======
 

2013-10-26 08:37 - 2010-10-04 06:53 - 01059589 _____ C:\Windows\WindowsUpdate.log

2013-10-26 08:36 - 2013-07-21 18:18 - 00001198 _____ C:\Windows\Tasks\Plus-HD-2.3-updater.job

2013-10-26 08:36 - 2013-07-21 18:16 - 00001910 _____ C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job

2013-10-26 08:35 - 2013-07-21 18:17 - 00001202 _____ C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job

2013-10-26 08:35 - 2013-07-21 18:17 - 00001102 _____ C:\Windows\Tasks\Plus-HD-2.3-enabler.job

2013-10-26 08:35 - 2013-07-21 18:17 - 00000904 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job

2013-10-26 08:35 - 2013-07-21 18:16 - 00001834 _____ C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job

2013-10-26 08:35 - 2013-06-09 05:27 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job

2013-10-26 08:35 - 2013-06-04 18:13 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2013-10-26 08:35 - 2012-03-06 17:45 - 00000406 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job

2013-10-26 08:35 - 2011-03-10 01:20 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-26 08:31 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-26 08:31 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-26 08:25 - 2013-04-01 21:42 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Yontoo

2013-10-26 08:24 - 2011-03-24 10:13 - 00000000 ____D C:\Program Files (x86)\Steam

2013-10-26 08:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-26 08:24 - 2009-07-14 06:51 - 00325544 _____ C:\Windows\setupact.log

2013-10-25 22:22 - 2013-07-21 18:17 - 00000908 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job

2013-10-25 22:22 - 2011-03-10 01:20 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-25 22:16 - 2013-07-21 18:16 - 00000298 _____ C:\Windows\Tasks\Dealply.job

2013-10-25 21:45 - 2013-02-03 17:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-25 21:38 - 2012-04-13 21:21 - 00001146 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3988711392-2741257696-3300269237-1000UA.job

2013-10-25 19:08 - 2011-09-28 15:25 - 00000000 ____D C:\Users\Steffen\Desktop\Games

2013-10-25 18:38 - 2012-04-13 21:21 - 00001124 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3988711392-2741257696-3300269237-1000Core.job

2013-10-25 17:49 - 2010-10-05 11:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-10-25 17:29 - 2013-08-30 08:42 - 00000104 _____ C:\Users\Steffen\Desktop\firefoxmodsite.txt

2013-10-25 15:58 - 2010-10-04 07:02 - 00000000 ___RD C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-10-25 14:58 - 2013-10-25 14:58 - 00000000 ____D C:\FRST

2013-10-25 12:37 - 2013-10-25 12:37 - 00002164 _____ C:\Users\Gast\Desktop\S.T.A.L.K.E.R. COP Trainer +10_.exe - Verknüpfung.lnk

2013-10-25 12:21 - 2013-10-25 12:21 - 00084698 _____ C:\Users\Gast\Desktop\Extras.Txt

2013-10-25 12:21 - 2013-10-25 12:21 - 00067742 _____ C:\Users\Gast\Desktop\OTL.Txt

2013-10-25 12:14 - 2013-10-25 12:14 - 00602112 _____ (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe

2013-10-25 10:25 - 2013-10-25 10:23 - 127231689 _____ (Igor Pavlov) C:\Users\Gast\Desktop\OTLPENet.exe

2013-10-25 10:09 - 2013-10-25 10:09 - 00274368 _____ C:\Windows\Minidump\102513-13962-01.dmp

2013-10-25 10:09 - 2013-10-23 17:28 - 385355457 _____ C:\Windows\MEMORY.DMP

2013-10-25 10:09 - 2011-07-26 19:28 - 00000000 ____D C:\Windows\Minidump

2013-10-25 08:34 - 2013-10-25 08:34 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search

2013-10-24 22:38 - 2013-10-24 22:38 - 00274368 _____ C:\Windows\Minidump\102413-15787-01.dmp

2013-10-24 18:30 - 2013-10-24 18:30 - 00274368 _____ C:\Windows\Minidump\102413-16489-01.dmp

2013-10-24 18:23 - 2013-10-26 08:37 - 01955412 _____ (Farbar) C:\Users\Steffen\Desktop\FRST64.exe

2013-10-24 18:03 - 2009-07-14 19:58 - 00696848 _____ C:\Windows\system32\perfh007.dat

2013-10-24 18:03 - 2009-07-14 19:58 - 00148144 _____ C:\Windows\system32\perfc007.dat

2013-10-24 18:03 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-24 16:27 - 2011-04-07 08:16 - 00000000 ____D C:\Users\Gast

2013-10-24 16:26 - 2013-10-24 16:25 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner

2013-10-24 15:29 - 2013-10-24 15:29 - 00000460 _____ C:\Users\Gast\Documents\aswMBR.txt

2013-10-24 14:59 - 2013-10-24 14:59 - 00000000 ____D C:\Users\Gast\mbar

2013-10-24 14:52 - 2013-10-24 14:51 - 00000000 ____D C:\ProgramData\Oracle

2013-10-24 10:39 - 2013-10-24 08:39 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Petroglyph

2013-10-24 08:37 - 2013-10-24 08:37 - 00027648 _____ C:\Users\Gast\Desktop\ModLauncher.exe

2013-10-23 21:57 - 2013-04-01 17:04 - 00000000 ____D C:\Program Files (x86)\RelevantKnowledge

2013-10-23 21:20 - 2013-10-23 21:20 - 00000000 ____D C:\Users\Gast\AppData\Roaming\WinRAR

2013-10-23 21:13 - 2009-07-14 06:45 - 00006144 _____ C:\Windows\system32\umstartup.etl

2013-10-23 19:15 - 2013-10-23 15:57 - 00000000 ____D C:\Users\Gast\AppData\Local\Google

2013-10-23 19:02 - 2013-10-23 19:02 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-10-23 17:57 - 2013-10-23 17:56 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe

2013-10-23 17:57 - 2013-10-23 15:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe

2013-10-23 17:56 - 2011-11-14 19:17 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader 8.lnk

2013-10-23 17:56 - 2011-11-14 19:17 - 00000000 ____D C:\ProgramData\Adobe

2013-10-23 17:28 - 2013-10-23 17:28 - 00274368 _____ C:\Windows\Minidump\102313-22932-01.dmp

2013-10-23 15:58 - 2013-10-23 15:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Google

2013-10-23 15:57 - 2013-10-23 15:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia

2013-10-23 15:52 - 2013-10-23 15:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes

2013-10-23 15:52 - 2011-04-07 08:17 - 00058144 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-23 15:51 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-23 15:25 - 2011-02-11 15:12 - 00481436 _____ C:\Windows\PFRO.log

2013-10-23 15:24 - 2013-10-23 08:50 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard

2013-10-23 15:23 - 2013-07-21 18:16 - 00000000 ____D C:\Program Files (x86)\DealPly

2013-10-23 09:38 - 2013-10-21 13:47 - 00000000 ____D C:\Users\Steffen\Desktop\Babylon 5 Wars

2013-10-22 15:55 - 2011-09-27 18:36 - 00000000 ____D C:\Users\Steffen\Desktop\Stoner-Doom Metal

2013-10-22 14:05 - 2013-06-06 16:32 - 00006633 _____ C:\Users\Public\Documents\stalke~1.ltx

2013-10-22 09:49 - 2013-09-07 00:06 - 00000000 ____D C:\Users\Steffen\Desktop\Doom 2

2013-10-21 14:14 - 2013-10-21 14:14 - 00001821 _____ C:\Users\Steffen\Desktop\Stargate - Verknüpfung.lnk

2013-10-20 13:42 - 2013-09-02 22:21 - 00000000 ____D C:\Users\Steffen\Desktop\Space Battleships

2013-10-20 12:08 - 2010-11-21 20:53 - 00000000 ____D C:\Users\Steffen\Documents\My Games

2013-10-18 10:25 - 2013-07-13 12:54 - 00002188 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-10-17 14:37 - 2013-10-07 12:24 - 00000178 _____ C:\Users\Steffen\Desktop\Age of Conan Unchained - EU version.url

2013-10-17 09:17 - 2013-10-17 09:17 - 00027648 _____ C:\Users\Steffen\Desktop\ModLauncher.exe

2013-10-16 10:24 - 2013-08-23 08:28 - 00000000 ____D C:\Users\Steffen\Desktop\Star Wars Mods

2013-10-16 09:57 - 2013-01-12 13:20 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phoenix Rising

2013-10-09 15:17 - 2011-03-10 01:20 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-10-09 15:17 - 2011-03-10 01:20 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-10-09 10:45 - 2013-02-03 17:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-10-09 10:45 - 2012-06-05 21:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-09 10:45 - 2012-06-05 21:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-09 00:15 - 2013-09-13 19:40 - 00000000 ____D C:\ProgramData\BitGuard

2013-10-08 21:35 - 2013-10-08 21:35 - 00000000 ____D C:\Users\Steffen\AppData\Local\Targem

2013-10-08 20:45 - 2013-10-08 20:45 - 00000222 _____ C:\Users\Steffen\Desktop\Star Conflict.url

2013-10-08 20:30 - 2013-09-16 09:45 - 00000000 ____D C:\Users\Steffen\Desktop\Codex

2013-10-08 20:03 - 2013-10-08 20:03 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

2013-10-08 12:59 - 2013-10-08 12:50 - 00000000 ____D C:\ProgramData\WarThunder

2013-10-08 12:57 - 2011-08-10 12:10 - 00000000 ___HD C:\Windows\msdownld.tmp

2013-10-08 12:57 - 2011-08-10 12:10 - 00000000 ____D C:\Windows\SysWOW64\directx

2013-10-08 12:50 - 2013-10-08 12:50 - 00000000 ____D C:\Users\Steffen\AppData\Local\WarThunder

2013-10-08 10:49 - 2013-10-08 10:49 - 00000222 _____ C:\Users\Steffen\Desktop\War Thunder.url

2013-10-08 09:44 - 2013-10-08 09:44 - 00003156 _____ C:\Windows\System32\Tasks\{EB9FF8E1-7E37-413B-811D-EF5CD26E5573}

2013-10-08 08:19 - 2013-10-08 08:19 - 00000000 ____D C:\Users\Steffen\AppData\Local\Chromium

2013-10-07 13:42 - 2011-11-21 15:55 - 00000000 ___RD C:\Users\Steffen\Desktop\FILME!!!

2013-10-07 13:14 - 2010-10-04 07:41 - 00000000 ____D C:\Users\Steffen\Desktop\Krempel

2013-10-07 11:19 - 2012-06-10 15:35 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\uTorrent

2013-10-06 16:30 - 2013-10-06 16:29 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\MinerWars

2013-10-06 16:28 - 2013-10-06 16:28 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-06 15:41 - 2013-10-06 15:41 - 00000222 _____ C:\Users\Steffen\Desktop\Jagged Alliance Online - Steam Edition.url

2013-10-05 23:09 - 2013-09-25 20:56 - 00000890 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk

2013-10-05 12:56 - 2010-06-16 16:52 - 00000000 ____D C:\Program Data

2013-10-04 00:20 - 2010-10-04 07:37 - 00475388 _____ C:\Windows\DirectX.log

2013-10-02 09:13 - 2013-06-27 10:12 - 00003728 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml

2013-10-02 09:12 - 2012-06-23 16:09 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search

2013-10-02 09:10 - 2012-11-30 08:05 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2013-09-28 23:11 - 2013-09-28 23:11 - 00414241 _____ C:\Uninstall.ini

2013-09-28 23:11 - 2011-03-04 16:31 - 00273164 _____ C:\Uninstall.exe

2013-09-26 20:58 - 2013-09-26 20:58 - 00003288 _____ C:\Windows\System32\Tasks\{4A8C961A-01B8-4F5C-9F69-8316C44F007C}

2013-09-26 20:48 - 2013-09-26 20:48 - 00000000 ____D C:\ProgramData\ATI

2013-09-26 20:48 - 2013-09-26 20:48 - 00000000 ____D C:\Program Files (x86)\AMD APP

2013-09-26 20:48 - 2010-10-04 07:58 - 00000000 ____D C:\Program Files (x86)\ATI Technologies

2013-09-26 20:48 - 2010-10-04 07:57 - 00000000 ____D C:\Program Files\ATI Technologies

2013-09-26 20:46 - 2013-09-26 20:46 - 00018357 _____ C:\Windows\SysWOW64\CCCInstall_201309262046523347.log

2013-09-26 20:46 - 2013-09-26 20:46 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies

2013-09-26 20:43 - 2013-09-26 20:43 - 00000000 ____D C:\AMD
 

ZeroAccess:

C:\Windows\System32\consrv.dll
 

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini
 

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini
 

Some content of TEMP:

====================

C:\Users\Gast\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Gast\AppData\Local\Temp\InstHelper.exe

C:\Users\Gast\AppData\Local\Temp\Quarantine.exe

C:\Users\Gast\AppData\Local\Temp\Uninstall_2.exe

C:\Users\Steffen\AppData\Local\Temp\CH.dll

C:\Users\Steffen\AppData\Local\Temp\_is5FFD.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
 

==================== BCD ================================
 

Windows-Start-Manager

---------------------

Bezeichner              {bootmgr}

device                  partition=D:

description             Windows Boot Manager

locale                  de-DE

inherit                 {globalsettings}

default                 {current}

resumeobject            {00b1d430-3bf6-11df-b345-6cf0490f0c84}

displayorder            {current}

                        {00b1d42d-3bf6-11df-b345-6cf0490f0c84}

toolsdisplayorder       {memdiag}

timeout                 30
 

Windows-Startladeprogramm

-------------------------

Bezeichner              {00b1d42d-3bf6-11df-b345-6cf0490f0c84}

device                  partition=D:

path                    \Windows\system32\winload.exe

description             Windows 7

locale                  de-DE

inherit                 {bootloadersettings}

recoverysequence        {00b1d42e-3bf6-11df-b345-6cf0490f0c84}

recoveryenabled         Yes

osdevice                partition=D:

systemroot              \Windows

resumeobject            {00b1d42c-3bf6-11df-b345-6cf0490f0c84}

nx                      OptIn

detecthal               Yes
 

Windows-Startladeprogramm

-------------------------

Bezeichner              {00b1d42e-3bf6-11df-b345-6cf0490f0c84}

device                  ramdisk=[D:]\Recovery\00b1d42e-3bf6-11df-b345-6cf0490f0c84\Winre.wim,{00b1d42f-3bf6-11df-b345-6cf0490f0c84}

path                    \windows\system32\winload.exe

description             Windows Recovery Environment

inherit                 {bootloadersettings}

osdevice                ramdisk=[D:]\Recovery\00b1d42e-3bf6-11df-b345-6cf0490f0c84\Winre.wim,{00b1d42f-3bf6-11df-b345-6cf0490f0c84}

systemroot              \windows

nx                      OptIn

winpe                   Yes
 

Windows-Startladeprogramm

-------------------------

Bezeichner              {current}

device                  partition=C:

path                    \Windows\system32\winload.exe

description             Windows 7

locale                  de-DE

inherit                 {bootloadersettings}

recoverysequence        {00b1d432-3bf6-11df-b345-6cf0490f0c84}

recoveryenabled         Yes

osdevice                partition=C:

systemroot              \Windows

resumeobject            {00b1d430-3bf6-11df-b345-6cf0490f0c84}

nx                      OptIn
 

Windows-Startladeprogramm

-------------------------

Bezeichner              {00b1d432-3bf6-11df-b345-6cf0490f0c84}

device                  ramdisk=[C:]\Recovery\00b1d432-3bf6-11df-b345-6cf0490f0c84\Winre.wim,{00b1d433-3bf6-11df-b345-6cf0490f0c84}

path                    \windows\system32\winload.exe

description             Windows Recovery Environment

inherit                 {bootloadersettings}

osdevice                ramdisk=[C:]\Recovery\00b1d432-3bf6-11df-b345-6cf0490f0c84\Winre.wim,{00b1d433-3bf6-11df-b345-6cf0490f0c84}

systemroot              \windows

nx                      OptIn

winpe                   Yes
 

Wiederaufnahme aus dem Ruhezustand

----------------------------------

Bezeichner              {00b1d42c-3bf6-11df-b345-6cf0490f0c84}

device                  partition=D:

path                    \Windows\system32\winresume.exe

description             Windows Resume Application

locale                  de-DE

inherit                 {resumeloadersettings}

filedevice              partition=D:

filepath                \hiberfil.sys

debugoptionenabled      No
 

Wiederaufnahme aus dem Ruhezustand

----------------------------------

Bezeichner              {00b1d430-3bf6-11df-b345-6cf0490f0c84}

device                  partition=C:

path                    \Windows\system32\winresume.exe

description             Windows Resume Application

locale                  de-DE

inherit                 {resumeloadersettings}

filedevice              partition=C:

filepath                \hiberfil.sys

debugoptionenabled      No
 

Windows-Speichertestprogramm

----------------------------

Bezeichner              {memdiag}

device                  partition=D:

path                    \boot\memtest.exe

description             Windows-Speicherdiagnose

locale                  de-DE

inherit                 {globalsettings}

badmemoryaccess         Yes
 

EMS-Einstellungen

-----------------

Bezeichner              {emssettings}

bootems                 Yes
 

Debuggereinstellungen

---------------------

Bezeichner              {dbgsettings}

debugtype               Serial

debugport               1

baudrate                115200
 

RAM-Defekte

-----------

Bezeichner              {badmemory}
 

Globale Einstellungen

---------------------

Bezeichner              {globalsettings}

inherit                 {dbgsettings}

                        {emssettings}

                        {badmemory}
 

Startladeprogramm-Einstellungen

-------------------------------

Bezeichner              {bootloadersettings}

inherit                 {globalsettings}

                        {hypervisorsettings}
 

Hypervisoreinstellungen

-------------------

Bezeichner              {hypervisorsettings}

hypervisordebugtype     Serial

hypervisordebugport     1

hypervisorbaudrate      115200
 

Einstellungen zur Ladeprogrammfortsetzung

-----------------------------------------

Bezeichner              {resumeloadersettings}

inherit                 {globalsettings}
 

Ger„teoptionen

--------------

Bezeichner              {00b1d42f-3bf6-11df-b345-6cf0490f0c84}

description             Ramdisk Options

ramdisksdidevice        partition=D:

ramdisksdipath          \Recovery\00b1d42e-3bf6-11df-b345-6cf0490f0c84\boot.sdi
 

Ger„teoptionen

--------------

Bezeichner              {00b1d433-3bf6-11df-b345-6cf0490f0c84}

description             Ramdisk Options

ramdisksdidevice        partition=C:

ramdisksdipath          \Recovery\00b1d432-3bf6-11df-b345-6cf0490f0c84\boot.sdi
 
 
 

LastRegBack: 2013-10-25 12:33
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2013

Ran by Steffen at 2013-10-26 08:38:48

Running from C:\Users\Steffen\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

«Sigerous Mod v2.1» (x32)

µTorrent (x32 Version: 3.3.0.29625)

7-Zip 9.20 (x32)

7-Zip Free Download Packages (HKCU)

Adobe Flash Player 10 ActiveX 64-bit (Version: 10.3.162.28)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)

Adobe Reader 8.1.1 (x32 Version: 8.1.1)

Age of Conan: Unchained - EU version (x32)

Alien Rage - Demo (x32)

Alliance4.7B (x32)

AllianceCW0.5B (x32)

AllianceL2.42 (x32)

AllianceSTTOS1.0X (x32)

AllianceSTTOS2.0 (x32)

AMD APP SDK Runtime (Version: 2.5.732.1)

AMD AVIVO64 Codecs (Version: 11.6.0.11003)

AMD Catalyst Install Manager (Version: 3.0.842.0)

AMD Drag and Drop Transcoding (Version: 2.00.0000)

AMD Media Foundation Decoders (Version: 1.0.61003.1205)

ANNO 2070 DEMO (x32 Version: 1.0.0.0)

ARS Call of Pripyat Mod 0.5 (x32)

AVG Security Toolbar (x32 Version: 17.0.1.12)

Awakening of the Rebellion - Return of the Gameplay 1.1  (x32 Version: 1.1)

Awakening of the Rebellion (x32 Version: 2.5 RC-9d)

Awakening of the Rebellion 2.05 (x32)

Battleships Forever v0.90d (x32)

BattlEye Uninstall (x32)

BitGuard (x32)

BlackOps: Unleashed Unitpack 1 (x32)

Borderlands (x32 Version: 1.0.295)

Borderlands 2 (x32)

Brink (x32)

Carrier Command: Gaea Mission Demo (x32)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center (x32 Version: 2011.1003.1201.19668)

Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1003.1201.19668)

Catalyst Control Center InstallProxy (x32 Version: 2011.1003.1201.19668)

Catalyst Control Center Localization All (x32 Version: 2011.1003.1201.19668)

CCC Help Chinese Standard (x32 Version: 2011.1003.1200.19668)

CCC Help Chinese Traditional (x32 Version: 2011.1003.1200.19668)

CCC Help Czech (x32 Version: 2011.1003.1200.19668)

CCC Help Danish (x32 Version: 2011.1003.1200.19668)

CCC Help Dutch (x32 Version: 2011.1003.1200.19668)

CCC Help English (x32 Version: 2011.1003.1200.19668)

CCC Help Finnish (x32 Version: 2011.1003.1200.19668)

CCC Help French (x32 Version: 2011.1003.1200.19668)

CCC Help German (x32 Version: 2011.1003.1200.19668)

CCC Help Greek (x32 Version: 2011.1003.1200.19668)

CCC Help Hungarian (x32 Version: 2011.1003.1200.19668)

CCC Help Italian (x32 Version: 2011.1003.1200.19668)

CCC Help Japanese (x32 Version: 2011.1003.1200.19668)

CCC Help Korean (x32 Version: 2011.1003.1200.19668)

CCC Help Norwegian (x32 Version: 2011.1003.1200.19668)

CCC Help Polish (x32 Version: 2011.1003.1200.19668)

CCC Help Portuguese (x32 Version: 2011.1003.1200.19668)

CCC Help Russian (x32 Version: 2011.1003.1200.19668)

CCC Help Spanish (x32 Version: 2011.1003.1200.19668)

CCC Help Swedish (x32 Version: 2011.1003.1200.19668)

CCC Help Thai (x32 Version: 2011.1003.1200.19668)

CCC Help Turkish (x32 Version: 2011.1003.1200.19668)

ccc-utility64 (Version: 2011.1003.1201.19668)

Centurion - Defender of Rome (x32)

Cisco EAP-FAST Module (x32 Version: 2.2.14)

Cisco LEAP Module (x32 Version: 1.0.19)

Cisco PEAP Module (x32 Version: 1.1.6)

Command & Conquer 3 (x32 Version: 1.00.0000)

Crusader Kings II Demo (x32)

Crysis(R) (x32 Version: 1.00.0000)

D3DX10 (x32 Version: 15.4.2368.0902)

Dawn of War - Dark Crusade (x32 Version: 1.00.0000)

Dawn of War II - Destroyer 40k (x32)

Dealply (HKCU)

DealPly (remove only) (x32 Version: 4.8.7.2)

Delta Chrome Toolbar (x32)

DIE SIEDLER - Aufstieg eines Königreichs (x32 Version: 1.00.0000)

DJ OldGames Package: Dune 2000 (x32 Version: 1.0.4.0)

DoW40K:Firestorm over Kronus Beta 3.5 (HKCU)

DVDVideoSoftTB Toolbar (x32 Version: 6.15.0.27)

EB Documentation 1.1 (x32)

Emulator Starter (HKCU Version: 1.0.0.73)

Endless Space (x32)

Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)

Faction Fronts Clear Sky 1.2.3 (x32 Version: 1.2.3)

Far Cry 3 (x32 Version: 1.05)

File Type Assistant (x32)

Final Media Player 2011 (x32)

Free File Viewer 2011 (x32)

Free YouTube to MP3 Converter version 3.11.35.1031 (x32 Version: 3.11.35.1031)

Geonezis addon for SGM 2.0, âåðñèÿ 2.0 (x32 Version: 2.0)

Google Chrome (x32 Version: 30.0.1599.101)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)

Google Update Helper (x32 Version: 1.3.21.165)

GPGNet (x32 Version: 1.0.0)

Gratuitous Space Battles - Demo (x32)

HydraVision (x32 Version: 4.2.212.0)

IL-2 Sturmovik: Forgotten Battles AEP (x32 Version: 1.00.0000)

Imperial Civil War 2.0 (HKCU)

Inquisition Daemonhunt (x32)

Iron Sky Invasion Demo (x32)

Jagged Alliance Online - Steam Edition (x32)

Java(TM) 6 Update 37 (64-bit) (Version: 6.0.370)

JNLP (HKCU)

KILLERMODPACK 2 English update (HKCU)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

McAfee Security Scan Plus (x32 Version: 3.0.285.6)

Medieval II Total War (x32 Version: 1.03.000)

Medieval II Total War : Kingdoms : Americas (x32 Version: 1.03.000)

Medieval II Total War : Kingdoms : Britannia (x32 Version: 1.03.000)

Metro 2033 (x32)

Metro: Last Light (x32)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)

Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)

Microsoft Rise Of Nations (x32)

Microsoft Silverlight (x32 Version: 4.1.10329.0)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)

Miner Wars 2081 Demo (x32)

MISERY for S.T.A.L.K.E.R - Call of Pripyat (x32)

Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)

Mozilla Maintenance Service (x32 Version: 22.0)

Mplayer.com (x32)

MSVCRT (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

MSXML4 Parser (x32 Version: 1.0.0)

Naval War: Arctic Circle Demo (x32)

NVIDIA PhysX (x32 Version: 9.12.1031)

Oblivion (x32 Version: 1.2.0416)

OpenAL (x32)

Osoznanie-MOD 8.5 (x32 Version: 8.5)

Pacific Fighters (x32 Version: 1.00.0000)

Pando Media Booster (x32 Version: 2.6.0.7)

Plus-HD-2.3 (x32 Version: 1.27.153.8)

PunkBuster Services (x32 Version: 0.993)

R.U.S.E (x32)

RAGE (x32)

REALTEK Wireless LAN Driver and Utility (x32 Version: 1.00.0155)

RelevantKnowledge (x32 Version: 1.3.336.320)

Republic at War 1.1 (x32)

Republic at War 1.1.5 (x32 Version: 1.1.5)

RESIDENT EVIL 5 (x32 Version: 1.0.0.129)

RESIDENT EVIL 6 / BIOHAZARD 6 (x32)

Rise of Nations Thrones and Patriots (x32)

Roma Surrectum II 2.5 (x32 Version: 2.5)

S.A.T.-Zaton ver. 1.00 (x32)

S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01] (x32 Version: 1.6.01)

S.T.A.L.K.E.R. - Dead City Mod 4.80 (x32)

S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005] (x32 Version: 1.0005)

S.T.A.L.K.E.R. Nature Winter 2.3 (x32 Version: 2.0)

S.T.A.L.K.E.R.: Ïóòü â Íèêóäà version 1.1 (x32 Version: 1.1)

S.T.A.L.K.E.R_Долина Шорохов (x32)

S.T.A.L.K.E.R_Смерти вопреки (x32 Version: S.T.A.L.K.E.R_Смерти вопреки)

Sid Meier's Civilization 4 (x32 Version: 1.00.0000)

Sins of a Solar Empire (x32 Version: 1.05)

Sins of a Solar Empire (x32)

SOTE1.0B (x32)

Star Conflict (x32)

Star Trek Legacy (x32 Version: 1.00.0000)

Star Wars Empire at War (x32 Version: 1.0)

Star Wars Empire at War Forces of Corruption (x32 Version: 1.0)

Star Wars Galactic Battlegrounds Trial (x32)

StarCraft II (x32 Version: 2.0.7.25293)

Starfleet Command (x32)

Starpoint Gemini (x32 Version: 1.010 DE)

Steam (x32 Version: 1.0.0.0)

Supreme Commander - Forged Alliance (x32 Version: 1.00.0000)

Supreme Commander (x32 Version: 1.00.0000)

Supreme Commander 2 (x32)

Sword of the Stars II: Enhanced Edition (x32)

The Cursed Zone (BETA) version 1.0 (x32 Version: 1.0)

The Elder Scrolls V: Skyrim (x32)

Tom Clancy's EndWar (x32 Version: 1.00.0000)

Tom Clancy's H.A.W.X (x32 Version: 1.00.00000)

Torchlight (x32 Version: 1.0.0)

Tryst Demo (x32)

UA Grand Release (x32)

UEAW v4  (x32)

Uninstall 1.0.0.1 (x32)

Unstoppable Gorg Demo (x32 Version: 1.0.4.16)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Uplay (x32 Version: 2.0)

VASSAL (3.2.5) (x32 Version: 3.2.5)

War Thunder (x32)

Wargame: AirLand Battle (x32)

Warhammer 40,000: Space Marine Demo (x32)

Warhammer® 40,000™: Dawn of War® II (x32)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3555.0308)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3555.0308)

Windows Live Messenger (x32 Version: 15.4.3538.0513)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

WinRAR (x32)

WORLD IN CONFLICT (x32 Version: 1.0.1.0)

World in Conflict MW Mod 3.5 (HKCU)

Xfire (remove only) (x32)

Yontoo 2.051 (Version: 2.051)
 

==================== Restore Points  =========================
 

25-10-2013 15:46:08 Entfernt Star Wars(TM): Empire at War(TM): Forces of Corruption(ršw¡ršw¡{“©9¤™-¶Ñ9ÔÑ9Ô{“nÞGFa

25-10-2013 15:49:13 Installiert Star Wars Empire at War Forces of Corruption
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {064E7534-7B41-4184-94FE-759186107034} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10] (Google Inc.)

Task: {06F124ED-BF54-4099-B7B1-C776827CF66B} - System32\Tasks\At42 => C:\Windows\system32\qQytqRx.com_

Task: {091EB7D9-725A-4556-9571-96D9EFF334AF} - System32\Tasks\Plus-HD-2.3-updater => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe [2013-07-21] (Plus HD)

Task: {0C53374D-0804-4184-89B3-AFF896E9FB8E} - System32\Tasks\{4BB256FB-096A-48B8-BAD6-3228648AD947} => C:\Program Files (x86)\PAN Interactive\Dominion Wars\Ds9dw.exe

Task: {0E97C431-C5AA-48E3-90D5-4499FB431883} - System32\Tasks\At13 => C:\Windows\system32\qQytqRx.com

Task: {102C0C96-FE14-4871-A1AC-971BEAA28902} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2012-02-28] (Trusted Software ApS)

Task: {10C1396F-106D-4FC8-8997-5DD5CA40EEBB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10] (Google Inc.)

Task: {121DA167-ACBB-4172-BB65-F7FA6C7A29B7} - System32\Tasks\At11 => C:\Windows\system32\qQytqRx.com

Task: {12807481-B2AE-43A7-B9E4-3D49956BE9CA} - System32\Tasks\At5 => C:\Windows\system32\qQytqRx.com

Task: {1351D6BA-15C8-4D1D-A233-28F5CAF9AF68} - System32\Tasks\At32 => C:\Windows\system32\qQytqRx.com_

Task: {1546196A-9F25-4C26-860C-E42736C702AE} - System32\Tasks\At2 => C:\Windows\system32\qQytqRx.com_

Task: {170CEF17-8962-42D0-A65C-90D574CE7610} - System32\Tasks\{EC62E532-912A-4D1C-AC64-BC37C4DDE3A2} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/abandoninstall?source=lightinstaller&amp;page=tsInstall&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered

Task: {19CBEC6D-B09F-43EE-A9D9-5D7D8B74671C} - System32\Tasks\{974978C7-074A-425A-9F00-F8B55CA0A099} => C:\Users\Steffen\Desktop\Dune 2\SETUP.EXE

Task: {1C09ED16-71F6-4AC3-A896-4480FFD6AD5E} - System32\Tasks\At18 => C:\Windows\system32\qQytqRx.com_

Task: {1DA0CB3D-5B66-4DC8-B0A4-1BA26A1B7B81} - System32\Tasks\At14 => C:\Windows\system32\qQytqRx.com_

Task: {212B7D57-E3CC-4B13-BAF5-7139F3C8DCA8} - System32\Tasks\At46 => C:\Windows\system32\qQytqRx.com_

Task: {21C8876C-BBC2-4E58-BB46-696447358760} - System32\Tasks\At25 => C:\Windows\system32\qQytqRx.com

Task: {2428A40B-293F-42C6-BAC4-0B22BA85886E} - System32\Tasks\At19 => C:\Windows\system32\qQytqRx.com

Task: {24AF90E4-6BE6-4E96-93EB-A779BD6F9C82} - System32\Tasks\At31 => C:\Windows\system32\qQytqRx.com

Task: {27D52A49-3AD2-4B87-96D6-86D2A8A4D3BB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3988711392-2741257696-3300269237-1000UA => C:\Users\Steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-21] (Facebook Inc.)

Task: {291C382E-A587-45DA-BFCB-EECEF494A824} - System32\Tasks\At45 => C:\Windows\system32\qQytqRx.com

Task: {2B3FAB53-C9A8-473C-941B-416C0961DD10} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe

Task: {2B7EA7BD-784C-42C5-B5B0-8AF5B629909F} - System32\Tasks\At27 => C:\Windows\system32\qQytqRx.com

Task: {2C773D9E-51CA-4A25-BC07-E5D94B7AD5EA} - System32\Tasks\At28 => C:\Windows\system32\qQytqRx.com_

Task: {3205D64D-3A0F-499D-83FE-C8708C92ED51} - System32\Tasks\{7C983556-0874-4FEB-98B5-761DF3C0B9F7} => C:\Users\Steffen\Desktop\Dune2\DUNE2\SETUP.EXE

Task: {33796F14-0362-46EB-A2FD-A67D037ADA42} - System32\Tasks\At3 => C:\Windows\system32\qQytqRx.com

Task: {34CD46C5-7670-4254-B12C-3AFC4533D3F7} - System32\Tasks\{E0B24DA5-6AF1-4A98-92A2-BAA27B0583DE} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.1.0.112.259&amp;LastError=12002

Task: {365D3F23-DA6C-4377-B9A6-171FA0084E20} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe

Task: {3718E38C-50E9-4EC9-BD6C-B29F0495C2AF} - System32\Tasks\At24 => C:\Windows\system32\qQytqRx.com_

Task: {39C3F108-1436-4F81-91E4-823CF34AC214} - System32\Tasks\At44 => C:\Windows\system32\qQytqRx.com_

Task: {39D55F9E-C11D-44F6-910A-E786E889EFD7} - System32\Tasks\BitGuard => Sc.exe start BitGuard

Task: {3FD6D6B6-6C9C-44AD-B338-C5DE7CBF1870} - System32\Tasks\At43 => C:\Windows\system32\qQytqRx.com

Task: {40BE47B0-7336-42A9-A43E-9054D07C5D12} - System32\Tasks\EPUpdater => C:\Users\Steffen\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] ()

Task: {42AD0655-7001-444D-A502-46D6656F6A5A} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{3F608011-468D-4A60-B51C-4333C0C457E4}.exe

Task: {43918F3D-4C1E-4C9A-98BA-24C0BCBAF881} - System32\Tasks\At17 => C:\Windows\system32\qQytqRx.com

Task: {45DAAF01-C885-4566-9E18-CB32CAFDBFE8} - System32\Tasks\At6 => C:\Windows\system32\qQytqRx.com_

Task: {4E5DECFD-6C74-480A-ADA1-D8B3C222AEE6} - System32\Tasks\{156AD313-E071-4529-9A3E-9403E3C4250A} => C:\Users\Steffen\Desktop\HAWX_Setup\Autorun.exe

Task: {60B0270B-D647-4A05-AFC8-105450DA719B} - System32\Tasks\{8FCFA7BB-B346-4FC6-8F6E-35A47D9A66C2} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/abandoninstall?source=lightinstaller&amp;page=tsDownload&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered

Task: {6156E894-D672-4B3A-A3EE-27974EDFA470} - System32\Tasks\{467E0462-CEC0-4809-8A11-8509E08D913D} => C:\Users\Steffen\Desktop\HAWX_Setup\Autorun.exe

Task: {6508EC42-4CD1-4802-B97B-F10F03A563EB} - System32\Tasks\At22 => C:\Windows\system32\qQytqRx.com_

Task: {671D2E77-FB26-4B20-B79A-034C7674EAF5} - System32\Tasks\At21 => C:\Windows\system32\qQytqRx.com

Task: {68D65262-4954-4890-830B-CF18E45CE728} - System32\Tasks\At20 => C:\Windows\system32\qQytqRx.com_

Task: {711DCC75-BFBF-43ED-B91F-FB452985BB1B} - System32\Tasks\{810FDA24-BEBF-4D6A-8D96-CE8B52CB846E} => C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\EAWXLauncher.exe [2006-10-04] (LucasArts LLC)

Task: {730BB2BF-489E-4AD6-A5B2-D8415CB49335} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2012-03-29] (Microsoft Corporation)

Task: {74A1352F-FC3F-412E-8E26-4795B1770C07} - System32\Tasks\At35 => C:\Windows\system32\qQytqRx.com

Task: {75738B4D-4528-4707-A1B6-C86E1FE64055} - System32\Tasks\Plus-HD-2.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe [2013-07-21] (Plus HD)

Task: {75A2B908-1700-450E-B5A7-3D116BC634A7} - System32\Tasks\{7411064C-95C7-4B77-B5E1-AA4329932702} => C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe [2006-10-03] (Lucasfilm Entertainment Company, Ltd.)

Task: {79A5B4B3-36DF-4E11-9CA9-B8E4E386F8A7} - System32\Tasks\At40 => C:\Windows\system32\qQytqRx.com_

Task: {7BDACB42-DEAA-4B3C-BCD4-CCCB42CD4F8C} - System32\Tasks\{6C9AF351-02F2-45BE-BD81-BFFA4ADAA759} => C:\Program Files (x86)\bitComposer Games\S.T.A.L.K.E.R. - Call Of Pripyat\bin\xrEngine.exe [2011-01-16] (GSC Game World)

Task: {7CEAADDA-9115-4AD9-B5B1-59A65A08D647} - System32\Tasks\{7E352D1A-F751-4868-B125-6A5FCCCE495A} => C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe

Task: {7D4D0B6D-231A-473C-9E48-3F3482DEAB4F} - System32\Tasks\At30 => C:\Windows\system32\qQytqRx.com_

Task: {7E6AF253-810F-4D83-8507-34340D37BE83} - System32\Tasks\At38 => C:\Windows\system32\qQytqRx.com_

Task: {7F0270BD-CAC8-413B-AAB8-02A261A1ADE0} - System32\Tasks\At37 => C:\Windows\system32\qQytqRx.com

Task: {8275F5EB-7BAB-4960-841C-A2301CF6F821} - System32\Tasks\At47 => C:\Windows\system32\qQytqRx.com

Task: {85F3E78B-6713-4515-BC94-B654A908C02E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)

Task: {877AC517-EA06-4CD5-BC08-D3E6FBBC66FF} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)

Task: {8A84487A-0CB8-41AF-A761-A4AEA2343620} - System32\Tasks\{C41501F2-B8B9-4BC4-A83D-46FA491B8A55} => C:\Users\Steffen\Desktop\Dune 2\SETUP.EXE

Task: {8C5C9D99-5C85-411F-B761-B2FEB4BF189F} - System32\Tasks\{2911E7FE-3D45-4E2A-A551-BFE21D946202} => C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe

Task: {90220A39-A55D-4974-B5DC-9904A4432E53} - System32\Tasks\At8 => C:\Windows\system32\qQytqRx.com_

Task: {933727E8-E12D-4E64-AB43-9C8025AFBCCC} - System32\Tasks\{48F05448-7611-4864-B7DA-1784A4726DEE} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.1.0.112.259&amp;LastError=12002

Task: {978C566E-9E43-48B6-9C7A-ED53EFC458C2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3988711392-2741257696-3300269237-1000

Task: {99E82A13-FD00-43C2-AB3D-2D84E3D8DB24} - System32\Tasks\{31CDE6BA-494A-4399-8E4E-7D93B8956BE2} => C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\EAWXLauncher.exe [2006-10-04] (LucasArts LLC)

Task: {9A4F3BEB-F9C6-4CBC-9A8E-D2C57131C5D7} - System32\Tasks\At10 => C:\Windows\system32\qQytqRx.com_

Task: {9B170481-121C-4643-8554-CC235CADAE55} - System32\Tasks\At36 => C:\Windows\system32\qQytqRx.com_

Task: {9B36E367-4C8B-4E70-B71F-1C89BE4D5209} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{D3924B9C-5BEB-42C1-BC10-4B4DB4D91F29}.exe

Task: {9B64EE66-DD82-4BB5-8E10-21821115E994} - System32\Tasks\{2E762E95-3B43-4072-AFBD-FC0833262A28} => C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\EAWXLauncher.exe [2006-10-04] (LucasArts LLC)

Task: {9F84D310-17AA-49FC-82AC-93D25DBF1489} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe

Task: {A310CF92-4058-4748-BA9D-734B136D9F78} - System32\Tasks\Dealply => C:\Users\Steffen\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-07-21] ()

Task: {A4352FA7-7359-496D-9846-3327E18F5449} - System32\Tasks\{FFBEA3CE-5745-4E1F-B2BF-9045B7C12554} => C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe

Task: {A85BCE12-6EA3-4351-B6A6-5F04AFBBDB78} - System32\Tasks\At26 => C:\Windows\system32\qQytqRx.com_

Task: {ADB73A88-670C-491F-89A9-F97BB6C6D560} - System32\Tasks\{827E8A62-2503-45D2-84C2-E00FADCCAAB0} => C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\ReStart.exe [2009-04-20] (Realtek)

Task: {AF09A074-E440-4EDF-85BB-49B9FED65760} - System32\Tasks\At1 => C:\Windows\system32\qQytqRx.com

Task: {B06B118C-77C6-43AF-919A-9144ACE40FEB} - System32\Tasks\{EDAA0E15-E5B6-4651-A1FE-51C61EF4D379} => C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\ReStart.exe [2009-04-20] (Realtek)

Task: {B6DB3782-390D-4D1D-82DB-6C5BBD2B85FE} - System32\Tasks\{6C34BCF9-05FB-41D2-9D83-F34083C19DDA} => C:\Program Files (x86)\PAN Interactive\Dominion Wars\Ds9dw.exe

Task: {B8356FEC-FC6B-4A2F-B6E7-32AEA4CB8A1E} - System32\Tasks\At39 => C:\Windows\system32\qQytqRx.com

Task: {C1498B77-2909-480D-9367-D76165C0471C} - System32\Tasks\At12 => C:\Windows\system32\qQytqRx.com_

Task: {C78DC4BF-3568-4DA8-87B7-B9F759B8F52F} - System32\Tasks\{EFB4F7C0-2A23-4060-93A5-B480FBEA0643} => C:\Program Files (x86)\PAN Interactive\Dominion Wars\Ds9dw.exe

Task: {C832036E-BD57-4195-8E68-6295895712EF} - System32\Tasks\{59446EBE-1F14-4BBC-806F-08DB266EA720} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/abandoninstall?source=lightinstaller&amp;page=tsProblems&amp;LastError=12002&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered

Task: {CBB0ABE6-4F15-4374-83DB-60AE356CB8BF} - System32\Tasks\At4 => C:\Windows\system32\qQytqRx.com_

Task: {CFC9C4B1-6236-4723-BD9B-37975231AA88} - System32\Tasks\Plus-HD-2.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [2013-07-21] (Plus HD)

Task: {D3787A05-304A-4520-BBF3-F381E94A135D} - System32\Tasks\Plus-HD-2.3-enabler => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [2013-07-21] (Plus HD)

Task: {D66D3D3C-46B1-455D-9AFC-8C20CCDA5CD7} - System32\Tasks\At33 => C:\Windows\system32\qQytqRx.com

Task: {D8369732-9263-4401-9300-30DED660E8E4} - System32\Tasks\At7 => C:\Windows\system32\qQytqRx.com

Task: {D9ED2453-3799-4601-8682-4CF20447DEAC} - System32\Tasks\At48 => C:\Windows\system32\qQytqRx.com_

Task: {DA9C3FD6-B4ED-4640-9B5C-EE7B2DB88CB6} - System32\Tasks\At15 => C:\Windows\system32\qQytqRx.com

Task: {DF7FE663-A954-458A-B84C-661A40063D9A} - System32\Tasks\At41 => C:\Windows\system32\qQytqRx.com

Task: {E174D8F9-011E-4EAF-88AD-0C1ADC551860} - System32\Tasks\{BC8856A1-834D-421D-88A2-D14C1380738C} => C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe

Task: {E49728FC-006D-4382-B3DE-F14DA53A5664} - System32\Tasks\{6BC149D5-FAC9-4875-9E04-8B4C3F33EC5B} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.1.0.112.259&amp;LastError=12007

Task: {E4C8C22D-8667-459B-9985-23E86E48E76B} - System32\Tasks\{8CABCBA5-CB9F-4531-ADDD-D70BF9AC1C18} => C:\Program Files (x86)\Skype\Phone\Skype.exe

Task: {E7F7A46C-6874-406A-B29D-C9ABC4B15899} - System32\Tasks\{EFCB22D3-7FE2-41DA-9FED-2BECB48827FB} => C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\EAWXLauncher.exe [2006-10-04] (LucasArts LLC)

Task: {EAAC2FEA-68DB-4654-B07E-936DC9CC02F9} - System32\Tasks\At9 => C:\Windows\system32\qQytqRx.com

Task: {EBAF9FBA-0847-4B4E-91F9-C665D9776B33} - System32\Tasks\{93481259-1508-4A4B-A25C-9518F88A1ED5} => C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\EAWXLauncher.exe [2006-10-04] (LucasArts LLC)

Task: {EC84AE02-5243-468A-9E0D-885735D21953} - System32\Tasks\At29 => C:\Windows\system32\qQytqRx.com

Task: {ECDCC370-85C1-4443-9BF0-70593A2EFA15} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software)

Task: {F024BA41-66C0-4A99-AA5A-77350309E5A2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3988711392-2741257696-3300269237-1000Core => C:\Users\Steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-21] (Facebook Inc.)

Task: {F163B38B-1905-46C1-9C5C-08CCA793D1BD} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-07-21] (Plus HD)

Task: {FB8CF8B3-3606-418E-8E23-12AF30B368F4} - System32\Tasks\At23 => C:\Windows\system32\qQytqRx.com

Task: {FDFDE72B-CD49-4D12-AAA1-0FC772C47170} - System32\Tasks\{F446335F-FBFB-4229-BC36-BBF9033C1E02} => C:\Program Files (x86)\Skype\\Phone\Skype.exe

Task: {FEC636F6-B95F-413B-8151-5CB0F6BA4375} - System32\Tasks\At16 => C:\Windows\system32\qQytqRx.com_

Task: {FEDB1967-1882-4C4C-B1FB-2CF6B3DE514A} - System32\Tasks\At34 => C:\Windows\system32\qQytqRx.com_

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{3F608011-468D-4A60-B51C-4333C0C457E4}.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{D3924B9C-5BEB-42C1-BC10-4B4DB4D91F29}.exe

Task: C:\Windows\Tasks\Dealply.job => C:\Users\Steffen\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE

Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe

Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3988711392-2741257696-3300269237-1000Core.job => C:\Users\Steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3988711392-2741257696-3300269237-1000UA.job => C:\Users\Steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe

Task: C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe

Task: C:\Windows\Tasks\Plus-HD-2.3-enabler.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe

Task: C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe

Task: C:\Windows\Tasks\Plus-HD-2.3-updater.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe
 

==================== Loaded Modules (whitelisted) =============
 

2010-10-24 13:19 - 2010-02-10 18:10 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll

2011-10-03 11:59 - 2011-10-03 11:59 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2011-07-04 06:12 - 2010-11-20 15:27 - 00326144 _____ () C:\Windows\system32\mswsock.dll

2013-10-02 09:12 - 2013-10-02 09:10 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll

2013-03-25 14:23 - 2013-08-22 00:18 - 00687104 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2011-07-14 09:55 - 2013-10-09 04:19 - 01121704 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2011-03-24 13:26 - 2013-09-11 00:20 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2012-10-13 14:10 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll

2012-10-13 14:10 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll

2012-10-13 14:10 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

2013-04-26 04:59 - 2013-10-26 08:25 - 00013600 _____ () C:\Users\Steffen\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll

2013-08-22 21:57 - 2013-08-22 12:03 - 00187984 _____ () C:\Users\Steffen\AppData\Roaming\BabSolution\Shared\enhancedNT.dll

2013-10-02 09:12 - 2013-10-02 09:10 - 00142360 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll

2012-03-06 17:45 - 2011-10-23 20:28 - 00199168 _____ () C:\Program Files (x86)\File Type Assistant\itdownload.dll

2012-11-24 16:40 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 

Name: High Definition Audio-Gerät

Description: High Definition Audio-Gerät

Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: HdAudAddService

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (10/25/2013 03:00:01 PM) (Source: Google Update) (User: Steffen-PC)

Description: Network Request Error.

Error: 0x80072ee7. Http status code: 0.

Url=https://www.facebook.com/omaha/update.php

Trying config: source=IE, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=IE, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http s
 

Error: (10/25/2013 00:34:22 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1104, Zeitstempel: 0x4e89dbfa

Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1104, Zeitstempel: 0x4e89dbfa

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00000000000218d5

ID des fehlerhaften Prozesses: 0x1b64

Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0

Pfad der fehlerhaften Anwendung: atieclxx.exe1

Pfad des fehlerhaften Moduls: atieclxx.exe2

Berichtskennung: atieclxx.exe3
 

Error: (10/25/2013 00:15:26 PM) (Source: ATIeRecord) (User: )

Description: ATI EEU Client has failed to start
 

Error: (10/25/2013 00:11:43 PM) (Source: Application Hang) (User: )

Description: Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1e74
 

Startzeit: 01ced169d84300ac
 

Endzeit: 50
 

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 

Berichts-ID:
 

Error: (10/24/2013 02:36:43 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: RtWlan.exe, Version: 700.1612.511.2010, Zeitstempel: 0x4be8f178

Name des fehlerhaften Moduls: RtlLib.dll, Version: 700.1043.506.2010, Zeitstempel: 0x4be8efae

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0001196a

ID des fehlerhaften Prozesses: 0xac8

Startzeit der fehlerhaften Anwendung: 0xRtWlan.exe0

Pfad der fehlerhaften Anwendung: RtWlan.exe1

Pfad des fehlerhaften Moduls: RtWlan.exe2

Berichtskennung: RtWlan.exe3
 

Error: (10/24/2013 01:36:38 PM) (Source: ATIeRecord) (User: )

Description: ATI EEU Client has failed to start
 

Error: (10/24/2013 09:17:51 AM) (Source: ATIeRecord) (User: )

Description: ATI EEU Client has failed to start
 

Error: (10/23/2013 06:09:59 PM) (Source: ATIeRecord) (User: )

Description: ATI EEU Client has failed to start
 

Error: (10/23/2013 09:52:20 AM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: WinRAR.exe, Version: 3.92.0.0, Zeitstempel: 0x4b72afc4

Name des fehlerhaften Moduls: bitguard.dll, Version: 2.6.1694.246, Zeitstempel: 0x5253f78e

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0017966f

ID des fehlerhaften Prozesses: 0xb94

Startzeit der fehlerhaften Anwendung: 0xWinRAR.exe0

Pfad der fehlerhaften Anwendung: WinRAR.exe1

Pfad des fehlerhaften Moduls: WinRAR.exe2

Berichtskennung: WinRAR.exe3
 

Error: (10/23/2013 09:52:18 AM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: WinRAR.exe, Version: 3.92.0.0, Zeitstempel: 0x4b72afc4

Name des fehlerhaften Moduls: bitguard.dll, Version: 2.6.1694.246, Zeitstempel: 0x5253f78e

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0017966f

ID des fehlerhaften Prozesses: 0xb94

Startzeit der fehlerhaften Anwendung: 0xWinRAR.exe0

Pfad der fehlerhaften Anwendung: WinRAR.exe1

Pfad des fehlerhaften Moduls: WinRAR.exe2

Berichtskennung: WinRAR.exe3
 
 

System errors:

=============

Error: (10/26/2013 08:39:00 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "BitGuard" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (10/26/2013 08:38:00 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "BitGuard" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (10/26/2013 08:37:32 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)

Description: Fehler beim Lesen der Datei für lokale Hosts.
 

Error: (10/26/2013 08:37:22 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)

Description: Fehler beim Lesen der Datei für lokale Hosts.
 

Error: (10/26/2013 08:37:00 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "BitGuard" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (10/26/2013 08:36:08 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)

Description: Fehler beim Lesen der Datei für lokale Hosts.
 

Error: (10/26/2013 08:36:08 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)

Description: Fehler beim Lesen der Datei für lokale Hosts.
 

Error: (10/26/2013 08:36:00 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "BitGuard" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (10/26/2013 08:35:56 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)

Description: Fehler beim Lesen der Datei für lokale Hosts.
 

Error: (10/26/2013 08:35:54 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)

Description: Fehler beim Lesen der Datei für lokale Hosts.
 
 

Microsoft Office Sessions:

=========================

Error: (10/25/2013 03:00:01 PM) (Source: Google Update)(User: Steffen-PC)

Description: Network Request Error.

Error: 0x80072ee7. Http status code: 0.

Url=https://www.facebook.com/omaha/update.php

Trying config: source=IE, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=IE, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http s
 

Error: (10/25/2013 00:34:22 PM) (Source: Application Error)(User: )

Description: atieclxx.exe6.14.11.11044e89dbfaatieclxx.exe6.14.11.11044e89dbfac000000500000000000218d51b6401ced16dc493f04bC:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe02c8299b-3d61-11e3-8c2a-8d29f436db66
 

Error: (10/25/2013 00:15:26 PM) (Source: ATIeRecord)(User: )

Description: 
 

Error: (10/25/2013 00:11:43 PM) (Source: Application Hang)(User: )

Description: iexplore.exe9.0.8112.164211e7401ced169d84300ac50C:\Program Files (x86)\Internet Explorer\iexplore.exe
 

Error: (10/24/2013 02:36:43 PM) (Source: Application Error)(User: )

Description: RtWlan.exe700.1612.511.20104be8f178RtlLib.dll700.1043.506.20104be8efaec00000050001196aac801ced0b5ade9b084C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exeC:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlLib.dllef8c4599-3ca8-11e3-b000-fd51a8258b66
 

Error: (10/24/2013 01:36:38 PM) (Source: ATIeRecord)(User: )

Description: 
 

Error: (10/24/2013 09:17:51 AM) (Source: ATIeRecord)(User: )

Description: 
 

Error: (10/23/2013 06:09:59 PM) (Source: ATIeRecord)(User: )

Description: 
 

Error: (10/23/2013 09:52:20 AM) (Source: Application Error)(User: )

Description: WinRAR.exe3.92.0.04b72afc4bitguard.dll2.6.1694.2465253f78ec00000050017966fb9401cecfc4c897ba75C:\Program Files (x86)\WinRAR\WinRAR.exec:\progra~4\bitguard\261694~1.246\{c16c1~1\bitguard.dll0b239665-3bb8-11e3-ad1d-aa6e5af0fd67
 

Error: (10/23/2013 09:52:18 AM) (Source: Application Error)(User: )

Description: WinRAR.exe3.92.0.04b72afc4bitguard.dll2.6.1694.2465253f78ec00000050017966fb9401cecfc4c897ba75C:\Program Files (x86)\WinRAR\WinRAR.exec:\progra~4\bitguard\261694~1.246\{c16c1~1\bitguard.dll09a1f778-3bb8-11e3-ad1d-aa6e5af0fd67
 
 

CodeIntegrity Errors:

===================================

  Date: 2013-10-23 01:37:34.005

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\Temp\TMP00000163757CDD01BD00923E" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-10-23 01:37:33.945

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\Temp\TMP00000163757CDD01BD00923E" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-10-23 01:37:33.895

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\Temp\TMP00000163757CDD01BD00923E" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-09-20 02:47:03.908

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\Temp\TMP00000163757CDD01BD00923E" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-09-20 02:47:03.838

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\Temp\TMP00000163757CDD01BD00923E" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-09-20 02:47:03.778

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\Temp\TMP00000163757CDD01BD00923E" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-09-19 01:38:38.056

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\Temp\TMP00000163757CDD01BD00923E" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-09-19 01:38:37.996

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\Temp\TMP00000163757CDD01BD00923E" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-09-19 01:38:37.926

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\Temp\TMP00000163757CDD01BD00923E" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-08-31 04:31:32.857

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\Temp\TMP00000163757CDD01BD00923E" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 37%

Total physical RAM: 4059.49 MB

Available physical RAM: 2524.18 MB

Total Pagefile: 8117.18 MB

Available Pagefile: 5975.51 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: (Daten) (Fixed) (Total:831.51 GB) (Free:24.48 GB) NTFS

Drive d: (System) (Fixed) (Total:100 GB) (Free:27.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive f: (EAWX_1) (CDROM) (Total:1.42 GB) (Free:0 GB) UDF

Drive h: (INTENSO) (Removable) (Total:14.73 GB) (Free:14.73 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0C19B2D7)

Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=832 GB) - (Type=07 NTFS)
 

========================================================

Disk: 5 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 

==================== End Of Log ============================

Ok. Da bleibt noch einiges zu tun...

Schritt 1

Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
Suche und deinstalliere dort der Reihe nach folgende Einträge:
BitGuard
Dealply
Delta Chrome Toolbar
Google Update Helper
Plus-HD-2.3
RelevantKnowledge
Yontoo 2.051
Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.

Schritt 2

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 4

Starte noch einmal FRST.

Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

So habe die Einträge gelöscht und die Programme durchlaufen lassen! Das sind alle Textdateien die dabei heraus kamen.

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013

Ran by Steffen (administrator) on STEFFEN-PC on 26-10-2013 08:37:29

Running from C:\Users\Steffen\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\Rtlservice.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Yontoo LLC) C:\Users\Steffen\AppData\Roaming\Yontoo\YontooDesktop.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe

() C:\Program Files (x86)\AVG Secure Search\vprot.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Trusted Software ApS) C:\Program Files (x86)\File Type Assistant\TSAssist.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(AMD) C:\Windows\system32\atieclxx.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

() C:\Program Files (x86)\AVG Secure Search\vprot.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
 

==================== Registry (Whitelisted) ==================
 

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1813928 2013-10-09] (Valve Corporation)

HKCU\...\Run: [Facebook Update] - C:\Users\Steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-21] (Facebook Inc.)

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-10] (Google Inc.)

HKCU\...\Run: [Yontoo Desktop] - C:\Users\Steffen\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-23] (Yontoo LLC)

HKCU\...\Run: [Desura] - C:\Program Files (x86)\Desura\desura.exe -autostart

HKCU\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe  "C:\Users\Steffen\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run

MountPoints2: E - E:\setup\rsrc\Autorun.exe

MountPoints2: G - G:\AutoRun.exe

MountPoints2: J - J:\AutoRun.exe

MountPoints2: K - K:\AutoRun.exe

MountPoints2: {0804d94a-4969-11e0-b9fe-ca997159e56d} - J:\AutoRun.exe

MountPoints2: {0804d950-4969-11e0-b9fe-ca997159e56d} - K:\AutoRun.exe

MountPoints2: {34bda76a-b064-11e1-a5e7-9419690ce16b} - G:\AutoRun.exe

MountPoints2: {40926667-af9d-11e1-9bec-9a5259183969} - G:\AutoRun.exe

MountPoints2: {69b2bc64-654c-11e0-bbb4-806e6f6e6963} - J:\AutoRun.exe

MountPoints2: {933863d4-5a71-11e1-9dc4-c83485033601} - J:\AutoRun.exe

MountPoints2: {93386410-5a71-11e1-9dc4-c83485033601} - H:\AutoRun.exe

MountPoints2: {b1a76898-e639-11e1-a47c-d7bdb6205215} - F:\AutoRun.exe

MountPoints2: {b1a7689c-e639-11e1-a47c-d7bdb6205215} - F:\AutoRun.exe

MountPoints2: {b57c4aab-1fd8-11e1-970d-96cd778e2036} - J:\AutoRun.exe

MountPoints2: {b57c4aaf-1fd8-11e1-970d-96cd778e2036} - J:\AutoRun.exe

MountPoints2: {d6c996a7-61c2-11e0-9837-b73251542568} - I:\autorun.exe

MountPoints2: {dcac8041-c4fd-11e1-a4ad-806e6f6e6963} - F:\EAWXLauncher.exe

MountPoints2: {e68a8043-fd8c-11e0-9864-88f24a0f2662} - J:\AutoRun.exe

MountPoints2: {e68a8047-fd8c-11e0-9864-88f24a0f2662} - H:\AutoRun.exe

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2404376 2013-10-02] ()

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-03] (Advanced Micro Devices, Inc.)

AppInit_DLLs-x32: c:\progra~4\bitguard\261694~1.246\{c16c1~1\bitguard.dll [ ] ()

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFB3865A8AEDECB01

HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=C458001333ABAFC0&affID=119357&tt=210713_nt&tsp=4950

URLSearchHook: (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  No File

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - DefaultScope {B87D517D-37D3-4ECA-B1AD-DD0987BBDDE9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&CUI=UN15765694262647729&UM=1&SSPV=TB_TS7

SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C458001333ABAFC0&affID=119357&tt=210713_nt&tsp=4950

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={44BAB095-614A-45C5-B6BE-02213C1DD91A}&mid=2b3a49def34747d0b6d916a72c3389c2-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=pp011&pr=sa&d=2012-06-23 16:09:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {B87D517D-37D3-4ECA-B1AD-DD0987BBDDE9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&CUI=UN15765694262647729&UM=1&SSPV=TB_TS7

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO-x32: Plus-HD-2.3 - {11111111-1111-1111-1111-110311341126} - C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)

BHO-x32: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: DealPly Shopping - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files (x86)\DealPly\DealPlyIE.dll No File

BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)

Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File

DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog9 01 mswsock.dll File Not found ()

Winsock: Catalog9 02 mswsock.dll File Not found ()

Winsock: Catalog9 03 mswsock.dll File Not found ()

Winsock: Catalog9 04 mswsock.dll File Not found ()

Winsock: Catalog9 05 mswsock.dll File Not found ()

Winsock: Catalog9 06 mswsock.dll File Not found ()

Winsock: Catalog9 07 mswsock.dll File Not found ()

Winsock: Catalog9 08 mswsock.dll File Not found ()

Winsock: Catalog9 09 mswsock.dll File Not found ()

Winsock: Catalog9 10 mswsock.dll File Not found ()

Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog9-x64 01 mswsock.dll File Not found ()

Winsock: Catalog9-x64 02 mswsock.dll File Not found ()

Winsock: Catalog9-x64 03 mswsock.dll File Not found ()

Winsock: Catalog9-x64 04 mswsock.dll File Not found ()

Winsock: Catalog9-x64 05 mswsock.dll File Not found ()

Winsock: Catalog9-x64 06 mswsock.dll File Not found ()

Winsock: Catalog9-x64 07 mswsock.dll File Not found ()

Winsock: Catalog9-x64 08 mswsock.dll File Not found ()

Winsock: Catalog9-x64 09 mswsock.dll File Not found ()

Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
 

Hosts: Hosts file not detected in the default directory

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default

FF user.js: detected! => C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\user.js

FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=C458001333ABAFC0&affID=119357&tt=210713_nt&tsp=4950

FF SearchEngineOrder.1: Delta Search

FF SelectedSearchEngine: Delta Search

FF Homepage: hxxp://search.babylon.com/?babsrc=HP_ss_sps&mntrId=C458001333ABAFC0&affID=119357&tt=210713_nt&tsp=4950

FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?octid=CT2269050&ctid=CT2269050&SearchSource=2&CUI=UN18699443131722559&UM=1&sspv=TB_CH5&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)

FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Steffen\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF SearchPlugin: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\searchplugins\Babylon.xml

FF SearchPlugin: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\searchplugins\BrowserDefender.xml

FF SearchPlugin: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\searchplugins\delta.xml

FF SearchPlugin: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\searchplugins\dvdvideosofttb-customized-web-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: No Name - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com

FF Extension: Yontoo - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Extensions\plugin@yontoo.com

FF Extension: DVDVideoSoftTB  - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

FF Extension: torntv2 - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Extensions\torntv2@torntv.com.xpi

FF Extension: No Name - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12

FF Extension: No Name - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12

FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox

FF Extension: No Name - C:\Program Files (x86)\RelevantKnowledge\firefox
 

Chrome: 

=======

CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=C458001333ABAFC0&affID=119557&tt=160713_9127&tsp=4946"

CHR DefaultSearchURL: (Delta Search) - hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C458001333ABAFC0&affID=119357&tt=210713_nt&tsp=4950

CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)

CHR Plugin: (DealPlyLive Update) - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

CHR Plugin: (Facebook Desktop) - C:\Users\Steffen\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

CHR Extension: (Delta Toolbar) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.5.2_0

CHR Extension: (AVG Secure Search) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.1.12_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (Plus-HD-2.3) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.17_0

CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx

CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Steffen\AppData\Roaming\BabSolution\CR\Delta.crx

CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx

CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx

CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx
 

==================== Services (Whitelisted) =================
 

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)

R2 idebusdr; C:\Windows\system32\ADIDTSFiltService.dll [6656 2009-07-14] (Oak Technology Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)

S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-09] ()

R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\Rtlservice.exe [36864 2010-04-16] (Realtek)

R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)

R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)

S2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]

S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /svc [x]

S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /medsvc [x]

S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service [x]

S2 Yontoo Desktop Updater; "C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\Steffen\AppData\Roaming\Yontoo\YontooDesktop.exe"
 

==================== Drivers (Whitelisted) ====================
 

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-08-10] ()

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-08-10] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
 

========================== Drivers MD5 =======================
 

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\atikmdag.sys 78546921D348E9F917E00B9ED8279C3C

C:\Windows\System32\DRIVERS\atikmpag.sys 619C03C378BE737B779E2CD9ECB9C778

C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49

C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\System32\drivers\AtihdW76.sys DBB487D09F56C674430AC454FD8BCAB9

C:\Windows\System32\drivers\AtiHdmi.sys 77C149E6D702737B2E372DEE166FAEF8

C:\Windows\System32\DRIVERS\atksgt.sys B4BDE3F758A34658A37DFED3D9783CD8

C:\Windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06

C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys C4943B6C962E4B82197542447AD599F4

C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit

C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B

C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A

C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ewusbmdm.sys CDAA8E257BB625B2387219E605DDE37D

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit

C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366

C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit

C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys DA1E991A61CFDD755A589E206B97644B

C:\Windows\System32\Drivers\ksecpkg.sys 7E33198D956943A4F11A5474C1E9106F

C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lirsgt.sys 955982BF4421B77722196552B62E8DC2

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910

C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC

C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163

C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C

C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8

C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD

C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\RDPWD.sys 6D76E6433574B058ADCB0C50DF834492

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RTL8192su.sys 9F0926BC1544AC13E7F153E3E77B1B17

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B

C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28

C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3

C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit

C:\Windows\System32\drivers\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9

C:\Windows\System32\DRIVERS\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9

C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8

C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit

C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit

C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A

C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C

C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B

C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24

C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31

C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6

C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\xnacc.sys 4A5CE13408945E525503B5F73D29B9C5
 

==================== NetSvcs (Whitelisted) ===================
 

NETSVC: idebusdr -> C:\Windows\system32\ADIDTSFiltService.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
 

==================== One Month Created Files and Folders ========
 

2013-10-26 08:37 - 2013-10-24 18:23 - 01955412 _____ (Farbar) C:\Users\Steffen\Desktop\FRST64.exe

2013-10-25 14:58 - 2013-10-25 14:58 - 00000000 ____D C:\FRST

2013-10-25 12:37 - 2013-10-25 12:37 - 00002164 _____ C:\Users\Gast\Desktop\S.T.A.L.K.E.R. COP Trainer +10_.exe - Verknüpfung.lnk

2013-10-25 12:21 - 2013-10-25 12:21 - 00084698 _____ C:\Users\Gast\Desktop\Extras.Txt

2013-10-25 12:21 - 2013-10-25 12:21 - 00067742 _____ C:\Users\Gast\Desktop\OTL.Txt

2013-10-25 12:14 - 2013-10-25 12:14 - 00602112 _____ (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe

2013-10-25 10:23 - 2013-10-25 10:25 - 127231689 _____ (Igor Pavlov) C:\Users\Gast\Desktop\OTLPENet.exe

2013-10-25 10:09 - 2013-10-25 10:09 - 00274368 _____ C:\Windows\Minidump\102513-13962-01.dmp

2013-10-25 08:34 - 2013-10-25 08:34 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search

2013-10-24 22:38 - 2013-10-24 22:38 - 00274368 _____ C:\Windows\Minidump\102413-15787-01.dmp

2013-10-24 18:30 - 2013-10-24 18:30 - 00274368 _____ C:\Windows\Minidump\102413-16489-01.dmp

2013-10-24 16:25 - 2013-10-24 16:26 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner

2013-10-24 15:29 - 2013-10-24 15:29 - 00000460 _____ C:\Users\Gast\Documents\aswMBR.txt

2013-10-24 14:59 - 2013-10-24 14:59 - 00000000 ____D C:\Users\Gast\mbar

2013-10-24 14:51 - 2013-10-24 14:52 - 00000000 ____D C:\ProgramData\Oracle

2013-10-24 08:39 - 2013-10-24 10:39 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Petroglyph

2013-10-24 08:37 - 2013-10-24 08:37 - 00027648 _____ C:\Users\Gast\Desktop\ModLauncher.exe

2013-10-23 21:20 - 2013-10-23 21:20 - 00000000 ____D C:\Users\Gast\AppData\Roaming\WinRAR

2013-10-23 19:02 - 2013-10-23 19:02 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-10-23 17:56 - 2013-10-23 17:57 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe

2013-10-23 17:28 - 2013-10-25 10:09 - 385355457 _____ C:\Windows\MEMORY.DMP

2013-10-23 17:28 - 2013-10-23 17:28 - 00274368 _____ C:\Windows\Minidump\102313-22932-01.dmp

2013-10-23 15:57 - 2013-10-23 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\Google

2013-10-23 15:57 - 2013-10-23 17:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe

2013-10-23 15:57 - 2013-10-23 15:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Google

2013-10-23 15:57 - 2013-10-23 15:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia

2013-10-23 15:52 - 2013-10-23 15:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes

2013-10-23 08:50 - 2013-10-23 15:24 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard

2013-10-21 14:14 - 2013-10-21 14:14 - 00001821 _____ C:\Users\Steffen\Desktop\Stargate - Verknüpfung.lnk

2013-10-21 13:47 - 2013-10-23 09:38 - 00000000 ____D C:\Users\Steffen\Desktop\Babylon 5 Wars

2013-10-17 09:17 - 2013-10-17 09:17 - 00027648 _____ C:\Users\Steffen\Desktop\ModLauncher.exe

2013-10-08 21:35 - 2013-10-08 21:35 - 00000000 ____D C:\Users\Steffen\AppData\Local\Targem

2013-10-08 20:45 - 2013-10-08 20:45 - 00000222 _____ C:\Users\Steffen\Desktop\Star Conflict.url

2013-10-08 20:03 - 2013-10-08 20:03 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

2013-10-08 12:50 - 2013-10-08 12:59 - 00000000 ____D C:\ProgramData\WarThunder

2013-10-08 12:50 - 2013-10-08 12:50 - 00000000 ____D C:\Users\Steffen\AppData\Local\WarThunder

2013-10-08 10:49 - 2013-10-08 10:49 - 00000222 _____ C:\Users\Steffen\Desktop\War Thunder.url

2013-10-08 09:44 - 2013-10-08 09:44 - 00003156 _____ C:\Windows\System32\Tasks\{EB9FF8E1-7E37-413B-811D-EF5CD26E5573}

2013-10-08 08:19 - 2013-10-08 08:19 - 00000000 ____D C:\Users\Steffen\AppData\Local\Chromium

2013-10-07 12:24 - 2013-10-17 14:37 - 00000178 _____ C:\Users\Steffen\Desktop\Age of Conan Unchained - EU version.url

2013-10-06 16:29 - 2013-10-06 16:30 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\MinerWars

2013-10-06 16:28 - 2013-10-06 16:28 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-06 15:41 - 2013-10-06 15:41 - 00000222 _____ C:\Users\Steffen\Desktop\Jagged Alliance Online - Steam Edition.url

2013-09-28 23:11 - 2013-09-28 23:11 - 00414241 _____ C:\Uninstall.ini

2013-09-26 20:58 - 2013-09-26 20:58 - 00003288 _____ C:\Windows\System32\Tasks\{4A8C961A-01B8-4F5C-9F69-8316C44F007C}

2013-09-26 20:48 - 2013-09-26 20:48 - 00000000 ____D C:\ProgramData\ATI

2013-09-26 20:48 - 2013-09-26 20:48 - 00000000 ____D C:\Program Files (x86)\AMD APP

2013-09-26 20:46 - 2013-09-26 20:46 - 00018357 _____ C:\Windows\SysWOW64\CCCInstall_201309262046523347.log

2013-09-26 20:46 - 2013-09-26 20:46 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies

2013-09-26 20:43 - 2013-09-26 20:43 - 00000000 ____D C:\AMD
 

==================== One Month Modified Files and Folders =======
 

2013-10-26 08:37 - 2010-10-04 06:53 - 01059589 _____ C:\Windows\WindowsUpdate.log

2013-10-26 08:36 - 2013-07-21 18:18 - 00001198 _____ C:\Windows\Tasks\Plus-HD-2.3-updater.job

2013-10-26 08:36 - 2013-07-21 18:16 - 00001910 _____ C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job

2013-10-26 08:35 - 2013-07-21 18:17 - 00001202 _____ C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job

2013-10-26 08:35 - 2013-07-21 18:17 - 00001102 _____ C:\Windows\Tasks\Plus-HD-2.3-enabler.job

2013-10-26 08:35 - 2013-07-21 18:17 - 00000904 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job

2013-10-26 08:35 - 2013-07-21 18:16 - 00001834 _____ C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job

2013-10-26 08:35 - 2013-06-09 05:27 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job

2013-10-26 08:35 - 2013-06-04 18:13 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2013-10-26 08:35 - 2012-03-06 17:45 - 00000406 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job

2013-10-26 08:35 - 2011-03-10 01:20 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-26 08:31 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-26 08:31 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-26 08:25 - 2013-04-01 21:42 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Yontoo

2013-10-26 08:24 - 2011-03-24 10:13 - 00000000 ____D C:\Program Files (x86)\Steam

2013-10-26 08:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-26 08:24 - 2009-07-14 06:51 - 00325544 _____ C:\Windows\setupact.log

2013-10-25 22:22 - 2013-07-21 18:17 - 00000908 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job

2013-10-25 22:22 - 2011-03-10 01:20 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-25 22:16 - 2013-07-21 18:16 - 00000298 _____ C:\Windows\Tasks\Dealply.job

2013-10-25 21:45 - 2013-02-03 17:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-25 21:38 - 2012-04-13 21:21 - 00001146 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3988711392-2741257696-3300269237-1000UA.job

2013-10-25 19:08 - 2011-09-28 15:25 - 00000000 ____D C:\Users\Steffen\Desktop\Games

2013-10-25 18:38 - 2012-04-13 21:21 - 00001124 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3988711392-2741257696-3300269237-1000Core.job

2013-10-25 17:49 - 2010-10-05 11:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-10-25 17:29 - 2013-08-30 08:42 - 00000104 _____ C:\Users\Steffen\Desktop\firefoxmodsite.txt

2013-10-25 15:58 - 2010-10-04 07:02 - 00000000 ___RD C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-10-25 14:58 - 2013-10-25 14:58 - 00000000 ____D C:\FRST

2013-10-25 12:37 - 2013-10-25 12:37 - 00002164 _____ C:\Users\Gast\Desktop\S.T.A.L.K.E.R. COP Trainer +10_.exe - Verknüpfung.lnk

2013-10-25 12:21 - 2013-10-25 12:21 - 00084698 _____ C:\Users\Gast\Desktop\Extras.Txt

2013-10-25 12:21 - 2013-10-25 12:21 - 00067742 _____ C:\Users\Gast\Desktop\OTL.Txt

2013-10-25 12:14 - 2013-10-25 12:14 - 00602112 _____ (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe

2013-10-25 10:25 - 2013-10-25 10:23 - 127231689 _____ (Igor Pavlov) C:\Users\Gast\Desktop\OTLPENet.exe

2013-10-25 10:09 - 2013-10-25 10:09 - 00274368 _____ C:\Windows\Minidump\102513-13962-01.dmp

2013-10-25 10:09 - 2013-10-23 17:28 - 385355457 _____ C:\Windows\MEMORY.DMP

2013-10-25 10:09 - 2011-07-26 19:28 - 00000000 ____D C:\Windows\Minidump

2013-10-25 08:34 - 2013-10-25 08:34 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search

2013-10-24 22:38 - 2013-10-24 22:38 - 00274368 _____ C:\Windows\Minidump\102413-15787-01.dmp

2013-10-24 18:30 - 2013-10-24 18:30 - 00274368 _____ C:\Windows\Minidump\102413-16489-01.dmp

2013-10-24 18:23 - 2013-10-26 08:37 - 01955412 _____ (Farbar) C:\Users\Steffen\Desktop\FRST64.exe

2013-10-24 18:03 - 2009-07-14 19:58 - 00696848 _____ C:\Windows\system32\perfh007.dat

2013-10-24 18:03 - 2009-07-14 19:58 - 00148144 _____ C:\Windows\system32\perfc007.dat

2013-10-24 18:03 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-24 16:27 - 2011-04-07 08:16 - 00000000 ____D C:\Users\Gast

2013-10-24 16:26 - 2013-10-24 16:25 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner

2013-10-24 15:29 - 2013-10-24 15:29 - 00000460 _____ C:\Users\Gast\Documents\aswMBR.txt

2013-10-24 14:59 - 2013-10-24 14:59 - 00000000 ____D C:\Users\Gast\mbar

2013-10-24 14:52 - 2013-10-24 14:51 - 00000000 ____D C:\ProgramData\Oracle

2013-10-24 10:39 - 2013-10-24 08:39 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Petroglyph

2013-10-24 08:37 - 2013-10-24 08:37 - 00027648 _____ C:\Users\Gast\Desktop\ModLauncher.exe

2013-10-23 21:57 - 2013-04-01 17:04 - 00000000 ____D C:\Program Files (x86)\RelevantKnowledge

2013-10-23 21:20 - 2013-10-23 21:20 - 00000000 ____D C:\Users\Gast\AppData\Roaming\WinRAR

2013-10-23 21:13 - 2009-07-14 06:45 - 00006144 _____ C:\Windows\system32\umstartup.etl

2013-10-23 19:15 - 2013-10-23 15:57 - 00000000 ____D C:\Users\Gast\AppData\Local\Google

2013-10-23 19:02 - 2013-10-23 19:02 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-10-23 17:57 - 2013-10-23 17:56 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe

2013-10-23 17:57 - 2013-10-23 15:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe

2013-10-23 17:56 - 2011-11-14 19:17 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader 8.lnk

2013-10-23 17:56 - 2011-11-14 19:17 - 00000000 ____D C:\ProgramData\Adobe

2013-10-23 17:28 - 2013-10-23 17:28 - 00274368 _____ C:\Windows\Minidump\102313-22932-01.dmp

2013-10-23 15:58 - 2013-10-23 15:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Google

2013-10-23 15:57 - 2013-10-23 15:57 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia

2013-10-23 15:52 - 2013-10-23 15:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes

2013-10-23 15:52 - 2011-04-07 08:17 - 00058144 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-23 15:51 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-23 15:25 - 2011-02-11 15:12 - 00481436 _____ C:\Windows\PFRO.log

2013-10-23 15:24 - 2013-10-23 08:50 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard

2013-10-23 15:23 - 2013-07-21 18:16 - 00000000 ____D C:\Program Files (x86)\DealPly

2013-10-23 09:38 - 2013-10-21 13:47 - 00000000 ____D C:\Users\Steffen\Desktop\Babylon 5 Wars

2013-10-22 15:55 - 2011-09-27 18:36 - 00000000 ____D C:\Users\Steffen\Desktop\Stoner-Doom Metal

2013-10-22 14:05 - 2013-06-06 16:32 - 00006633 _____ C:\Users\Public\Documents\stalke~1.ltx

2013-10-22 09:49 - 2013-09-07 00:06 - 00000000 ____D C:\Users\Steffen\Desktop\Doom 2

2013-10-21 14:14 - 2013-10-21 14:14 - 00001821 _____ C:\Users\Steffen\Desktop\Stargate - Verknüpfung.lnk

2013-10-20 13:42 - 2013-09-02 22:21 - 00000000 ____D C:\Users\Steffen\Desktop\Space Battleships

2013-10-20 12:08 - 2010-11-21 20:53 - 00000000 ____D C:\Users\Steffen\Documents\My Games

2013-10-18 10:25 - 2013-07-13 12:54 - 00002188 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-10-17 14:37 - 2013-10-07 12:24 - 00000178 _____ C:\Users\Steffen\Desktop\Age of Conan Unchained - EU version.url

2013-10-17 09:17 - 2013-10-17 09:17 - 00027648 _____ C:\Users\Steffen\Desktop\ModLauncher.exe

2013-10-16 10:24 - 2013-08-23 08:28 - 00000000 ____D C:\Users\Steffen\Desktop\Star Wars Mods

2013-10-16 09:57 - 2013-01-12 13:20 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phoenix Rising

2013-10-09 15:17 - 2011-03-10 01:20 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-10-09 15:17 - 2011-03-10 01:20 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-10-09 10:45 - 2013-02-03 17:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-10-09 10:45 - 2012-06-05 21:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-09 10:45 - 2012-06-05 21:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-09 00:15 - 2013-09-13 19:40 - 00000000 ____D C:\ProgramData\BitGuard

2013-10-08 21:35 - 2013-10-08 21:35 - 00000000 ____D C:\Users\Steffen\AppData\Local\Targem

2013-10-08 20:45 - 2013-10-08 20:45 - 00000222 _____ C:\Users\Steffen\Desktop\Star Conflict.url

2013-10-08 20:30 - 2013-09-16 09:45 - 00000000 ____D C:\Users\Steffen\Desktop\Codex

2013-10-08 20:03 - 2013-10-08 20:03 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

2013-10-08 12:59 - 2013-10-08 12:50 - 00000000 ____D C:\ProgramData\WarThunder

2013-10-08 12:57 - 2011-08-10 12:10 - 00000000 ___HD C:\Windows\msdownld.tmp

2013-10-08 12:57 - 2011-08-10 12:10 - 00000000 ____D C:\Windows\SysWOW64\directx

2013-10-08 12:50 - 2013-10-08 12:50 - 00000000 ____D C:\Users\Steffen\AppData\Local\WarThunder

2013-10-08 10:49 - 2013-10-08 10:49 - 00000222 _____ C:\Users\Steffen\Desktop\War Thunder.url

2013-10-08 09:44 - 2013-10-08 09:44 - 00003156 _____ C:\Windows\System32\Tasks\{EB9FF8E1-7E37-413B-811D-EF5CD26E5573}

2013-10-08 08:19 - 2013-10-08 08:19 - 00000000 ____D C:\Users\Steffen\AppData\Local\Chromium

2013-10-07 13:42 - 2011-11-21 15:55 - 00000000 ___RD C:\Users\Steffen\Desktop\FILME!!!

2013-10-07 13:14 - 2010-10-04 07:41 - 00000000 ____D C:\Users\Steffen\Desktop\Krempel

2013-10-07 11:19 - 2012-06-10 15:35 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\uTorrent

2013-10-06 16:30 - 2013-10-06 16:29 - 00000000 ____D C:\Users\Steffen\AppData\Roaming\MinerWars

2013-10-06 16:28 - 2013-10-06 16:28 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-06 15:41 - 2013-10-06 15:41 - 00000222 _____ C:\Users\Steffen\Desktop\Jagged Alliance Online - Steam Edition.url

2013-10-05 23:09 - 2013-09-25 20:56 - 00000890 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk

2013-10-05 12:56 - 2010-06-16 16:52 - 00000000 ____D C:\Program Data

2013-10-04 00:20 - 2010-10-04 07:37 - 00475388 _____ C:\Windows\DirectX.log

2013-10-02 09:13 - 2013-06-27 10:12 - 00003728 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml

2013-10-02 09:12 - 2012-06-23 16:09 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search

2013-10-02 09:10 - 2012-11-30 08:05 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2013-09-28 23:11 - 2013-09-28 23:11 - 00414241 _____ C:\Uninstall.ini

2013-09-28 23:11 - 2011-03-04 16:31 - 00273164 _____ C:\Uninstall.exe

2013-09-26 20:58 - 2013-09-26 20:58 - 00003288 _____ C:\Windows\System32\Tasks\{4A8C961A-01B8-4F5C-9F69-8316C44F007C}

2013-09-26 20:48 - 2013-09-26 20:48 - 00000000 ____D C:\ProgramData\ATI

2013-09-26 20:48 - 2013-09-26 20:48 - 00000000 ____D C:\Program Files (x86)\AMD APP

2013-09-26 20:48 - 2010-10-04 07:58 - 00000000 ____D C:\Program Files (x86)\ATI Technologies

2013-09-26 20:48 - 2010-10-04 07:57 - 00000000 ____D C:\Program Files\ATI Technologies

2013-09-26 20:46 - 2013-09-26 20:46 - 00018357 _____ C:\Windows\SysWOW64\CCCInstall_201309262046523347.log

2013-09-26 20:46 - 2013-09-26 20:46 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies

2013-09-26 20:43 - 2013-09-26 20:43 - 00000000 ____D C:\AMD
 

ZeroAccess:

C:\Windows\System32\consrv.dll
 

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini
 

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini
 

Some content of TEMP:

====================

C:\Users\Gast\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Gast\AppData\Local\Temp\InstHelper.exe

C:\Users\Gast\AppData\Local\Temp\Quarantine.exe

C:\Users\Gast\AppData\Local\Temp\Uninstall_2.exe

C:\Users\Steffen\AppData\Local\Temp\CH.dll

C:\Users\Steffen\AppData\Local\Temp\_is5FFD.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
 

==================== BCD ================================
 

Windows-Start-Manager

---------------------

Bezeichner              {bootmgr}

device                  partition=D:

description             Windows Boot Manager

locale                  de-DE

inherit                 {globalsettings}

default                 {current}

resumeobject            {00b1d430-3bf6-11df-b345-6cf0490f0c84}

displayorder            {current}

                        {00b1d42d-3bf6-11df-b345-6cf0490f0c84}

toolsdisplayorder       {memdiag}

timeout                 30
 

Windows-Startladeprogramm

-------------------------

Bezeichner              {00b1d42d-3bf6-11df-b345-6cf0490f0c84}

device                  partition=D:

path                    \Windows\system32\winload.exe

description             Windows 7

locale                  de-DE

inherit                 {bootloadersettings}

recoverysequence        {00b1d42e-3bf6-11df-b345-6cf0490f0c84}

recoveryenabled         Yes

osdevice                partition=D:

systemroot              \Windows

resumeobject            {00b1d42c-3bf6-11df-b345-6cf0490f0c84}

nx                      OptIn

detecthal               Yes
 

Windows-Startladeprogramm

-------------------------

Bezeichner              {00b1d42e-3bf6-11df-b345-6cf0490f0c84}

device                  ramdisk=[D:]\Recovery\00b1d42e-3bf6-11df-b345-6cf0490f0c84\Winre.wim,{00b1d42f-3bf6-11df-b345-6cf0490f0c84}

path                    \windows\system32\winload.exe

description             Windows Recovery Environment

inherit                 {bootloadersettings}

osdevice                ramdisk=[D:]\Recovery\00b1d42e-3bf6-11df-b345-6cf0490f0c84\Winre.wim,{00b1d42f-3bf6-11df-b345-6cf0490f0c84}

systemroot              \windows

nx                      OptIn

winpe                   Yes
 

Windows-Startladeprogramm

-------------------------

Bezeichner              {current}

device                  partition=C:

path                    \Windows\system32\winload.exe

description             Windows 7

locale                  de-DE

inherit                 {bootloadersettings}

recoverysequence        {00b1d432-3bf6-11df-b345-6cf0490f0c84}

recoveryenabled         Yes

osdevice                partition=C:

systemroot              \Windows

resumeobject            {00b1d430-3bf6-11df-b345-6cf0490f0c84}

nx                      OptIn
 

Windows-Startladeprogramm

-------------------------

Bezeichner              {00b1d432-3bf6-11df-b345-6cf0490f0c84}

device                  ramdisk=[C:]\Recovery\00b1d432-3bf6-11df-b345-6cf0490f0c84\Winre.wim,{00b1d433-3bf6-11df-b345-6cf0490f0c84}

path                    \windows\system32\winload.exe

description             Windows Recovery Environment

inherit                 {bootloadersettings}

osdevice                ramdisk=[C:]\Recovery\00b1d432-3bf6-11df-b345-6cf0490f0c84\Winre.wim,{00b1d433-3bf6-11df-b345-6cf0490f0c84}

systemroot              \windows

nx                      OptIn

winpe                   Yes
 

Wiederaufnahme aus dem Ruhezustand

----------------------------------

Bezeichner              {00b1d42c-3bf6-11df-b345-6cf0490f0c84}

device                  partition=D:

path                    \Windows\system32\winresume.exe

description             Windows Resume Application

locale                  de-DE

inherit                 {resumeloadersettings}

filedevice              partition=D:

filepath                \hiberfil.sys

debugoptionenabled      No
 

Wiederaufnahme aus dem Ruhezustand

----------------------------------

Bezeichner              {00b1d430-3bf6-11df-b345-6cf0490f0c84}

device                  partition=C:

path                    \Windows\system32\winresume.exe

description             Windows Resume Application

locale                  de-DE

inherit                 {resumeloadersettings}

filedevice              partition=C:

filepath                \hiberfil.sys

debugoptionenabled      No
 

Windows-Speichertestprogramm

----------------------------

Bezeichner              {memdiag}

device                  partition=D:

path                    \boot\memtest.exe

description             Windows-Speicherdiagnose

locale                  de-DE

inherit                 {globalsettings}

badmemoryaccess         Yes
 

EMS-Einstellungen

-----------------

Bezeichner              {emssettings}

bootems                 Yes
 

Debuggereinstellungen

---------------------

Bezeichner              {dbgsettings}

debugtype               Serial

debugport               1

baudrate                115200
 

RAM-Defekte

-----------

Bezeichner              {badmemory}
 

Globale Einstellungen

---------------------

Bezeichner              {globalsettings}

inherit                 {dbgsettings}

                        {emssettings}

                        {badmemory}
 

Startladeprogramm-Einstellungen

-------------------------------

Bezeichner              {bootloadersettings}

inherit                 {globalsettings}

                        {hypervisorsettings}
 

Hypervisoreinstellungen

-------------------

Bezeichner              {hypervisorsettings}

hypervisordebugtype     Serial

hypervisordebugport     1

hypervisorbaudrate      115200
 

Einstellungen zur Ladeprogrammfortsetzung

-----------------------------------------

Bezeichner              {resumeloadersettings}

inherit                 {globalsettings}
 

Ger„teoptionen

--------------

Bezeichner              {00b1d42f-3bf6-11df-b345-6cf0490f0c84}

description             Ramdisk Options

ramdisksdidevice        partition=D:

ramdisksdipath          \Recovery\00b1d42e-3bf6-11df-b345-6cf0490f0c84\boot.sdi
 

Ger„teoptionen

--------------

Bezeichner              {00b1d433-3bf6-11df-b345-6cf0490f0c84}

description             Ramdisk Options

ramdisksdidevice        partition=C:

ramdisksdipath          \Recovery\00b1d432-3bf6-11df-b345-6cf0490f0c84\boot.sdi
 
 
 

LastRegBack: 2013-10-25 12:33
 

==================== End Of Log ============================

--- --- ---

Code:

# AdwCleaner v3.010 - Bericht erstellt am 26/10/2013 um 13:09:24

# Updated 20/10/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Steffen - STEFFEN-PC

# Gestartet von : C:\Users\Steffen\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[#] Dienst Gelöscht : dealplylive

[#] Dienst Gelöscht : dealplylivem

[#] Dienst Gelöscht : RelevantKnowledge

Dienst Gelöscht : vToolbarUpdater17.0.12

[#] Dienst Gelöscht : Yontoo Desktop Updater
 

***** [ Dateien / Ordner ] *****
 

[#] Ordner Gelöscht : C:\ProgramData\AVG Secure Search

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\ProgramData\BitGuard

Ordner Gelöscht : C:\ProgramData\DealPlyLive

Ordner Gelöscht : C:\ProgramData\StarApp

Ordner Gelöscht : C:\ProgramData\Tarma Installer

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge

Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search

Ordner Gelöscht : C:\Program Files (x86)\Conduit

Ordner Gelöscht : C:\Program Files (x86)\DealPly

Ordner Gelöscht : C:\Program Files (x86)\DealPlyLive

Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB

Ordner Gelöscht : C:\Program Files (x86)\RelevantKnowledge

Ordner Gelöscht : C:\Program Files (x86)\TornTV.com

Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

Ordner Gelöscht : C:\Users\Steffen\AppData\Local\AVG Secure Search

Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Conduit

Ordner Gelöscht : C:\Users\Steffen\AppData\Local\DealPlyLive

Ordner Gelöscht : C:\Users\Steffen\AppData\Local\PackageAware

Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Temp\OCS

Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Temp\CT2269050

Ordner Gelöscht : C:\Users\Steffen\AppData\LocalLow\AVG Secure Search

Ordner Gelöscht : C:\Users\Steffen\AppData\LocalLow\BabylonToolbar

Ordner Gelöscht : C:\Users\Steffen\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\Steffen\AppData\LocalLow\DVDVideoSoftTB

Ordner Gelöscht : C:\Users\Steffen\AppData\LocalLow\PriceGong

[#] Ordner Gelöscht : C:\Users\Steffen\AppData\LocalLow\Toolbar4

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\BabSolution

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Babylon

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\DealPly

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\dvdvideosoftiehelpers

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\file scout

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\OpenCandy

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Yontoo

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\yourfiledownloader

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

Ordner Gelöscht : C:\Users\Gast\AppData\Local\AVG Secure Search

Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\AVG Secure Search

Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\DVDVideoSoftTB

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Smartbar

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\CT2269050

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Extensions\plugin@yontoo.com

Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

[#] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec

Datei Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\Extensions\torntv2@torntv.com.xpi

Datei Gelöscht : C:\END

Datei Gelöscht : C:\Uninstall.exe

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

Datei Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\searchplugins\Babylon.xml

Datei Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\searchplugins\BrowserDefender.xml

Datei Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\searchplugins\delta.xml

Datei Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\searchplugins\dvdvideosofttb-customized-web-search.xml

Datei Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\user.js

Datei Gelöscht : C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

Datei Gelöscht : C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

Datei Gelöscht : C:\Windows\Tasks\Dealply.job

Datei Gelöscht : C:\Windows\System32\Tasks\Dealply

Datei Gelöscht : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job

Datei Gelöscht : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore

Datei Gelöscht : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job

Datei Gelöscht : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA

Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater

Datei Gelöscht : C:\Windows\System32\Tasks\QtraxPlayer

Datei Gelöscht : C:\Windows\System32\Tasks\YourFile Update
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LyricsFanUpdater_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LyricsFanUpdater_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9

Schlüssel Gelöscht : HKCU\Software\82dbd1b235b848

Schlüssel Gelöscht : HKLM\SOFTWARE\82dbd1b235b848

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dune-ii_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dune-ii_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AFF447C-3496-4F95-A122-9B737F58D551}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B5DCEC0-7371-40EA-8307-EC37C3EEDEA2}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKCU\Software\1ClickDownload

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search

Schlüssel Gelöscht : HKCU\Software\BabSolution

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\DataMngr

[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar

Schlüssel Gelöscht : HKCU\Software\DealPly

Schlüssel Gelöscht : HKCU\Software\DealPlyLive

Schlüssel Gelöscht : HKCU\Software\delta LTD

Schlüssel Gelöscht : HKCU\Software\filescout

Schlüssel Gelöscht : HKCU\Software\IGearSettings

Schlüssel Gelöscht : HKCU\Software\ilivid

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKCU\Software\YourFileDownloader

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsFan

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\smartbar

Schlüssel Gelöscht : HKLM\Software\AVG Secure Search

Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar

Schlüssel Gelöscht : HKLM\Software\BabylonToolbar

Schlüssel Gelöscht : HKLM\Software\Conduit

Schlüssel Gelöscht : HKLM\Software\DataMngr

Schlüssel Gelöscht : HKLM\Software\DealPly

Schlüssel Gelöscht : HKLM\Software\DealPlyLive

Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB

Schlüssel Gelöscht : HKLM\Software\Freeze.com

Schlüssel Gelöscht : HKLM\Software\Iminent

Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner

Schlüssel Gelöscht : HKLM\Software\YourFileDownloader

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
 

***** [ Browser ] *****
 

-\\ Internet Explorer v9.0.8112.16421
 
 

-\\ Mozilla Firefox v22.0 (de)
 

[ Datei : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\wsrxa7ac.default\prefs.js ]
 

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=C458001333ABAFC0&affID=119357&tt=210713_nt&tsp=4950");

Zeile gelöscht : user_pref("browser.search.order.1", "Delta Search");

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Delta Search");

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP_ss_sps&mntrId=C458001333ABAFC0&affID=119357&tt=210713_nt&tsp=4950");

Zeile gelöscht : user_pref("CT2269050.1000082.isPlayDisplay", "true");

Zeile gelöscht : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\":\"Hotmix 108\",\"url\":\"hxxp://67.202.67.18:8082\"}");

Zeile gelöscht : user_pref("CT2269050.1000234.TWC_country", "GERMANY");

Zeile gelöscht : user_pref("CT2269050.1000234.TWC_location", "Osnabruck, Germany");

Zeile gelöscht : user_pref("CT2269050.1000234.TWC_locId", "GMXX0104");

Zeile gelöscht : user_pref("CT2269050.1000234.TWC_region", "DE");

Zeile gelöscht : user_pref("CT2269050.1000234.TWC_temp_dis", "c");

Zeile gelöscht : user_pref("CT2269050.1000234.TWC_TMP_city", "OSNABRUCK");

Zeile gelöscht : user_pref("CT2269050.1000234.TWC_TMP_country", "DE");

Zeile gelöscht : user_pref("CT2269050.1000234.TWC_wind_dis", "kmh");

Zeile gelöscht : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");

Zeile gelöscht : user_pref("CT2269050.autoDisableScopes", 0);

Zeile gelöscht : user_pref("CT2269050.browser.search.defaultthis.engineName", true);

Zeile gelöscht : user_pref("CT2269050.countryCode", "DE");

Zeile gelöscht : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]

Zeile gelöscht : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Zeile gelöscht : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

Zeile gelöscht : user_pref("CT2269050.enableFix404ByUser", "TRUE");

Zeile gelöscht : user_pref("CT2269050.FF19Solved", "true");

Zeile gelöscht : user_pref("CT2269050.FirstTime", "true");

Zeile gelöscht : user_pref("CT2269050.firstTimeDialogOpened", "true");

Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", "true");

Zeile gelöscht : user_pref("CT2269050.fixPageNotFoundErrorByUser", "TRUE");

Zeile gelöscht : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");

Zeile gelöscht : user_pref("CT2269050.fixUrls", true);

Zeile gelöscht : user_pref("CT2269050.fullUserID", "UN18699443131722559.IN.20130721171824");

Zeile gelöscht : user_pref("CT2269050.installDate", "21/07/2013 17:18:24");

Zeile gelöscht : user_pref("CT2269050.installerVersion", "1.5.4.4");

Zeile gelöscht : user_pref("CT2269050.installSessionId", "-1");

Zeile gelöscht : user_pref("CT2269050.installSp", "FALSE");

Zeile gelöscht : user_pref("CT2269050.installType", "Unknown");

Zeile gelöscht : user_pref("CT2269050.installUsage", "2013-07-23T01:14:08.0685158+03:00");

Zeile gelöscht : user_pref("CT2269050.installUsageEarly", "2013-07-23T01:14:06.6384466+03:00");

Zeile gelöscht : user_pref("CT2269050.isCheckedStartAsHidden", true);

Zeile gelöscht : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Zeile gelöscht : user_pref("CT2269050.isFirstTimeToolbarLoading", "false");

Zeile gelöscht : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Zeile gelöscht : user_pref("CT2269050.keyword", true);

Zeile gelöscht : user_pref("CT2269050.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2269050&octid=CT2269050&SearchSource=15&CUI=UN18699443131722559&SSPV=TB_CH5&Lay=1&UM=1\[...]

Zeile gelöscht : user_pref("CT2269050.lastVersion", "10.16.4.29");

Zeile gelöscht : user_pref("CT2269050.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]

Zeile gelöscht : user_pref("CT2269050.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");

Zeile gelöscht : user_pref("CT2269050.mam_gk_appState_CouponBuddy.enc", "b2Zm");

Zeile gelöscht : user_pref("CT2269050.mam_gk_appState_Easytobook.enc", "b2Zm");

Zeile gelöscht : user_pref("CT2269050.mam_gk_appState_Easytobook_targeted.enc", "b2Zm");

Zeile gelöscht : user_pref("CT2269050.mam_gk_appState_PriceGong.enc", "b2Zm");

Zeile gelöscht : user_pref("CT2269050.mam_gk_appState_WindowShopper.enc", "b2Zm");

Zeile gelöscht : user_pref("CT2269050.mam_gk_appStateReportTime.enc", "MTM3NjIzMjUxOTEwNw==");

Zeile gelöscht : user_pref("CT2269050.mam_gk_calledSetupService.enc", "MQ==");

Zeile gelöscht : user_pref("CT2269050.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIwOWY3ZDk0Ni0wNTgxLTRkMDYtOWJhNC05OWE3YWRlNWNlYWMiLCJ[...]

Zeile gelöscht : user_pref("CT2269050.mam_gk_currentVersion.enc", "MS4xMC4yLjU=");

Zeile gelöscht : user_pref("CT2269050.mam_gk_existingUsersRecoveryDone.enc", "MQ==");

Zeile gelöscht : user_pref("CT2269050.mam_gk_first_time.enc", "MQ==");

Zeile gelöscht : user_pref("CT2269050.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");

Zeile gelöscht : user_pref("CT2269050.mam_gk_installer_preapproved.enc", "ZmFsc2U=");

Zeile gelöscht : user_pref("CT2269050.mam_gk_lastLoginTime.enc", "MTM3NjIzMjUxNjAyOA==");

Zeile gelöscht : user_pref("CT2269050.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50LVJpY2h0bGluaWUifSwiZ2FkZ2V0RGVzY3JpcHRpb25QcmltYXJ5Ijp7IlRleHQiOiJWYWx1ZSBBcHBzIGJlcmVpY2hlcnQgSWhy[...]

Zeile gelöscht : user_pref("CT2269050.mam_gk_new_welcome_experience.enc", "MQ==");

Zeile gelöscht : user_pref("CT2269050.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");

Zeile gelöscht : user_pref("CT2269050.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiREUiLCJpc1dlbGNvbWVFeHBl[...]

Zeile gelöscht : user_pref("CT2269050.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");

Zeile gelöscht : user_pref("CT2269050.mam_gk_user_approval_interacted.enc", "MA==");

Zeile gelöscht : user_pref("CT2269050.mam_gk_userId.enc", "YTViM2QzMDUtMzMxNy00ZTU4LWJlOTYtNWVjMzc1MzJjOTgx");

Zeile gelöscht : user_pref("CT2269050.mam_gk_welcomeDialogMode.enc", "MA==");

Zeile gelöscht : user_pref("CT2269050.migrateAppsAndComponents", true);

Zeile gelöscht : user_pref("CT2269050.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww1.delta-search.com%2F%3Fbabsrc%3DHP_ss%26mntrId%3DC458001333ABAFC0%26affID%3D119357%26tt%3D210713_nt%26tsp%3D4950[...]

Zeile gelöscht : user_pref("CT2269050.openThankYouPage", "FALSE");

Zeile gelöscht : user_pref("CT2269050.openUninstallPage", "FALSE");

Zeile gelöscht : user_pref("CT2269050.originalHomepage", "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=C458001333ABAFC0&affID=119357&tt=210713_nt&tsp=4950");

Zeile gelöscht : user_pref("CT2269050.originalSearchAddressUrl", "");

Zeile gelöscht : user_pref("CT2269050.originalSearchEngine", "Delta Search");

Zeile gelöscht : user_pref("CT2269050.search.searchAppId", "128834881989343895");

Zeile gelöscht : user_pref("CT2269050.search.searchCount", "0");

Zeile gelöscht : user_pref("CT2269050.SearchAppState.enc", "Mg==");

Zeile gelöscht : user_pref("CT2269050.searchFromAddressBarEnabledByUser", "true");

Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT2269050&ctid=CT2269050&SearchSource=2&CUI=UN18699443131722559&UM=1&sspv=TB_CH5&q=");

Zeile gelöscht : user_pref("CT2269050.searchInNewTabEnabledByUser", "true");

Zeile gelöscht : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");

Zeile gelöscht : user_pref("CT2269050.searchRevert", "false");

Zeile gelöscht : user_pref("CT2269050.searchSuggestEnabledByUser", "True");

Zeile gelöscht : user_pref("CT2269050.searchUserMode", "1");

Zeile gelöscht : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2269050\"}");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTB.OurToolbar.com//xpi\"}");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB\"}");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1374531246326");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1374531247639");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_Configuration_lastUpdate", "1374531244646");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1374531246248");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1374531246854");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1374531245883");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_login_10.16.4.29_lastUpdate", "1374531246742");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1374531251598");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1374531244993");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1374531239803");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1374531246860");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1374531246019");

Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1374531246826");

Zeile gelöscht : user_pref("CT2269050.settingsINI", true);

Zeile gelöscht : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");

Zeile gelöscht : user_pref("CT2269050.showToolbarPermission", "false");

Zeile gelöscht : user_pref("CT2269050.smartbar.CTID", "CT2269050");

Zeile gelöscht : user_pref("CT2269050.smartbar.homepage", true);

Zeile gelöscht : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");

Zeile gelöscht : user_pref("CT2269050.smartbar.Uninstall", "0");

Zeile gelöscht : user_pref("CT2269050.toolbarBornServerTime", "23-7-2013");

Zeile gelöscht : user_pref("CT2269050.toolbarCurrentServerTime", "23-7-2013");

Zeile gelöscht : user_pref("CT2269050.toolbarLoginClientTime", "Tue Jul 23 2013 00:14:06 GMT+0200");

Zeile gelöscht : user_pref("CT2269050.UserID", "UN18699443131722559");

Zeile gelöscht : user_pref("CT2269050.versionFromInstaller", "10.16.4.29");

Zeile gelöscht : user_pref("CT2269050.xpeMode", "-1");

Zeile gelöscht : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376232506165,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Zeile gelöscht : user_pref("extensions.crossrider.bic", "140087229b98cb56183cb38b416c8063");

Zeile gelöscht : user_pref("extensions.delta.admin", false);

Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");

Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");

Zeile gelöscht : user_pref("extensions.delta.bbDpng", "21");

Zeile gelöscht : user_pref("extensions.delta.cntry", "DE");

Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");

Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);

Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);

Zeile gelöscht : user_pref("extensions.delta.hdrMd5", "94E900A13AEA4A3B7EF944FBAAC3E10E");

Zeile gelöscht : user_pref("extensions.delta.id", "c45869d9000000000000001333abafc0");

Zeile gelöscht : user_pref("extensions.delta.instlDay", "15907");

Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");

Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.21.521:32:47");

Zeile gelöscht : user_pref("extensions.delta.newTab", false);

Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");

Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");

Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");

Zeile gelöscht : user_pref("extensions.delta.sg", "azb");

Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");

Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");

Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");

Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");

Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");

Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.518:16:46");

Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");

Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=210713_nt&tsp=4950");

Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

Zeile gelöscht : user_pref("extensions.wajam.affiliate_id", "6447");

Zeile gelöscht : user_pref("extensions.wajam.firstrun", "false");

Zeile gelöscht : user_pref("extensions.wajam.log_send_info", "false");

Zeile gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\\/ig|\\\\\\/firefox)\",\"[...]

Zeile gelöscht : user_pref("extensions.wajam.no_trace", "false");

Zeile gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21086");

Zeile gelöscht : user_pref("extensions.wajam.trace_log", "1367393524547 - processInstallationUpgrade - version set to : 1.26\n1367393524547 - processBrowserLoad - Bad mappingListJsonString: null\n1367393525625 - onFla[...]

Zeile gelöscht : user_pref("extensions.wajam.unique_id", "C97F263665B48A8657C29CA9D4D98F9B");

Zeile gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");

Zeile gelöscht : user_pref("extensions.wajam.version", "1.26");

Zeile gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");

Zeile gelöscht : user_pref("extentions.y2layers.installId", "675b0660-07cc-4f40-b1ea-1e7153984c47");

Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT2269050&ctid=CT2269050&SearchSource=2&CUI=UN18699443131722559&UM=1&sspv=TB_CH5&q=");

Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT2269050");

Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?octid=CT2269050&ctid=CT2269050&CUI=UN18699443131722559&UM=1&SearchSource=13&sspv=TB_CH5");

Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?octid=CT2269050&ctid=CT2269050&CUI=UN18699443131722559&UM=1&SearchSource=13&sspv=TB_CH5");

Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT2269050&ctid=CT2269050&SearchSource=2&CUI=UN18699443131722559&UM=1&sspv=TB_CH5&q=");

Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB Customized Web Search");

Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT2269050&ctid=CT2269050&SearchSource=2&CUI=UN18699443131722559&UM=1&sspv=TB_CH5&q=");

Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT2269050");

Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT2269050");

Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");

Zeile gelöscht : user_pref("smartbar.machineId", "GAC1CJ7W1N2YB+BKZR08UPTN9UXYNNGMJC+ZPQK86DI8L6VQQ3LZUQIEM1Z2P4OSSJXITSXI3/RINMRHY7DU3W");
 

-\\ Google Chrome v30.0.1599.101
 

[ Datei : C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

Gelöscht : icon_url

Gelöscht : search_url

Gelöscht : keyword

Gelöscht : urls_to_restore_on_startup
 

[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

Gelöscht : urls_to_restore_on_startup
 

*************************
 

AdwCleaner[R0].txt - [59441 octets] - [26/10/2013 13:06:15]

AdwCleaner[S0].txt - [56376 octets] - [26/10/2013 13:09:24]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [56437 octets] ##########

Hast du Combofix (Schritt 3) durchgeführt? Falls ja, reiche bitte noch das Log nach. Ansonsten führe jetzt Combofix noch aus und poste das Log.

Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.