Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Log-Analyse und Auswertung: Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 3 1 23
Alt 07.02.2013, 20:05   #1
urflamingo
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Hallo,

so ging es los: Ich entdeckte auf einer Landingsite eines Kunden unerwünschte Werbe-Links
zu de.clickcompare.info/search. Beim Überfahren der Links mit der Maus erschien als Hover-Text: Giant Savings Extension

Ich habe bisher folgendes in nachfolgender Reihenfolge gemacht:

1) Einen Total Scan mit McAfee. Ergebnis: 5 Dateien wurden als infiziert gemeldet, aber keine Programme. Habe die Dateien (leider) entfernen lassen (sorry). 4 der 5 Dateien enthielten den
Namens-Bestandteil "Artemis!xxxxxxxxxxx". Das Problem bestand anschließend immer noch.

2) Habe dann das Programm Malwarebytes Anti-Malware heruntergeladen und einen Quick-Scan durchgeführt.

Diesmal wurden 5 Anwendungen als Malware infiziert. Sie gehen aus der angehängten Log-Datei hervor.

3) Ergebnis bis hierhin: Problem bestand weiterhin. Zusätzlich konnte ich nicht mehr vernünftig booten (Bildschirm blieb völlig blank, Computer hat sich dabei aufgehängt).

4) Nach mehreren Versuchen konnte ich dann über den abgesicherten Modus wieder booten.
Anschließend hängte sich der Computer aber auch dann bald wieder auf. Da ich zuletzt Malwarebytes Anti-Malware installiert hatte, habe ich das Programm nun wieder deinstalliert, um zu schauen, ob nun ein normales Booten möglich wäre. War aber nicht der Fall.

5) Daraufhin habe ich Malwarebytes Anti-Malware wieder installiert und einen erneuten Quick-Scan vorgenommen, der aber kein Ergebnis mehr brachte.

6) Dann habe ich die bei Trojaner-Board empfohlenen Schritte durchgeführt.

Schritt 1: Defogger disabled (Zustand besteht noch)
Schritt 2: Quick-Scan mit OTL.exe
OTL.txt und Extra.txt sind angehängt. (OTL als OTLTeil1 und OTLTeil2, weil Datei zu groß war)
Schritt 3: Scan mit GMER durchgeführt.
Gmer.txt ist angehängt. Ergänzung: Log-Datei Anti-Malware, Extra.txt und Gmer.txt wurden vom System wieder gelöscht, weil Dateien zu groß.
Deshalb Inhalte hier:
a) Anti-Malware:
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 245762
Laufzeit: 39 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\$RECYCLE.BIN\S-1-5-21-3339244594-544626258-3807575601-1000\$RCA6882.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\urflamingo\AppData\Local\Temp\is357113909\FunmoodsSetup.exe (Adware.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\urflamingo\Downloads\ADLSoft_UnCompressor.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)

b) Extra.txtOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.02.2013 14:43:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\urflamingo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 73,40% Memory free
10,68 Gb Paging File | 10,12 Gb Available in Paging File | 94,79% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4597 4597 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 32,96 Gb Free Space | 22,88% Space Free | Partition Type: NTFS
Drive D: | 178,85 Gb Total Space | 100,95 Gb Free Space | 56,44% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 86,06 Gb Free Space | 61,25% Space Free | Partition Type: NTFS
Drive H: | 59,65 Gb Total Space | 54,96 Gb Free Space | 92,13% Space Free | Partition Type: NTFS
Drive I: | 3,69 Gb Total Space | 3,23 Gb Free Space | 87,60% Space Free | Partition Type: FAT32
Drive J: | 59,58 Gb Total Space | 59,49 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: MM-PC | User Name: urflamingo | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- "C:\Program Files\IDM Computer Solutions\UltraEdit\UEdit32.exe" "%1"
.js [@ = UltraEdit.js] -- "C:\Program Files\IDM Computer Solutions\UltraEdit\UEdit32.exe" "%1"
.txt [@ = UltraEdit.txt] -- "C:\Program Files\IDM Computer Solutions\UltraEdit\UEdit32.exe" "%1"
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Pro X5 durchsuchen] -- "c:\Program Files\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D679FA-E63A-4059-9772-6FC6D6AC142B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{043E3FFC-7117-4B2C-8B21-20925FCF0528}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{16FF8B36-5D07-44DE-92B7-833BBB7E5FEB}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{1D300E59-457A-43DD-9D7B-84FC3B0D5A3D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{1EE0849A-1879-406B-9EFC-743868035508}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{23E75BE3-9D4D-4B78-9EDB-B34F7A138E8A}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{317B5AD7-2C95-4227-A4C3-5BF870D3F129}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{38E1824E-9906-4A21-B914-A28BB8FF6B3D}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{3ADF4903-2A4A-40FF-9076-7A6485EC258C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{3C23E681-5AAB-431A-8C6A-E4372C028CF3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{3EE83958-BB43-4304-837A-538C8786DFB5}" = lport=86 | protocol=6 | dir=in | name=broadcam video streaming server web server | 
"{55FE0961-35AE-4357-AA03-302AB46A7904}" = lport=1935 | protocol=6 | dir=in | name=broadcam video streaming server flash video server | 
"{6354F186-D7E2-4497-BAF3-DB5AAFF64963}" = lport=138 | protocol=17 | dir=in | app=system | 
"{68268F23-9072-4CE8-9189-6C271AB525DE}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{690D2B2E-B805-4602-945A-E41CA298DBF0}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{74589291-3CF1-431F-8C2C-41BE1A96E256}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74C5AD49-746A-4886-B939-0637A74DA9C6}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{756E546E-DC7C-45F5-9F2F-6619032B7F31}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe | 
"{758F2D71-70A2-4B96-8002-CDE1DC23BC4B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{76524D0B-5DC9-4CB3-B16D-7D60A02E0428}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{76E50A2B-277A-44DE-8712-D1CC387F0305}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{7BDF9FDD-C73C-4110-B5FB-33C6F2648455}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7BEA759A-6B5D-4352-8BC2-5E05443684CC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7DADB10B-7B0B-44AE-839A-D2A82E93F8EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7F2B5D55-C59E-439E-AD83-9F3A88A25056}" = lport=137 | protocol=17 | dir=in | app=system | 
"{81669914-9073-4E5B-83A2-E0E37B3841CC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{86F950FF-38FA-4B60-9E83-B64C449F8663}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{892FE8C6-0083-48A8-B470-585DD14812E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{8D8828E7-01B9-4E26-9FF9-06F6179034F2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8F9ABB1B-BC49-485A-B960-4046EA17371F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{9942CEA2-9253-4302-BE5D-D61EC4F61436}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{9C10C93A-78DD-4118-B0E9-03FF29169E82}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{9C847CDC-FB14-47EF-ACD1-65DF05CA0E45}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{9E4E1C04-EEFE-4A8B-8FC0-792A8349DB65}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{A06C1BEE-5ADA-447B-9B63-B19AE3530FEB}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{A54BCAD5-4992-4AFD-B111-392E9135E74A}" = lport=99 | protocol=6 | dir=in | name=express delegate server | 
"{A568342A-DE44-4554-A334-A374B7B602B8}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port | 
"{A996C89A-612D-489D-87C1-6F728E834823}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A9D442AE-5DC6-440A-9CB4-072AFF37DDCC}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{AAFC4355-C7CE-457E-A6A1-38038996C388}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{ACA28D85-69DD-43C2-962A-27B14FDF0AFB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B75E0669-A6D3-4B19-B5C0-6D62A5B45F28}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{B79D4A5B-B31E-445F-A2E9-27D3FE9175EB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B7AC80E0-D998-4305-847A-E95585B03307}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{C32EA71F-0465-4F13-9736-5C8EEA4957AB}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{C6D69053-B721-4454-B707-8603541C123D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{C773A1BE-43FE-41AE-AA92-377408B96AC5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{C89EFD08-927D-4369-B206-26658D24D065}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{CAEDE33A-6A7B-4D89-86FA-28124409353F}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{D2271DF1-5155-480A-A723-95B181EB3706}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{E3E62489-4459-41DB-9DBF-023605A5E537}" = lport=99 | protocol=6 | dir=in | name=express delegate server | 
"{E804ADDA-0993-4B88-B798-D01099FA6AC0}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{E8296D4B-A3E0-49EC-BB8C-68B64E4B7CF0}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{E83AC3D6-6C98-46A9-BC99-6BC6FD7C01D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC8CECE8-48D0-4EAE-B8AB-FD06DE6D9C81}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004D73C0-E462-4052-B02F-9C7ED308E90B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{0063B18F-01FC-4D70-B691-3F65A64FD9A3}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | 
"{00A89A83-8350-4E26-B5C0-3FE49F6164A5}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | 
"{01280527-11FE-413B-B0A5-2E653E6DAB05}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{03D871EA-C32F-4FB7-9BD8-EFDB9401F7E7}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | 
"{043B13ED-E702-4F75-96D7-752DC0C199D6}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{07141DD2-8207-45A8-8195-A73E8E90A905}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{08454722-DE52-4758-9153-B4F53994BD74}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{09EEED09-F439-4DA5-B83D-9D9398FADB0A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{0EA1298F-BEEC-41A3-A0A0-D60DE497EA83}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0EB54319-2C82-4500-927C-71F69CC1FDA9}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{1496D1C9-A373-440E-AFF1-9C5108DC2BA7}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{15ACB147-B421-491B-8B88-055424B8967B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{1A1DBC46-B0D5-4C30-8952-D70D54556127}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{1AE390D5-D9E6-45E4-AC8D-B412C25AE94F}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{1CBCF0D7-FF14-4ADD-A1AD-FFD99B0A03C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{215C5420-9BCD-4C95-819E-47C9BD4AF3E0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{269CF42F-34D7-44E1-8154-468A2B3E7B44}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{29147CB4-A521-4039-8507-70F6D9E4D147}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | 
"{2BBC3EB7-EE27-4F0E-8566-4A5F16A65A66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{32A540FC-EDA5-4489-93C2-E75A3627AA2E}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{398D407B-ABF6-487C-B664-FB54F654FB6A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{413E1D93-FE5E-4CB2-94E6-97A2B0379FA8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{41D6AC82-EAC6-485F-A44F-BFE48A54805A}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{4B151F9A-0A0C-445F-AA56-295569AF254B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{4E82DBBC-C18E-4656-8EDD-D815ECBF1AF0}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{5466A2D2-744B-49F1-8DBC-CDCC4C80B68F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{5844F1F2-E7C2-4CB6-9F94-CEF1CAD0AE98}" = dir=in | app=c:\program files\dimdim\plugin\application\dimdim.exe | 
"{5F643368-CF3C-4A94-B976-609FF6C4BBC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{73FBF46E-D59B-4486-A288-D877F374FA0B}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{7A610965-3B4F-4F7E-A99B-14583214B694}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{7E3BE107-017A-4A78-82F4-C6098CF9B7DC}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{804337CB-ADD7-42AA-9B6F-8F840949B6CA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{80D56DAA-42B7-4D43-A711-49BD98B97D3D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{871090D3-A641-4885-9698-18D50673D444}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8E19B5AF-3012-4CC6-A84A-085CB7AEBDC1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{8F7C18B5-C9E7-4F35-9EEB-03DDFBFE8030}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{970E2153-184F-482B-9B86-B46EAE130CBB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{A405C49B-DDC2-4FB4-AC47-94A1F259CBDC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A5E12802-4A4A-4ECF-958D-AC01FA238257}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{A654E937-BFB9-4374-9F32-DBC27BA82DEB}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | 
"{ADC8D6B4-998A-43BB-88E5-CD8287064C02}" = dir=in | app=c:\program files\dimdim\plugin\application\myscreen.exe | 
"{B18553B8-87CD-4550-8266-E05761ECABFB}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{B1D13401-1E69-4BD8-A9FD-44E08260620B}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{B22C5585-2C12-437B-97AE-96F08FB1B65A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{B3C88FFB-98E0-445F-B058-FA52B38F0135}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{B69CF2C2-E9CE-4CF5-844B-7A41FB10C076}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{BF302066-3C27-4E2C-A193-78229E8B2502}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{BF885272-C4B9-4618-9650-ECC4B1215435}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{BFA57FAD-B487-4010-8077-B8EB13B51382}" = protocol=17 | dir=in | app=c:\users\urflamingo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C792A8BA-5B2F-4EB1-8539-45D663AA9CD3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{C914D60D-9478-4ECD-BFB5-AA17AD5405BF}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{CA5EB39B-1B9D-4F23-978C-A01FA55F9E8A}" = dir=in | app=g:\setup\hpznui01.exe | 
"{CB3586A2-E4EF-4E6C-8C17-8F69B3224E72}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | 
"{CBFC9AA5-A5C5-4A6A-95F8-5C83B5FABF9B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{CDE1A9CE-34FC-4B97-B2F5-EBB1546C2239}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{D33ABC2F-7080-4E10-81F4-8A32FA839A7F}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{D3EDDE48-C4EA-4E79-931E-99C1C3FE97BD}" = dir=in | app=c:\program files\corel\windvd11\\windvd.exe | 
"{D45B1897-A57C-4B1B-A5C9-7B2D4874238F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{D6D65FEB-97FF-42DB-ACA8-AE13A7E487B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{D8B45C4F-38A6-4AB0-A745-71D1E5879CB1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{DB2C11B6-2404-47B9-9AB1-A04314A08C4A}" = protocol=6 | dir=in | app=c:\users\urflamingo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DB9C32FD-1B4E-4D3C-93F2-DF5363DAB956}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{DC27CC87-648B-4A18-8BC6-6A5A4BD9E274}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{E0AF6CD6-57D7-489E-BC91-672F937B9916}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{E10442C2-BB3B-4B07-BC75-97C763563B72}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{E2CFA75C-4409-4221-B274-6707FAB70AAB}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{EA2A9F7E-B66D-4052-BF7E-1F5C2B30A535}" = dir=in | app=c:\programdata\dimdim\updater\next.exe | 
"{EA715222-968E-4974-8D41-1FD687D30F37}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{EC53020A-7467-4CA5-95FC-BF969DEFFCE7}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{ECF826DF-699D-4272-9F93-B97719706FEC}" = protocol=6 | dir=out | app=system | 
"{EFBE49FC-464B-4040-A7A2-32FDB06887FE}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{F411E8D0-DD54-49EF-A900-9E2E96A1AEF6}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{F60D6A10-6EE2-4630-B47B-83D27787A14D}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"TCP Query User{0DB923EC-CBD4-499D-BD4D-1BAD73A059E8}C:\users\urflamingo\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\urflamingo\appdata\local\temp\cprogram filesopera\operaupgrader.exe | 
"TCP Query User{1E11C5E9-FBD5-48C7-B99B-796E9A1A5137}D:\eclipse\eclipse-php-helios-win32\eclipse\eclipsec.exe" = protocol=6 | dir=in | app=d:\eclipse\eclipse-php-helios-win32\eclipse\eclipsec.exe | 
"TCP Query User{4709E7DD-B7C5-4C71-A5F0-2213488554E8}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{4B7100DE-FF98-40B4-9E56-E7E90BF35781}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{4BD9B7AF-D539-4C51-AD1E-901825965F8B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{97E6A076-6FE4-4DE2-8200-0276B82493B8}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{B183BE29-0FFE-4768-AE9A-F4CF51BA1D07}D:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\httpd.exe | 
"TCP Query User{E4C6A04A-CF81-47B8-A8E2-832B64A394A2}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{E5601C29-A6E4-49F1-A7AB-A681B280CA71}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{F6A915E4-25F0-411A-8FD7-A3A263EA07B2}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{FA00DE4A-B350-4B73-9CCA-70DAFEECE095}C:\program files\xenu\xenu.exe" = protocol=6 | dir=in | app=c:\program files\xenu\xenu.exe | 
"TCP Query User{FEE14686-E5C4-4166-BB7D-E8BEB2CF745F}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"UDP Query User{1404D660-A928-43E1-98B0-AB863F955C8F}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{31415219-F804-4FAF-894B-43D10E39F9A7}D:\eclipse\eclipse-php-helios-win32\eclipse\eclipsec.exe" = protocol=17 | dir=in | app=d:\eclipse\eclipse-php-helios-win32\eclipse\eclipsec.exe | 
"UDP Query User{3B9837ED-2938-44DA-85FF-66889B1DBF8F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{6454B441-73F9-4856-A591-3D07B4BD47F4}D:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\httpd.exe | 
"UDP Query User{6BB773F2-B28D-4EE6-9452-30910B7F19CD}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{9EB45BFA-8BBB-4289-990D-013926D8DDE5}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{A8301768-B4F1-4492-A529-181B2C1CEB5C}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{B84CC573-AE88-4590-B91B-C102914F0E94}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C5B711AE-C1C3-4123-B7D0-028188D53AC3}C:\users\urflamingo\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\urflamingo\appdata\local\temp\cprogram filesopera\operaupgrader.exe | 
"UDP Query User{D009F1ED-70BF-402A-9253-E2F153EF5399}C:\program files\xenu\xenu.exe" = protocol=17 | dir=in | app=c:\program files\xenu\xenu.exe | 
"UDP Query User{D337733F-D8D8-4975-BA2D-AA558BB542D1}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"UDP Query User{EB4AF8BE-46F6-4A26-AF0C-092726EE5D91}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = Corel PaintShop Pro X5
"_{1A1BD41E-9854-4957-8959-F9559A8862A7}" = Corel VideoStudio Ultimate X5
"_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = Corel WinDVD Pro 11
"_{CC9512A6-8BF7-4FD5-BCCF-05F6FCD19961}" = Corel MotionStudio 3D 1.0
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E12A07-1BB9-44D6-A480-4EA42DB9E122}" = Boris Graffiti for Corel
"{045E662E-452C-4A80-A8D1-22E5BCD74F94}_is1" = Firelab
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06005D86-3436-43E4-9014-3CC4A972D47B}" = Website Indexer
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{113BC587-C2A9-457F-9022-9DB31ABBDD90}_is1" = ffDiaporama 1.5 (20121126)
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15002A1B-C1E7-4E91-A3EC-5502BF924A32}" = Setup
"{15180A90-1FC0-47E4-A150-3AECEF07B3B6}" = Corel PaintShop Pro X5
"{1522E36C-3739-41E4-8CD3-A4AFEA70086A}" = PSPPContent
"{153DD765-C8C6-4893-8CEF-D965351D82EC}" = PSPPHelp
"{154B0B16-ABCD-4A06-B0B7-8146B7A89B25}" = IPM_PSP_COM
"{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = ICA
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1960DE09-3B90-4B66-A2AF-43BA79D29688}_is1" = iPosition Professional
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A1BD41E-9854-4957-8959-F9559A8862A7}" = ICA
"{1A50A265-2D60-4C08-A21F-26C98E3162C1}" = MAGIX Web Designer 7 Premium
"{1BCA1F47-9498-46E3-895E-1C235D7AE967}_is1" = WebsiteBooster 2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F57FEF3-3E49-4252-B977-B98D3A7C89D0}" = Corel VideoStudio Pro Title Pack
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DD67752-A84F-493D-884B-A857CEE14A88}" = Corel VideoStudio Pro Title Pack
"{2E5C5BC1-9285-45DA-8885-29AFEA541C52}" = Setup
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{31026A89-8BB8-7712-8B73-F35FDFB38BCE}" = ClientTamer
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{326DEAB3-3F1C-4239-B43A-D2EA7CD934A0}" = MAGIX Video deluxe MX
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{466B8FC6-8D80-4DA1-BA2D-EC7094BD3C31}" = Corel VideoStudio Pro Title Pack
"{47906131-1A8F-45A2-9EFD-CB6AD63B1F0A}" = MAGIX Speed burnR (MSI)
"{48A00644-2D97-43B5-A614-603DECF3E5F6}" = Boris Graffiti for Corel
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E52D627-F326-40DB-A74F-8C91BA6D88C6}" = Nero CoverDesigner
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4FAFC48A-73CD-4ECF-BF89-32825E6360FA}" = Corel PDF Fusion
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{580EC579-E476-469F-9EBF-F82D696FC67A}" = iClone SE
"{5849AFE4-802B-4C4D-A79F-F988C2BB7A7F}" = Corel WinDVD
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5D71E42B-EA8B-4B05-94F1-D5965495EAF1}_is1" = Easy Directory Preview 4.0
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6473C0E9-9763-4D94-808A-B250540AA750}" = Sound Forge Audio Studio 10.0
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66C70B5F-730F-4C5D-9FC5-8E56D0FE7D53}" = IPM_VS_Pro
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A6F7B28-E178-47AC-8654-A654ADA6C777}" = VSHelp
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6E7CEC26-A2F0-41BF-B89D-61E6C9B112DB}" = Corel PDF Fusion Addins
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777705B9-E6F6-44B4-BAA1-48E70ACE1740}" = C3D
"{7777A2E0-3F99-4F4A-8BF1-507C04C45CD6}" = IPM_C3D
"{77BE790A-2F0E-277A-B1D5-24AE58CA1C5E}" = CherryPicker
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82A34D1B-A36C-4B53-BFC8-2F3FDB32CFD9}" = IPM
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8598C8D6-D5AE-ABA2-6207-402F56B8FC78}" = Market Samurai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AA4F966-EF4B-44D8-99AA-C4EA93B46863}" = VSClassic
"{8EBB8452-274B-465D-8324-00B0832FBB00}" = SoftMaker Office 2010 Home & Business
"{8EBB8452-274B-465D-8324-00B0832FBB02}" = SoftMaker Office Professional 2012 (Trial)
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FF072CB-8675-430B-BCCD-F188AA754182}" = eM Client
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90497B65-8668-4E0A-B3D7-1B1862CBDBC1}" = MAGIX Foto & Grafik Designer 7 Download-Version
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94EF4A0A-E8DA-FD7A-5E59-EDCD5C3CD5E2}" = Domain Samurai
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = ICA
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C7C04AB-4B97-49DB-88A0-454795349008}" = Nero CoverDesigner Help (CHM)
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A6192CB6-23D4-459C-B639-8F8722D075AC}" = MAGIX Foto & Grafik Designer 7
"{A6806D86-BFF3-49CD-8E2B-87BB3507E53F}" = Web Easy Professional 8
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A8887C7B-0BCC-4FBF-BCEB-9BB4D4B14999}" = Setup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A98AC393-5A37-44A9-A8E4-6AD6383D3F2D}_is1" = Kauftraffic
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF1EA239-9F8A-475B-91BE-3DA009599D73}" = Acer My Start-up Screen
"{B086BE75-3E6E-486B-9F89-467FB5715661}" = Business
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B293F0E6-10B7-45FD-BACF-18826515C246}_is1" = Conference Recording Service
"{B6D08A81-1CE7-4f27-B659-D45CC7253DF0}" = MatchWare MindView 3.0 BE Demo
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BBEB33B4-4F84-460E-9441-A18104F01C68}" = C3DHelp
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C500336C-6EEA-49BF-8614-CCFF12E5628F}" = Setup
"{C717B4D4-2EFA-4DC3-8EDB-79543E43666C}" = VSUltimate
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{C9C641B6-DB5C-4C84-B6C9-9540388DA0DA}" = WebMeeting Plug-in
"{CA486743-5F44-40D5-A38B-77911FB27579}" = Contents
"{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}" = ArcSoft MediaImpression for Kodak
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC9512A6-8BF7-4FD5-BCCF-05F6FCD19961}" = ICA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE93C501-8C33-4F0F-9590-0C006F03C823}" = Screencast.com Desktop Uploader
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D70ADC25-24FF-4F9C-A7DD-6D5B670CC013}" = MAGIX Screenshare
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCDC6934-7428-489E-8651-90B53191488B}" = ISCOM
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{EEBEF66A-70FD-4DF6-B173-82D07E61853E}" = Share
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1676432-361C-44EE-9596-24C1BB5608B8}" = Nero CoverDesigner
"{F281F43B-C568-4FD6-9629-2D74C36A1221}" = PDF Suite 2012
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"A4Desk_is1" = A4Desk(deutsche) 4.0
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection

AAU 6.0.00.17
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Artisteer 2" = Artisteer 2
"Audacity_is1" = Audacity 2.0.2
"AudibleManager" = AudibleManager
"AutocompletePro3_is1" = AutocompletePro
"AVG Secure Search" = AVG Security Toolbar
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Audio Converter_is1" = AVS Audio Converter 7
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.1.2.147
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"Banner Generator 1.00" = Banner Generator 1.00
"BILDmobil" = BILDmobil
"Box Shot 3D" = Box Shot 3D
"CdCoverCreator" = CdCoverCreator 2.5.3
"CD-DVD Druckerei 7_is1" = DATA BECKER CD-DVD Druckerei 7
"CherryPickerLive" = CherryPicker
"CloudBerry Explorer for Amazon S3" = CloudBerry Explorer for Amazon S3 3.7
"CloudBerry Online Backup" = CloudBerry Online Backup 2.7.1
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Domain Samurai
"ElsterFormular 11.1.3.3887" = ElsterFormular
"E-MailVerifier" = E-MailVerifier 1.50
"FeedDemon_is1" = FeedDemon
"FileZilla Client" = FileZilla Client 3.6.0.2
"Giant Savings Extension" = Giant Savings Extension
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HandBrake" = HandBrake 0.9.5
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B086BE75-3E6E-486B-9F89-467FB5715661}" = Business
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"IrfanView" = IrfanView (remove only)
"Keyword Warrior_is1" = Keyword Warrior
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Basic)
"LManager" = Launch Manager
"LogoMaker_is1" = LogoMaker 3.0
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Video deluxe 15 Plus D" = MAGIX Video deluxe 15 Plus 8.0.0.62 (D)
"MAGIX Video deluxe 2008 PLUS D" = MAGIX Video deluxe 2008 PLUS 7.5.2.10 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
"MAGIX_MSI_Foto_Grafik_Designer_7" = MAGIX Foto & Grafik Designer 7
"MAGIX_MSI_Foto_Grafik_Designer_7_FPMX" = MAGIX Foto & Grafik Designer 7 Download-Version
"MAGIX_MSI_Videodeluxe18" = MAGIX Video deluxe MX
"MAGIX_MSI_Web_Designer_7_Premium" = MAGIX Web Designer 7 Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Miracle Squeeze Page Builder_is1" = Miracle Squeeze Page Builder  v2.0
"mlrjpwnu" = Favorit
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Total Protection
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"NewBlue Titler EX for Corel VSX5" = NewBlue Titler EX for Corel VSX5
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.10.2092" = Opera 11.10
"PhotoPad" = PhotoPad Image Editor
"PhotoStage" = PhotoStage Slideshow Producer
"PinAutomation - Affiliate Robot v1.2_is1" = PinAutomation - Affiliate Robot v1.2
"PinDetective v1.2_is1" = PinDetective v1.2
"Pixel Ruler" = Pixel Ruler
"Pixillion" = Pixillion Image Converter
"Powerbullet Presenter free v1.35_is1" = Powerbullet Presenter
"Prism" = Prism Videodatei-Konverter
"proDAD-HeroglyphRoute-4.0" = proDAD Route 4.0
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-2.0" = proDAD Vitascene 2.0
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Quick 3D Cover_is1" = Quick 3D Cover 2.0.1
"Recordpad" = RecordPad Sound Recorder
"Riot" = Riot - Radical Image Optimization Tool
"seopowersuite" = Rank Tracker
"Shop for HP Supplies" = Shop for HP Supplies
"SocialMediaManager" = ClientTamer
"Software Informer_is1" = Software Informer 1.0 BETA
"SopCast" = SopCast 3.2.8
"SuperMailer" = SuperMailer 5.20
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"TVUPlayer" = TVUPlayer 2.5.3.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 2.0.5
"vShare" = vShare Plugin
"Web_3.0.3813.0" = Microsoft Expression Web 3
"WebMeeting Plug-in" = WebMeeting Plug-in
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Xenu's Link Sleuth" = Xenu's Link Sleuth
"XHeader" = XHeader
"Xilisoft Video Converter Platinum 6" = Xilisoft Video Converter Platinum 6
"XnView_is1" = XnView 1.97.2
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"DSite" = Update for Mipony Download Accelerator
"GoToMeeting" = GoToMeeting 5.1.0.880
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.02.2013 18:27:29 | Computer Name = MM-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2013 18:36:52 | Computer Name = MM-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 06.02.2013 18:37:06 | Computer Name = MM-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2013 18:56:42 | Computer Name = MM-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 06.02.2013 18:56:49 | Computer Name = MM-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2013 19:06:23 | Computer Name = MM-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2013 20:17:00 | Computer Name = MM-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.2.4780 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 710  Anfangszeit: 01ce04bff0062622  Zeitpunkt der
 Beendigung: 686
 
Error - 07.02.2013 02:37:50 | Computer Name = MM-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.02.2013 02:48:04 | Computer Name = MM-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 07.02.2013 02:48:17 | Computer Name = MM-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.02.2013 08:32:45 | Computer Name = MM-PC | Source = EventSystem | ID = 4609
Description = 
 
 
Error encountered while reading event logs.
 
< End of report >
--- --- ---
c) Gmer.txtGMER Logfile:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-07 16:08:24
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\URFLAM~1\AppData\Local\Temp\pgtdypoc.sys


---- User code sections - GMER 2.0 ----

.text  C:\Windows\Explorer.EXE[1316] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                                          7695B37C 4 Bytes  [00, 26, 81, 01]

---- Registry - GMER 2.0 ----

Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xE9 0x02 0x6C 0xFA ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xB0 0x18 0xED 0xA7 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0xAA 0x52 0xC6 0x00 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0x51 0xFA 0x6E 0x91 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0xB1 0xCD 0x45 0x5A ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0xE3 0x0E 0x66 0xD5 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0xFA 0xEA 0x66 0x7F ...
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{37605CD6-CC1A-9225-9ACA-4900517F7F93}     

---- EOF - GMER 2.0 ----
--- --- ---


7) Hinweis zu den Ergebnissen: Bei OTL.txt taucht unter "CHR-Extension" die Wortgruppe
"Giant Savings Extension" auf (= die Beschriftung der eingeblendeten Links). Außerdem taucht Gleiches auf bei 02-BHO und auch unter AAV 6.0.00.17 taucht die Wortgruppe auf.

02-BHO: Bei Programm Files gibt/gab es einen Ordner mit diesem Namen (am Ende eine ....dll mit dem Zusatz: 25 Apps) . Da ich weiterarbeiten muss und diese Dateien als andauernde Bedrohung empfunden habe, habe ich sie mit McAfee geshreddert, ebenso wie die Extensions unter
Benutzer\AppData\Local\Google\Chrome\UserData\Default\Extensions\..........Wortgruppe\ \Crossrider und
.....................\............\Wortgruppe ,
die unter CHR angezeigt werden/wurden.

Ich hatte gehofft, damit schon alles erledigt zu haben. Diese Hoffnung hat allerdings getrogen.

8) Status:

Thema Einloggen: Windows Vista Startbildschirm erscheint mit User-Einlogg-Fenster. Einloggen ist möglich, danach erscheint Schriftzug "Willkommen" und der Computer hängt sich auf.

Thema McAfee: McAfee lässt sich nicht mehr aktivieren (springt immer nach ca 1 Sek. zurück auf "Echtzeit-Scan ist deaktiviert". Arbeiten im abgesicherten Modus mit Netzwerk-Einstellungen ist möglich - allerdings unter erheblichen Performance-Einbußen.

Thema Werbe-Links: Die sind noch immer aktiv.

Ich wäre Ihnen sehr dankbar, wenn Sie mir helfen könnten!
Geändert von urflamingo (07.02.2013 um 21:02 Uhr)

Alt 07.02.2013, 21:10   #2
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension





Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern und führe dort jeweils die folgenden Schritte aus:







Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen und mit dem Scan beginnen.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.





Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.
__________________
Alt 08.02.2013, 00:22   #3
urflamingo
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Es kommt mir zwar komisch vor, aber ich scheine hier meine Antwort posten zu können.
Zunächst mal vielen Dank für die prompte Reaktion, lieber Matthias.
Ich habe die ersten beiden Schritte ausgeführt und füge jetzt hier die TXT-Dateien ein:AdwCleaner Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows Vista (TM) Home Premium x86
Ran by urflamingo on 07.02.2013 at 22:50:36,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{043c5167-00bb-4324-af7e-62013faedacf} 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{043c5167-00bb-4324-af7e-62013faedacf} 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3339244594-544626258-3807575601-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440} 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\autocompletepro.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\vsharechrome
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\suggestmeyes.suggestmeyesbho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\suggestmeyes.suggestmeyesbho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\vshare.imedixprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\vshare.imedixprotocol.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\vshare.pugiobj
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\vshare.pugiobj.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\vshare.scripthelpers
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\vshare.scripthelpers.1
Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.BHO
Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.BHO.1
Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.Sandbox
Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.Sandbox.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.BHO
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.BHO.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.Sandbox
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.Sandbox.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2319825
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2431245
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{043c5167-00bb-4324-af7e-62013faedacf}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{043c5167-00bb-4324-af7e-62013faedacf}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{043c5167-00bb-4324-af7e-62013faedacf}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0fb6a909-6086-458f-bd92-1f8ee10042a0}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0fb6a909-6086-458f-bd92-1f8ee10042a0}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\drivercure"
Successfully deleted: [Folder] "C:\Users\urflamingo\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\urflamingo\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\urflamingo\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\urflamingo\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\urflamingo\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\urflamingo\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\urflamingo\appdata\locallow\vshare"
Successfully deleted: [Folder] "C:\Program Files\autocompletepro"
Successfully deleted: [Folder] "C:\Program Files\babylon"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\vshare"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\user.js
Successfully deleted: [File] C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\conduitcommon
Successfully deleted the following from C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\prefs.js
 
user_pref("CT2319825..clientLogIsEnabled", false);
user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2319825.AppTrackingLastCheckTime", "Thu Jan 10 2013 19:00:19 GMT+0100");
user_pref("CT2319825.BrowserCompStateIsOpen_129714600517272937", true);
user_pref("CT2319825.BrowserCompStateIsOpen_129784504530494139", true);
user_pref("CT2319825.CT2319825", "CT2319825");
user_pref("CT2319825.CurrentServerDate", "8-2-2013");
user_pref("CT2319825.DSChangedManually", false);
user_pref("CT2319825.DSInstall", true);
user_pref("CT2319825.DSProtectChoice", true);
user_pref("CT2319825.DSProtectCount", 15);
user_pref("CT2319825.DialogsAlignMode", "LTR");
user_pref("CT2319825.DialogsGetterLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100");
user_pref("CT2319825.DownloadReferralCookieData", "");
user_pref("CT2319825.EMailNotifierPollDate", "Thu Feb 07 2013 22:34:08 GMT+0100");
user_pref("CT2319825.FeedPollDate11908299", "Thu Feb 07 2013 22:34:09 GMT+0100");
user_pref("CT2319825.FirstServerDate", "22-11-2011");
user_pref("CT2319825.FirstTime", true);
user_pref("CT2319825.FirstTimeFF3", true);
user_pref("CT2319825.FixPageNotFoundErrors", true);
user_pref("CT2319825.GroupingServerCheckInterval", 1440);
user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2319825.HPInstall", true);
user_pref("CT2319825.HPProtectChoice", true);
user_pref("CT2319825.HPProtectCount", 2);
user_pref("CT2319825.HasUserGlobalKeys", true);
user_pref("CT2319825.HomePageProtectorEnabled", true);
user_pref("CT2319825.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13");
user_pref("CT2319825.Initialize", true);
user_pref("CT2319825.InitializeCommonPrefs", true);
user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
user_pref("CT2319825.InstallationType", "Unknown");
user_pref("CT2319825.InstalledDate", "Tue Nov 22 2011 11:31:21 GMT+0100");
user_pref("CT2319825.InvalidateCache", false);
user_pref("CT2319825.IsAlertDBUpdated", true);
user_pref("CT2319825.IsGrouping", false);
user_pref("CT2319825.IsInitSetupIni", true);
user_pref("CT2319825.IsMulticommunity", false);
user_pref("CT2319825.IsOpenThankYouPage", true);
user_pref("CT2319825.IsOpenUninstallPage", true);
user_pref("CT2319825.IsProtectorsInit", true);
user_pref("CT2319825.LanguagePackLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100");
user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2319825.LastLogin_3.10.0.1", "Wed May 02 2012 15:56:34 GMT+0200");
user_pref("CT2319825.LastLogin_3.12.2.3", "Wed Jun 06 2012 14:55:00 GMT+0200");
user_pref("CT2319825.LastLogin_3.13.0.6", "Wed Jul 18 2012 17:20:25 GMT+0200");
user_pref("CT2319825.LastLogin_3.14.1.0", "Tue Aug 21 2012 16:05:18 GMT+0200");
user_pref("CT2319825.LastLogin_3.15.1.0", "Wed Nov 07 2012 16:49:18 GMT+0100");
user_pref("CT2319825.LastLogin_3.16.0.3", "Thu Feb 07 2013 22:34:09 GMT+0100");
user_pref("CT2319825.LastLogin_3.7.0.6", "Wed Nov 23 2011 13:34:45 GMT+0100");
user_pref("CT2319825.LastLogin_3.8.0.8", "Tue Dec 13 2011 13:30:50 GMT+0100");
user_pref("CT2319825.LastLogin_3.8.1.0", "Wed Jan 18 2012 18:25:02 GMT+0100");
user_pref("CT2319825.LastLogin_3.9.0.3", "Thu Mar 29 2012 12:12:21 GMT+0200");
user_pref("CT2319825.LatestVersion", "3.16.0.3");
user_pref("CT2319825.Locale", "de");
user_pref("CT2319825.MCDetectTooltipHeight", "83");
user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2319825.MCDetectTooltipWidth", "295");
user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
user_pref("CT2319825.OriginalFirstVersion", "3.7.0.6");
user_pref("CT2319825.RadioIsPodcast", false);
user_pref("CT2319825.RadioLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100");
user_pref("CT2319825.RadioLastUpdateIPServer", "3");
user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
user_pref("CT2319825.RadioMediaID", "11949532");
user_pref("CT2319825.RadioMediaType", "Media Player");
user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
user_pref("CT2319825.RadioShrinkedFromSetup", false);
user_pref("CT2319825.RadioStationName", "1Live");
user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a");
user_pref("CT2319825.RadioVolume", "62");
user_pref("CT2319825.SavedHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CT2319825.SearchCaption", "Winload Customized Web Search");
user_pref("CT2319825.SearchEngineBeforeUnload", "Winload Customized Web Search");
user_pref("CT2319825.SearchFromAddressBarIsInit", true);
user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
user_pref("CT2319825.SearchInNewTabEnabled", true);
user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
user_pref("CT2319825.SearchInNewTabLastCheckTime", "Thu Feb 07 2013 22:34:07 GMT+0100");
user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2319825.SearchProtectorEnabled", false);
user_pref("CT2319825.SearchProtectorToolbarDisabled", false);
user_pref("CT2319825.SendProtectorDataViaLogin", true);
user_pref("CT2319825.ServiceMapLastCheckTime", "Thu Feb 07 2013 22:34:08 GMT+0100");
user_pref("CT2319825.SettingsLastCheckTime", "Thu Feb 07 2013 22:34:07 GMT+0100");
user_pref("CT2319825.SettingsLastUpdate", "1360246716");
user_pref("CT2319825.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13");
user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Fri Jan 25 2013 13:15:48 GMT+0100");
user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1331806000");
user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2319825.UserID", "UN37060978350400353");
user_pref("CT2319825.ValidationData_Search", 2);
user_pref("CT2319825.ValidationData_Toolbar", 2);
user_pref("CT2319825.WeatherNetwork", "");
user_pref("CT2319825.WeatherPollDate", "Thu Feb 07 2013 22:34:10 GMT+0100");
user_pref("CT2319825.WeatherUnit", "C");
user_pref("CT2319825.alertChannelId", "715912");
user_pref("CT2319825.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B
user_pref("CT2319825.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B
user_pref("CT2319825.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D
user_pref("CT2319825.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262A442B564B4E3B243D2F2D2F2F33433A45373838615D61406A644F38514341424545574E594B
user_pref("CT2319825.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D6850
user_pref("CT2319825.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A66
user_pref("CT2319825.backendstorage./9b+7e06cg5el8:", "6E6D6E6E736E74727672");
user_pref("CT2319825.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473747479747A787C78242F4B49474F42357D5D5C3D");
user_pref("CT2319825.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D
user_pref("CT2319825.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A49
user_pref("CT2319825.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D
user_pref("CT2319825.backendstorage./9b+7e31;cj2b>f!lad", "247E61393F236B25767279727B2B222D6F4250454E337B353F4F4B532E594E513E3540236055505853565049324B2A2A4E455033707361553E57
user_pref("CT2319825.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D327A344F4849524E562F59593E3540236055505853565049324B2A2A4E4550335F5B6571563
user_pref("CT2319825.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A
user_pref("CT2319825.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B
user_pref("CT2319825.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B
user_pref("CT2319825.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D
user_pref("CT2319825.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A395148536775636367757567
user_pref("CT2319825.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B
user_pref("CT2319825.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A43
user_pref("CT2319825.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68
user_pref("CT2319825.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A72
user_pref("CT2319825.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A47
user_pref("CT2319825.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D
user_pref("CT2319825.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A51
user_pref("CT2319825.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F67757868
user_pref("CT2319825.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C44
user_pref("CT2319825.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C78
user_pref("CT2319825.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("CT2319825.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D73
user_pref("CT2319825.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B48
user_pref("CT2319825.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D
user_pref("CT2319825.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F
user_pref("CT2319825.backendstorage./9b-0?3g>d", "676F3C6C726D72747A7676724A2076774B7B25505051532A562754282B262B2D2C283260");
user_pref("CT2319825.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT2319825.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
user_pref("CT2319825.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C6675
user_pref("CT2319825.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
user_pref("CT2319825.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
user_pref("CT2319825.backendstorage./9b5ba==9cjag", "3B693D6A6F7344407A7472717577744B204E217A7A");
user_pref("CT2319825.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6E6E736E74727576777A7B");
user_pref("CT2319825.backendstorage./9b9643g3/9e", "6A");
user_pref("CT2319825.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT2319825.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT2319825.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT2319825.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("CT2319825.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
user_pref("CT2319825.backendstorage.autocompletepro_enable", "31");
user_pref("CT2319825.backendstorage.autocompletepro_enable_auto", "31");
user_pref("CT2319825.backendstorage.id", "3330363638353632");
user_pref("CT2319825.backendstorage.shoppingapp.gk.exipres", "53756E2041707220313520323031322031343A33363A353220474D542B30323030");
user_pref("CT2319825.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100");
user_pref("CT2319825.homepageProtectorEnableByLogin", true);
user_pref("CT2319825.initDone", true);
user_pref("CT2319825.isAppTrackingManagerOn", false);
user_pref("CT2319825.isFirstRadioInstallation", false);
user_pref("CT2319825.myStuffEnabled", true);
user_pref("CT2319825.myStuffPublihserMinWidth", 400);
user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2319825.oldAppsList", "128898076802619665,128898076802619666,111,1000082,129769053852558608,129309281463312841,129264494738128351,128903248917881403,1291363905724
user_pref("CT2319825.revertSettingsEnabled", true);
user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
user_pref("CT2319825.searchProtectorEnableByLogin", true);
user_pref("CT2319825.testingCtid", "");
user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100");
user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Mon Jan 28 2013 19:08:56 GMT+0100");
user_pref("CT2319825.usagesFlag", 2);
user_pref("CT2431245..clientLogIsEnabled", false);
user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2431245.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2431245.AppTrackingLastCheckTime", "Mon Jan 28 2013 19:22:01 GMT+0100");
user_pref("CT2431245.BrowserCompStateIsOpen_129453394044193841", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129633225487491098", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129659302539581540", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129682601309982614", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129780209672379590", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129790544018252482", true);
user_pref("CT2431245.CT2431245", "CT2431245");
user_pref("CT2431245.CurrentServerDate", "8-2-2013");
user_pref("CT2431245.DSInstall", false);
user_pref("CT2431245.DialogsAlignMode", "LTR");
user_pref("CT2431245.DialogsGetterLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100");
user_pref("CT2431245.DownloadReferralCookieData", "");
user_pref("CT2431245.EMailNotifierPollDate", "Thu Feb 07 2013 22:34:07 GMT+0100");
user_pref("CT2431245.FirstServerDate", "23-11-2011");
user_pref("CT2431245.FirstTime", true);
user_pref("CT2431245.FirstTimeFF3", true);
user_pref("CT2431245.FixPageNotFoundErrors", false);
user_pref("CT2431245.GroupingServerCheckInterval", 1440);
user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2431245.HPInstall", false);
user_pref("CT2431245.HasUserGlobalKeys", true);
user_pref("CT2431245.HomePageProtectorEnabled", false);
user_pref("CT2431245.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13");
user_pref("CT2431245.Initialize", true);
user_pref("CT2431245.InitializeCommonPrefs", true);
user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
user_pref("CT2431245.InstallationType", "Unknown");
user_pref("CT2431245.InstalledDate", "Wed Nov 23 2011 13:34:52 GMT+0100");
user_pref("CT2431245.InvalidateCache", false);
user_pref("CT2431245.IsAlertDBUpdated", true);
user_pref("CT2431245.IsGrouping", false);
user_pref("CT2431245.IsInitSetupIni", true);
user_pref("CT2431245.IsMulticommunity", false);
user_pref("CT2431245.IsOpenThankYouPage", true);
user_pref("CT2431245.IsOpenUninstallPage", true);
user_pref("CT2431245.IsProtectorsInit", true);
user_pref("CT2431245.LanguagePackLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100");
user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2431245.LastLogin_3.10.0.1", "Sat Apr 28 2012 17:57:24 GMT+0200");
user_pref("CT2431245.LastLogin_3.11.0.3", "Mon May 07 2012 14:50:52 GMT+0200");
user_pref("CT2431245.LastLogin_3.12.2.3", "Fri May 25 2012 14:09:40 GMT+0200");
user_pref("CT2431245.LastLogin_3.13.0.6", "Wed Jul 18 2012 17:20:17 GMT+0200");
user_pref("CT2431245.LastLogin_3.14.1.0", "Tue Aug 21 2012 16:05:13 GMT+0200");
user_pref("CT2431245.LastLogin_3.15.1.0", "Wed Nov 07 2012 16:49:22 GMT+0100");
user_pref("CT2431245.LastLogin_3.16.0.3", "Thu Feb 07 2013 22:34:08 GMT+0100");
user_pref("CT2431245.LastLogin_3.8.0.8", "Tue Dec 13 2011 13:30:45 GMT+0100");
user_pref("CT2431245.LastLogin_3.8.1.0", "Tue Jan 10 2012 00:33:26 GMT+0100");
user_pref("CT2431245.LastLogin_3.9.0.3", "Wed Feb 22 2012 18:10:19 GMT+0100");
user_pref("CT2431245.LatestVersion", "3.16.0.3");
user_pref("CT2431245.Locale", "de-de");
user_pref("CT2431245.MCDetectTooltipHeight", "83");
user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2431245.MCDetectTooltipWidth", "295");
user_pref("CT2431245.MyStuffEnabledAtInstallation", true);
user_pref("CT2431245.OriginalFirstVersion", "3.8.0.8");
user_pref("CT2431245.RadioIsPodcast", false);
user_pref("CT2431245.RadioLastCheckTime", "Thu Feb 07 2013 22:34:08 GMT+0100");
user_pref("CT2431245.RadioLastUpdateIPServer", "3");
user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
user_pref("CT2431245.RadioMediaID", "20503675");
user_pref("CT2431245.RadioMediaType", "Media Player");
user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT2431245_RECENT20503675");
user_pref("CT2431245.RadioShrinkedFromSetup", false);
user_pref("CT2431245.RadioStationName", "DeutschlandRadio");
user_pref("CT2431245.RadioStationURL", "hxxp://www.dradio.de/streaming/dlr.asx");
user_pref("CT2431245.RadioVolume", "69");
user_pref("CT2431245.SHRINK_TOOLBAR", 1);
user_pref("CT2431245.SearchCaption", "softonic-de3 Customized Web Search");
user_pref("CT2431245.SearchEngineBeforeUnload", "foxsearch");
user_pref("CT2431245.SearchFromAddressBarIsInit", true);
user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=");
user_pref("CT2431245.SearchInNewTabEnabled", true);
user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
user_pref("CT2431245.SearchInNewTabLastCheckTime", "Thu Feb 07 2013 22:34:06 GMT+0100");
user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2431245.SearchProtectorEnabled", false);
user_pref("CT2431245.SearchProtectorToolbarDisabled", false);
user_pref("CT2431245.SendProtectorDataViaLogin", true);
user_pref("CT2431245.ServiceMapLastCheckTime", "Thu Feb 07 2013 22:34:08 GMT+0100");
user_pref("CT2431245.SettingsLastCheckTime", "Thu Feb 07 2013 22:34:06 GMT+0100");
user_pref("CT2431245.SettingsLastUpdate", "1360246760");
user_pref("CT2431245.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13");
user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Fri Jan 25 2013 13:15:51 GMT+0100");
user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1331806000");
user_pref("CT2431245.ToolbarShrinkedFromSetup", false);
user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2431245");
user_pref("CT2431245.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2431245.UserID", "UN51380587381198388");
user_pref("CT2431245.ValidationData_Search", 2);
user_pref("CT2431245.ValidationData_Toolbar", 2);
user_pref("CT2431245.alertChannelId", "825452");
user_pref("CT2431245.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B
user_pref("CT2431245.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B
user_pref("CT2431245.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D
user_pref("CT2431245.backendstorage./9b+7e.:2z527", "2423");
user_pref("CT2431245.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D6850
user_pref("CT2431245.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A66
user_pref("CT2431245.backendstorage./9b+7e06cg5el8:", "6E6D6B72717072747775");
user_pref("CT2431245.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747371787776787A7D7B242F4B49474F42357D5D5C3D");
user_pref("CT2431245.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D
user_pref("CT2431245.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A49
user_pref("CT2431245.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D
user_pref("CT2431245.backendstorage./9b+7e31;cj0j@l@ka$nn", "247E61393F236B25707879742A212C6E414F444D327A343C564C584C574D305A5A3F364124615651595457514A334C2B2B4F46513471746256
user_pref("CT2431245.backendstorage./9b+7e31;cj1<7;jjmb?kee)ss", "247E61393F236B256F7877732A212C6E414F444D327A343D4843475656594E4B575151355F5F443B4629665B565E595C564F385130305
user_pref("CT2431245.backendstorage./9b+7e31;cj2b>f!lad", "247E61393F236B25767279727B2B222D6F4250454E337B353F4F4B532E594E513E3540236055505853565049324B2A2A4E455033707361553E57
user_pref("CT2431245.backendstorage./9b+7e31;cj4<hlh@bl%oo", "247E61393F236B256F78757A2A212C6E414F444D327A3440485458544C4E58315B5B403742256257525A5558524B344D2C2C5047523572756
user_pref("CT2431245.backendstorage./9b+7e31;cj77=;i\"oabgo(shk", "247E61393F236B25737573712A212C6E414F444D327A3443434947552E5B4D4E535B345F5457443B4629665B565E595C564F38517E22
user_pref("CT2431245.backendstorage./9b+7e31;cj7;k;:@a$nn", "247E61393F236B25727275712A212C6E414F444D327A3443475747464C4D305A5A3F364124615651595457514A334C2B2B4F46513471746256
user_pref("CT2431245.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6E414F444D327A344352574757532F5A4F515C4C594F3762575A473E492C58545E6A4F38513C
user_pref("CT2431245.backendstorage./9b+7e31;cj8bie:fi%?plfqi,nkxtxp2\\\\", "247E61393F236B257673707A7A2B222D6F4250454E337B35454F5652475356324C5D59535E56395B586561655D3F69694E
user_pref("CT2431245.backendstorage./9b+7e31;cj:?7:!habkgo(shk", "247E61393F236B257671717A742B222D6F4250454E337B35474C44472E554E4F58545C35605558453C472A676A584C354E403B5148533
user_pref("CT2431245.backendstorage./9b+7e31;cj;78>!kk", "247E61393F236B25747177792A212C6E414F444D327A344743444A2D57573C333E215E534E5651544E47304928284C434E315D5E67533C5544574
user_pref("CT2431245.backendstorage./9b+7e31;cj=2hl5<#mm", "247E61393F236B25717170742A212C6E414F444D327A34493E545841482F59593E3540236055505853565049324B2A2A4E455033707361553E5
user_pref("CT2431245.backendstorage./9b+7e31;cj=<jdbkg>od?gbrf,vv", "247E61393F236B2575777374722B222D6F4250454E337B354A4957514F58544B5C514C544F5F53396363483F4A5C5B5F6B5B6E5E52
user_pref("CT2431245.backendstorage./9b+7e31;cj=hkgij#ncf", "247E61393F236B256F6F73772A212C6E414F444D327A344954575355562F5A4F523F364124615651595457514A334C797C4F46513471746256
user_pref("CT2431245.backendstorage./9b+7e31;cj=jed6\"mbe", "247E61393F236B25717174782A212C6E414F444D327A3449565150422E594E513E3540236055505853565049324B2A2A4E455033707361553E
user_pref("CT2431245.backendstorage./9b+7e31;cj?b9:mi>bk&pp", "247E61393F236B2576727379792B222D6F4250454E337B354C4F46475A564B4F58335D5D423944276459545C575A544D364F2E2E52495437
user_pref("CT2431245.backendstorage./9b+7e31;cjb<=9;:g=m&qfi", "247E61393F236B25766F7178792B222D6F4250454E337B354F494A464847544A5A335E5356433A4528655A555D585B554E37507D21534A5
user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D327A344F4849524E562F59593E3540234F4B5561462F48334A414C2F6B616E73706568666B7
user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444D327A344F4849524E562F5A4F523F364124504C56624730493B4B424D306C626F7471666967
user_pref("CT2431245.backendstorage./9b+7e31;cjc<g;:5#mm", "247E61393F236B25717270792A212C6E414F444D327A344F48534746412F59593E3540236055505853565049324B2A2A4E455033707361553E5
user_pref("CT2431245.backendstorage./9b+7e31;cjcf8;i<@bd@o(shk", "247E61393F236B257578747A722B222D6F4250454E337B355053454856494D4F514D5C35605558453C472A675C575F5A5D57503952202
user_pref("CT2431245.backendstorage./9b+7e31;cjdj8k?6#ncf", "247E61393F236B2576777276792B222D6F4250454E337B35515745584C43305B5053403742256257525A5558524B344D2C2C50475235727563
user_pref("CT2431245.backendstorage./9b+7e31;cje7=;?\"ll", "247E61393F236B2576727871782B222D6F4250454E337B3552444A484C2F59593E3540236055505853565049324B2A2A4E455033707361553E5
user_pref("CT2431245.backendstorage./9b+7e31;cje7=;?\"mbe", "247E61393F236B25766F747A722B222D6F4250454E337B3552444A484C2F5A4F523F364124615651595457514A334C797C4F46513471746256
user_pref("CT2431245.backendstorage./9b+7e31;cjeik4!kk", "247E61393F236B25767177722A212C6E414F444D327A34515557402D57573C333E215E534E5651544E47304928284C434E315D5E67533C5546455
user_pref("CT2431245.backendstorage./9b+7e31;cjf9glaga>>&qfi", "247E61393F236B25767078787B2B222D6F4250454E337B35534654594E544E4B4B335E5356433A4528655A555D585B554E37507D21534A5
user_pref("CT2431245.backendstorage./9b+7e31;cjfj8lljmfma'qq", "247E61393F236B25717278712A212C6E414F444D327A345256445858565952594D335D5D423944276459545C575A544D364F2E2E5249543
user_pref("CT2431245.backendstorage./9b+7e31;cjg9gl:j=aqpo(shk", "247E61393F236B257670727A732B222D6F4250454E337B355446545947574A4E5E5D5C35605558453C472A675C575F5A5D57503952202
user_pref("CT2431245.backendstorage./9b+7e31;cjg<:hb\"mbe", "247E61393F236B25767571752A212C6E414F444D327A34534846544E2E594E513E3540236055505853565049324B787B4E455033707361553E
user_pref("CT2431245.backendstorage./9b+7e31;cjg<>::nb=odfautd,wlo", "247E61393F236B2575777675742B222D6F4250454E337B3554494B47475B4F4A5C51534E6261513964595C49404B2E6B605B635E6
user_pref("CT2431245.backendstorage./9b+7e31;cjhf>jfbo?gngtmk+vkn", "247E61393F236B2575787272792B222D6F4250454E337B3555534B57534F5C4C545B54615A583863585B483F4A2D6A5F5A625D605A
user_pref("CT2431245.backendstorage./9b+7e31;cjhf@k?@b$nn", "247E61393F236B2576727777752B222D6F4250454E337B3555534D584C4D4F315B5B403742256257525A5558524B344D2C2C50475235727563
user_pref("CT2431245.backendstorage./9b+7e31;cji8a k@c", "247E61393F236B256F75287E2A6C3F4D424B30783253424B2A554A4D3A313C7E4B47515D422B4436463D482B5758614D364F3E514853656468746
user_pref("CT2431245.backendstorage./9b+7e31;cji;<ai\"mbe", "247E61393F236B256E7378762A212C6E414F444D327A345547484D552E594E513E3540236055505853565049324B787B4E455033707361553E
user_pref("CT2431245.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078325348553D494B2D57573C333E215E534E5651544E47304928284C434E315D5E67533C55445
user_pref("CT2431245.backendstorage./9b+7e31;cji>k3?a#ncf", "247E61393F236B257678287E2A6C3F4D424B3078325348553D494B2D584D503D343F224E4F58442D4635483F4A575B624E3756513462705E78
user_pref("CT2431245.backendstorage./9b+7e31;cjig=ki\"mbe", "247E61393F236B2574717829202B6D404E434C31793354524856542D584D503D343F225F6250442D46383649404B2E5A5B645039524342554C
user_pref("CT2431245.backendstorage./9b+7e31;cjih:>@f=$odg", "247E61393F236B2576757975772B222D6F4250454E337B355655474B4D534A315C5154413843266358535B5659534C354E7B7E51485336737
user_pref("CT2431245.backendstorage./9b+7e31;cjs>=keck$nn", "247E61393F236B25717470752A212C6E414F444D327A34204A4957514F57305A5A3F364124615651595457514A334C2B2B4F46513471746256
user_pref("CT2431245.backendstorage./9b+7e31;cjwy{b?lhld&@?", "247E61393F236B2576737776792B222D6F4250454E337B352527294F4C59555951334D4C423944276459545C575A544D364F2E2E52495437
user_pref("CT2431245.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A
user_pref("CT2431245.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B
user_pref("CT2431245.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B
user_pref("CT2431245.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D
user_pref("CT2431245.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F
user_pref("CT2431245.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B
user_pref("CT2431245.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A43
user_pref("CT2431245.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68
user_pref("CT2431245.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A72
user_pref("CT2431245.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A47
user_pref("CT2431245.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D
user_pref("CT2431245.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A51
user_pref("CT2431245.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F67757868
user_pref("CT2431245.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C44
user_pref("CT2431245.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C78
user_pref("CT2431245.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("CT2431245.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D73
user_pref("CT2431245.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B48
user_pref("CT2431245.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D
user_pref("CT2431245.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D
user_pref("CT2431245.backendstorage./9b-0?3g>d", "676F696B6F3F41437A77757575207A7C7C7C25797B7B532A212826565A575A2B295C2D2C");
user_pref("CT2431245.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT2431245.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
user_pref("CT2431245.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
user_pref("CT2431245.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
user_pref("CT2431245.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
user_pref("CT2431245.backendstorage./9b5ba==9cjag", "6F6D3F3E6C6B756D7A4679767374774D7E7E7A7A21");
user_pref("CT2431245.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B72717072756E72717372");
user_pref("CT2431245.backendstorage./9b9643g3/9e", "6A");
user_pref("CT2431245.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
user_pref("CT2431245.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT2431245.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT2431245.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT2431245.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("CT2431245.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
user_pref("CT2431245.backendstorage.autocompletepro_enable", "31");
user_pref("CT2431245.backendstorage.autocompletepro_enable_auto", "31");
user_pref("CT2431245.backendstorage.cb_experience_000", "3837");
user_pref("CT2431245.backendstorage.cb_firstuse0100", "31");
user_pref("CT2431245.backendstorage.cb_user_id_000", "434239373634343739333439395F46697265666F78");
user_pref("CT2431245.backendstorage.cbcountry_000", "4445");
user_pref("CT2431245.backendstorage.cbcountry_001", "4445");
user_pref("CT2431245.backendstorage.cbfirsttime", "4D6F6E2041707220313620323031322031353A33303A343420474D542B30323030");
user_pref("CT2431245.backendstorage.cbopenmamsettings", "30");
user_pref("CT2431245.backendstorage.ct2431245ads1", "25374225323261647325323225334125354225374225323261696425323225334125323236323138382532322532432532327469746C65253232253341
user_pref("CT2431245.backendstorage.ct2431245current_term", "");
user_pref("CT2431245.backendstorage.ct2431245isadsdisabled", "66616C7365");
user_pref("CT2431245.backendstorage.ct2431245sdate", "37");
user_pref("CT2431245.backendstorage.for_aoi", "31333232303535323033");
user_pref("CT2431245.backendstorage.for_ccid", "6E756C6C");
user_pref("CT2431245.backendstorage.for_cdtr2", "31333232303535323033");
user_pref("CT2431245.backendstorage.for_cid", "4445");
user_pref("CT2431245.backendstorage.for_ip", "37382E34392E36342E3439");
user_pref("CT2431245.backendstorage.for_lcut", "31333630323732383532");
user_pref("CT2431245.backendstorage.for_rid", "3037");
user_pref("CT2431245.backendstorage.for_zoneid", "39353933");
user_pref("CT2431245.backendstorage.hxxp://www_safari-extensions_de/toolbar.magix.com", "31333437303232303232343632");
user_pref("CT2431245.backendstorage.hxxp://www_safari-extensions_de/toolbar.mydays.de", "31333538303938363531393731");
user_pref("CT2431245.backendstorage.nullads1", "25374225323261647325323225334125354225374225323261696425323225334125323236373033312532322532432532327469746C6525323225334125323
user_pref("CT2431245.backendstorage.nullcurrent_term", "6875617765692B7461626C6574");
user_pref("CT2431245.backendstorage.nullsdate", "39");
user_pref("CT2431245.backendstorage.pg_enable", "74727565");
user_pref("CT2431245.backendstorage.printitgreenstatus", "74727565");
user_pref("CT2431245.backendstorage.shoppingapp.gk.exipres", "467269204F637420313220323031322031383A34393A333220474D542B30323030");
user_pref("CT2431245.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
user_pref("CT2431245.backendstorage.url_history0001", "687474703A2F2F7777772E766964656F6C616E2E6F72672F766C632F66656174757265732E68746D6C3A3A3A636C69636B68616E646C65723A3A3A31
user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2431245.globalFirstTimeInfoLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100");
user_pref("CT2431245.homepageProtectorEnableByLogin", true);
user_pref("CT2431245.initDone", true);
user_pref("CT2431245.isAppTrackingManagerOn", false);
user_pref("CT2431245.isFirstRadioInstallation", false);
user_pref("CT2431245.myStuffEnabled", true);
user_pref("CT2431245.myStuffPublihserMinWidth", 400);
user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2431245.oldAppsList", "129009402577063104,129009402577844366,111,129790544018252482,129453393923725944,129453393922944692,129530497903908208,1000082,1290094025931
user_pref("CT2431245.revertSettingsEnabled", true);
user_pref("CT2431245.searchProtectorDialogDelayInSec", 10);
user_pref("CT2431245.searchProtectorEnableByLogin", true);
user_pref("CT2431245.testingCtid", "");
user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100");
user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Mon Jan 28 2013 19:21:46 GMT+0100");
user_pref("CT2431245.usagesFlag", 2);
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13");
user_pref("CommunityToolbar.ConduitSearchList", "Winload Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825", "\"6fac5a5ccc889c93a8aa363145b0ff3e3\"");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245", "\"c998820adac1fe0de37caddbbdd30f253\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", "\"1334580802\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "oIwsta2spzadhjRgiY1Nhw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de-de", "xVl2ui1iX6CDJwlhoXazeQ==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "pMJrsOAIrcWADPEnEML9WA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de-de", "pMJrsOAIrcWADPEnEML9WA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "9H/gICSaMqbmx+Gd+8W4Sg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de-de", "U5mhHQKIYvMC666+kpF/Lw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "Dq4oDE7bC6X7ZY06mrKiog==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de-de", "Dq4oDE7bC6X7ZY06mrKiog==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11.0.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825", "\"e6715935bc61d8502735ee5f6c368a10\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245", "\"e6715935bc61d8502735ee5f6c368a10\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=CT2319825", "\"1321973106\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2431245&octid=CT2431245", "\"1322734466\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"1e001cf3dece04c518486f09a85ba2f9\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"25e159cf149328da32047744404cb139\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"06f678f209fb37444851b5c9a29096e4\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\urflamingo\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\4zz1pslt.default\\conduitCommon\\modules\\3.16.0.3")
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_6d9a862f", "356x332");
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_ef8737ec", "356x332");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");
user_pref("CommunityToolbar.ToolbarsList", "CT2319825,CT2431245");
user_pref("CommunityToolbar.ToolbarsList2", "CT2319825,CT2431245");
user_pref("CommunityToolbar.ToolbarsList4", "CT2319825,CT2431245");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Feb 07 2013 22:34:09 GMT+0100");
user_pref("CommunityToolbar.globalUserId", "7e94f204-65f9-4c1d-9fe8-8ec2cda18057");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Feb 04 2013 21:53:26 GMT+0100");
user_pref("CommunityToolbar.notifications.alertEnabled", true);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Feb 07 2013 22:34:15 GMT+0100");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Feb 07 2013 22:34:08 GMT+0100");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "6ebe319b-0842-443a-8b73-7483fcdd92f6");
user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "foxsearch");
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13");
user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "");
user_pref("extensions.BabylonToolbar_i.hardId", "70567fb10000000000000016ea79b5bc");
user_pref("extensions.BabylonToolbar_i.id", "70567fb10000000000000016ea79b5bc");
user_pref("extensions.BabylonToolbar_i.instlDay", "15452");
user_pref("extensions.BabylonToolbar_i.instlRef", "std");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_def");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "def");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1713:57:20");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.crossriderapp21810.adsOldValue", -1);
user_pref("extensions.seoquake.params.370.icon", "AAABAAEAEBAAAAAAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAD///8B////Af///wHp6en/ubm5/4ODg/+JiYn/YmJi/
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
Emptied folder: C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\minidumps [68 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\urflamingo\appdata\local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\defdhglnppeioeflggkmglipcecffkhk
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.02.2013 at 22:54:24,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---

Und hier Adw Cleaner No1:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.111 - Datei am 07/02/2013 um 23:39:02 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : urflamingo - MM-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\urflamingo\Downloads\adwcleaner (1).exe
# Option [Suche]
 
 
**** [Dienste] ****
 
 
***** [Dateien / Ordner] *****
 
Ordner Gefunden : C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\halffneccaebicfdfajnbfgpglahfgoe
 
***** [Registrierungsdatenbank] *****
 
 
***** [Internet Browser] *****
 
-\\ Internet Explorer v9.0.8112.16457
 
[OK] Die Registrierungsdatenbank ist sauber.
 
-\\ Mozilla Firefox v18.0.2 (de)
 
Datei : C:\Users\urflamingo\AppData\Roaming\Mozilla\Firefox\Profiles\4zz1pslt.default\prefs.js
 
[OK] Die Datei ist sauber.
 
-\\ Google Chrome v24.0.1312.57
 
Datei : C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] Die Datei ist sauber.
 
-\\ Opera v11.10.2092.0
 
Datei : C:\Users\urflamingo\AppData\Roaming\Opera\Opera\operaprefs.ini
 
[OK] Die Datei ist sauber.
 
*************************
 
AdwCleaner[R1].txt - [1203 octets] - [07/02/2013 23:39:02]
AdwCleaner[S1].txt - [39785 octets] - [07/02/2013 23:29:30]
 
########## EOF - C:\AdwCleaner[R1].txt - [1324 octets] ##########
--- --- ---


und hier Adw Cleaner No2:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.111 - Datei am 07/02/2013 um 23:50:00 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : urflamingo - MM-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\urflamingo\Downloads\adwcleaner (1).exe
# Option [Suche]
 
 
**** [Dienste] ****
 
 
***** [Dateien / Ordner] *****
 
 
***** [Registrierungsdatenbank] *****
 
 
***** [Internet Browser] *****
 
-\\ Internet Explorer v9.0.8112.16457
 
[OK] Die Registrierungsdatenbank ist sauber.
 
-\\ Mozilla Firefox v18.0.2 (de)
 
Datei : C:\Users\urflamingo\AppData\Roaming\Mozilla\Firefox\Profiles\4zz1pslt.default\prefs.js
 
[OK] Die Datei ist sauber.
 
-\\ Google Chrome v24.0.1312.57
 
Datei : C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] Die Datei ist sauber.
 
-\\ Opera v11.10.2092.0
 
Datei : C:\Users\urflamingo\AppData\Roaming\Opera\Opera\operaprefs.ini
 
[OK] Die Datei ist sauber.
 
*************************
 
AdwCleaner[R1].txt - [1393 octets] - [07/02/2013 23:39:02]
AdwCleaner[R2].txt - [1134 octets] - [07/02/2013 23:50:00]
AdwCleaner[S1].txt - [39785 octets] - [07/02/2013 23:29:30]
AdwCleaner[S2].txt - [1455 octets] - [07/02/2013 23:41:47]
 
########## EOF - C:\AdwCleaner[R2].txt - [1315 octets] ##########
--- --- ---

Schritt 3 habe ich nicht ausgeführt, weil er nur auf ausdrückliche Anweisung ausgeführt werden soll.

Mit dankbarem Gruß

Urflamingo

Hallo Matthias,

das mit Schritt 3 hatte ich zunächst falsch verstanden. Natürlich war Combofix von Dir veranlasst. Habe Combofix installiert und laufen lassen. Etwas irritiert war ich, dass mir Combofix immer gesagt hat, dass McAfee Antivirus + Spyware aktiviert sei, obwohl sowohl Scans als auch Firewall deaktiviert waren.

Im Anschluss hat Combofix einen automatischen Restart veranlasst, wonach sich Windows dann aber an der üblichen Stelle (Willkommens-Bildschirm) wieder aufgehängt hat.

Hier die Combofix-Log-Datei:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-02-07.02 - urflamingo 08.02.2013  14:11:16.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2043 [GMT 1:00]
ausgeführt von:: c:\users\urflamingo\Downloads\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee  Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
 ADS - Windows: deleted 128 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\programdata\1993A8905C.sys
c:\users\urflamingo\AppData\Local\404.php
c:\users\urflamingo\AppData\Local\assembly\tmp
c:\users\urflamingo\AppData\Local\fvtledlc.exe
c:\users\urflamingo\AppData\Local\LICENSE.TXT
c:\users\urflamingo\AppData\Roaming\1&1
c:\users\urflamingo\AppData\Roaming\1&1\1&1 EasyLogin\customer.xml
c:\users\urflamingo\AppData\Roaming\1&1\1&1 EasyLogin\EasyLogin.log
c:\users\urflamingo\AppData\Roaming\1&1\1&1 EasyLogin\update\EasyLogin_setup_DE.exe
c:\users\urflamingo\g2mdlhlpx.exe
c:\users\urflamingo\Media
c:\users\urflamingo\Media\cache\headway.css
c:\users\urflamingo\Media\cache\images\index.html
c:\users\urflamingo\Media\cache\leafs.css
c:\users\urflamingo\Media\cache\scripts.js
c:\users\urflamingo\Media\css\breadcrumbs.css
c:\users\urflamingo\Media\css\comments.css
c:\users\urflamingo\Media\css\entries.css
c:\users\urflamingo\Media\css\footer.css
c:\users\urflamingo\Media\css\forms.css
c:\users\urflamingo\Media\css\global.css
c:\users\urflamingo\Media\css\header.css
c:\users\urflamingo\Media\css\ie\ie.css
c:\users\urflamingo\Media\css\ie\ie6.css
c:\users\urflamingo\Media\css\ie\ie7.css
c:\users\urflamingo\Media\css\leafs.css
c:\users\urflamingo\Media\css\misc\bare-elements.css
c:\users\urflamingo\Media\css\misc\print.css
c:\users\urflamingo\Media\css\navigation.css
c:\users\urflamingo\Media\css\plugins.css
c:\users\urflamingo\Media\css\specific-leafs.css
c:\users\urflamingo\Media\css\widgets.css
c:\users\urflamingo\Media\css\wrapper.css
c:\users\urflamingo\Media\images\blockquote.gif
c:\users\urflamingo\Media\images\email.gif
c:\users\urflamingo\Media\images\rss.gif
c:\users\urflamingo\Media\images\social\facebook.png
c:\users\urflamingo\Media\images\social\feed.png
c:\users\urflamingo\Media\images\social\friendfeed.png
c:\users\urflamingo\Media\images\social\linkedin.png
c:\users\urflamingo\Media\images\social\stumbleupon.png
c:\users\urflamingo\Media\images\social\twitter.png
c:\users\urflamingo\Media\images\social\vimeo.png
c:\users\urflamingo\Media\images\social\youtube.png
c:\users\urflamingo\Media\index.php
c:\users\urflamingo\Media\js\equal-columns.js
c:\users\urflamingo\Media\js\ie6.js
c:\users\urflamingo\Media\js\libraries\jquery.cycle.js
c:\users\urflamingo\Media\js\libraries\unitpngfix\clear.gif
c:\users\urflamingo\Media\js\libraries\unitpngfix\unitpngfix.js
c:\windows\Hook.dll
c:\windows\system32\drivers\tcpip.copy
c:\windows\system32\spool\prtprocs\w32x86\ActPrint.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-08 bis 2013-02-08  ))))))))))))))))))))))))))))))
.
.
2013-02-08 13:21 . 2013-02-08 13:33	--------	d-----w-	c:\users\urflamingo\AppData\Local\temp
2013-02-08 13:21 . 2013-02-08 13:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-07 22:06 . 2013-02-07 22:06	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-07 21:50 . 2013-02-07 21:50	--------	d-----w-	c:\windows\ERUNT
2013-02-07 21:48 . 2013-02-07 21:48	--------	dc----w-	C:\JRT
2013-02-06 23:21 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-06 20:56 . 2013-02-06 20:56	--------	d-----w-	c:\users\urflamingo\AppData\Roaming\Malwarebytes
2013-02-06 20:56 . 2013-02-06 20:56	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-06 20:56 . 2013-02-06 23:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-02-05 17:10 . 2013-02-05 17:11	--------	d-----w-	c:\users\urflamingo\AppData\Roaming\vlc
2013-02-05 17:08 . 2013-02-05 17:08	--------	d-----w-	c:\program files\VideoLAN
2013-02-03 11:05 . 2013-02-03 11:04	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-01-30 22:42 . 2013-01-30 22:42	--------	d-----w-	c:\program files\CdCoverCreator
2013-01-30 22:18 . 2013-01-30 22:18	--------	d-----w-	c:\users\urflamingo\AppData\Roaming\DSite
2013-01-30 15:25 . 2013-01-30 15:25	--------	d-----w-	c:\users\urflamingo\Corel
2013-01-30 15:18 . 2010-11-16 15:24	13880	----a-w-	c:\windows\system32\drivers\regi.sys
2013-01-28 18:04 . 2013-01-30 18:29	31576	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2013-01-28 18:03 . 2013-01-28 18:03	--------	d--h--w-	c:\programdata\Common Files
2013-01-28 18:01 . 2013-01-28 18:01	--------	d-----w-	c:\program files\Common Files\Nero
2013-01-28 18:00 . 2013-01-28 18:03	--------	d-----w-	c:\programdata\Nero
2013-01-28 17:57 . 2013-01-28 18:03	--------	d-----w-	c:\program files\Nero
2013-01-19 00:30 . 2013-01-19 00:30	--------	d-----w-	c:\program files\Miracle Squeeze Page Builder
2013-01-19 00:23 . 2013-01-19 00:23	--------	d-----w-	c:\program files\PinDetective
2013-01-19 00:13 . 2013-01-19 00:13	--------	d-----w-	c:\program files\PinAutomation - Affiliate Robot
2013-01-18 00:40 . 2013-01-18 00:40	--------	d-----w-	c:\program files\Citrix
2013-01-13 23:34 . 2010-02-02 11:30	331136	----a-w-	c:\windows\EMVUn.EXE
2013-01-13 23:34 . 2013-01-13 23:34	--------	d-----w-	c:\program files\E-MailVerifier
2013-01-13 23:33 . 2013-01-13 23:33	--------	d-----w-	c:\users\urflamingo\AppData\Roaming\SuperMailer
2013-01-13 23:33 . 2010-03-17 09:45	331136	----a-w-	c:\windows\SMUn.EXE
2013-01-13 23:33 . 2013-01-13 23:33	--------	d-----w-	c:\program files\SuperMailer
2013-01-13 17:05 . 2013-01-13 17:05	--------	d-----w-	c:\users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2013-01-13 17:03 . 2013-01-13 17:03	--------	d-----w-	c:\program files\Market Samurai
2013-01-09 22:52 . 2013-01-09 22:52	--------	dc----w-	C:\Betriebssystem
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-03 11:04 . 2012-11-06 15:51	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-03 11:04 . 2011-07-11 10:52	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-08 23:33 . 2012-07-31 12:10	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-08 23:33 . 2011-08-09 09:59	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-31 11:31 . 2012-12-31 11:31	170752	----a-w-	c:\windows\system32\drivers\snapman.sys
2012-12-31 11:31 . 2012-12-31 11:31	76768	----a-w-	c:\windows\system32\drivers\fltsrv.sys
2012-12-16 13:12 . 2012-12-22 13:23	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-22 13:23	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-11-23 01:35 . 2013-01-09 12:53	2048000	----a-w-	c:\windows\system32\win32k.sys
2012-11-20 04:22 . 2013-01-09 12:51	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-11-14 02:09 . 2012-12-13 11:10	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 11:10	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 11:10	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 11:10	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 11:10	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 11:10	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-13 20:29 . 2012-11-13 20:29	354216	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-13 01:29 . 2012-12-12 11:24	2048	----a-w-	c:\windows\system32\tzres.dll
2013-02-06 17:54 . 2013-02-06 17:51	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{a938761b-202b-4828-87e4-f21fec37d02d}]
2011-12-07 13:47	92040	----a-w-	c:\program files\PDF Suite 2012\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11aa5c56-b4e2-4b8f-803a-d340415532f3}"= "c:\program files\PDF Suite 2012\PDFIEPlugin.dll" [2011-12-07 750472]
.
[HKEY_CLASSES_ROOT\clsid\{11aa5c56-b4e2-4b8f-803a-d340415532f3}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{99e9d44c-f699-4ab3-8f4b-46dd12e9a9f6}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\urflamingo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\urflamingo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\urflamingo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11	2872120	----a-w-	c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11	2872120	----a-w-	c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11	2872120	----a-w-	c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SMASH"="c:\program files\SoftMaker Office Professional 2012 (Trial)\smash.exe" [2012-05-07 233507]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DriverScanner"="c:\progra~1\Uniblue\DRIVER~1\launcher.exe" [2011-10-20 338296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~2\TrayServer.exe" [2008-08-07 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"CorelCreatorClient"="c:\program files\Corel\Corel PDF Fusion\CorelCreatorClient.exe" [2012-04-25 667648]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\urflamingo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-09-09 02:16	3197952	----a-w-	c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24	567560	----a-w-	c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\Acer\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backupExtension=.CommonStartup
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dimdim.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dimdim.lnk
backupExtension=.CommonStartup
backup=c:\windows\pss\Dimdim.lnk.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^urflamingo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backupExtension=.Startup
backup=c:\windows\pss\Orion.lnk.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1&1 EasyLogin]
2010-12-29 07:58	1111040	----a-w-	c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-07-24 13:54	147456	------w-	c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2006-12-27 23:02	1454080	----a-r-	c:\program files\avmwlanstick\WLanGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 19:36	28672	----a-w-	c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-24 13:54	167936	------w-	c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2008-05-30 10:24	544768	----a-w-	c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-05-14 15:05	526896	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-08-01 07:51	405504	----a-w-	c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-07-20 09:45	182808	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-06-04 12:03	817672	----a-w-	c:\progra~1\LAUNCH~1\QtZgAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-07-18 16:23	13543968	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-07-18 16:23	92704	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 08:56	200704	----a-w-	c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
2010-02-05 12:48	884740	----a-w-	c:\program files\NCH Swift Sound\Recordpad\recordpad.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-07 08:19	6139904	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
2009-11-25 17:50	2011205	----a-w-	c:\program files\Software Informer\softinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-25 02:08	1049896	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03	303104	----a-w-	c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
2008-09-09 02:15	3676160	----a-w-	c:\program files\Acer\Acer Bio Protection\PdtWzd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
HPService	REG_MULTI_SZ   	HPSLPSVC
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 17:14	1607120	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 23:33]
.
2013-02-07 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-12-26 12:43]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:17]
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:17]
.
2013-02-06 c:\windows\Tasks\next.job
- c:\programdata\Dimdim\Updater\next.exe [2010-09-15 13:52]
.
2013-02-06 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2013-01-30 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = fritz.box;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\urflamingo\AppData\Roaming\Mozilla\Firefox\Profiles\4zz1pslt.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - ExtSQL: !HIDDEN! 2009-09-02 10:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-09-30 14:14; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2010-02-21 23:42; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
.
------- Dateityp-Verknüpfung -------
.
.txt=UltraEdit.txt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
HKLM-Run-PrintDisp - c:\windows\system32\PrintDisp.exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-1und1 Update - c:\program files\1&1\LiveUpdate\m2LUTray.exe
MSConfigStartUp-Getdo - c:\users\urflamingo\AppData\Roaming\Adobe\Update\flacor.dat
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-oxgoqy - c:\users\urflamingo\appdata\local\oxgoqy.exe
MSConfigStartUp-PDFPrint - c:\program files\pdf24\pdf24.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
MSConfigStartUp-VIP Organizer - c:\program files\VIP Quality Software\VIP Organizer\VIP Organizer.exe
MSConfigStartUp-{AE5F6803-1805-7315-39B0-CB7BBC8EC0CA} - c:\users\urflamingo\AppData\Roaming\Duybci\maeco.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-08 14:32
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3339244594-544626258-3807575601-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*5*0*¬ \OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1764)
c:\users\urflamingo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\mfevtps.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\McAfee\MAT\McPvTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-08  14:40:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-08 13:40
.
Vor Suchlauf: 18 Verzeichnis(se), 36.774.187.008 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 38.477.262.848 Bytes frei
.
- - End Of File - - ECBB9F2468A47F066340B53B3CFB1ECA
--- --- ---


Mit dankbarem Gruß und der Hoffnung auf einen positiven Ausgang

Urflamingo

Hallo, Erfolg No1 ist da! Die Werbeeinblendungen finden nicht mehr statt. Dieser Sumpf scheint trocken gelegt.

Jetzt wäre es toll, wenn wir noch erreichen könnten, dass das Notebook auch wieder im Normal-Modus läuft.

Gruß urflamingo
__________________
Alt 08.02.2013, 17:17   #4
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Servus,



es freut mich, dass die Werbelinks schon mal weg sind.


Führe bitte OTL im abgesicherten Modus aus:



  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
c:\users\urflamingo\AppData\Roaming\*.
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs wird 1 Logdatei erstellt.
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
Alt 08.02.2013, 18:39   #5
urflamingo
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Hallo Matthias,

vielen Dank für Deine schnellen Reaktionen. Das ist wirklich super!
Hier nun die Inhalte von Logfile OTLneu.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.02.2013 18:10:54 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\urflamingo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 76,57% Memory free
10,67 Gb Paging File | 10,18 Gb Available in Paging File | 95,34% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4597 4597 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 35,78 Gb Free Space | 24,84% Space Free | Partition Type: NTFS
Drive D: | 178,85 Gb Total Space | 100,95 Gb Free Space | 56,44% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 86,21 Gb Free Space | 61,36% Space Free | Partition Type: NTFS
Drive H: | 59,65 Gb Total Space | 55,37 Gb Free Space | 92,83% Space Free | Partition Type: NTFS
Drive I: | 3,69 Gb Total Space | 3,23 Gb Free Space | 87,60% Space Free | Partition Type: FAT32
Drive J: | 59,58 Gb Total Space | 59,49 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: MM-PC | User Name: urflamingo | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.07 14:19:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\urflamingo\Downloads\OTL.exe
PRC - [2012.11.09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012.11.09 06:50:10 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012.09.12 12:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012.09.10 21:08:30 | 000,513,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe
PRC - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.11 16:31:19 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c7d8599466a6a2a62641149253082cf4\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
MOD - [2013.01.11 16:28:39 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\be7e9d179601b68d944bca0774562154\CustomMarshalers.ni.dll
MOD - [2013.01.10 23:30:24 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\d8790cade73bde092e1a268821f6c650\stdole.ni.dll
MOD - [2013.01.10 19:39:15 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll
MOD - [2013.01.10 19:29:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.10 19:02:34 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll
MOD - [2013.01.10 18:52:25 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.10 18:28:17 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 18:27:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.12.13 12:48:28 | 000,662,120 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
MOD - [2012.12.12 23:31:10 | 000,180,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.dll
MOD - [2012.12.12 23:31:10 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll
MOD - [2012.10.05 11:59:08 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.10.05 11:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.10.05 11:59:03 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2009.03.30 05:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009.03.30 05:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 05:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2008.10.09 13:10:12 | 000,226,656 | ---- | M] () -- C:\Windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\office.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013.02.06 18:54:40 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 00:33:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.16 21:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012.11.09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012.11.09 06:50:10 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012.11.09 06:48:10 | 000,203,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012.10.26 19:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012.04.25 10:45:20 | 000,073,728 | ---- | M] (Global Graphics Software Ltd) [On_Demand | Stopped] -- C:\Windows\System32\CorelCreatorMessages.exe -- (CorelCreatorMessages)
SRV - [2012.03.02 09:49:04 | 000,032,256 | ---- | M] (CloudBerry Lab Inc.) [Auto | Stopped] -- C:\Program Files\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe -- (CloudBerry Backup Service)
SRV - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.07 14:47:40 | 000,886,664 | ---- | M] (Interactive Brands Inc.) [Auto | Stopped] -- C:\Program Files\PDF Suite 2012\ConversionService.exe -- (PDF Suite 2012 Service)
SRV - [2011.12.07 14:47:32 | 000,813,960 | ---- | M] (Interactive Brands Inc.) [On_Demand | Stopped] -- C:\Program Files\PDF Suite 2012\HelperService.exe -- (PDF Suite 2012 Helper Service)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.10.20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010.04.13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008.09.09 03:15:52 | 003,602,432 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008.07.20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.06.02 08:25:40 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.05.14 16:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.01.10 16:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\URFLAM~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013.01.30 19:29:34 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.12.31 12:31:43 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.09 06:56:16 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012.11.09 06:53:32 | 000,210,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012.11.09 06:52:12 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012.11.09 06:51:12 | 000,565,352 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012.11.09 06:50:20 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012.11.09 06:50:00 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012.11.09 06:49:40 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012.11.09 06:49:10 | 000,132,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012.09.14 16:26:32 | 000,064,832 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2012.04.20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010.11.16 16:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2010.04.13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009.06.22 20:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.22 19:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.03.28 14:38:00 | 000,034,128 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2008.09.09 03:15:48 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.07.18 17:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.18 15:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.06.25 06:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.05.19 17:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.05.05 02:05:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.01.16 17:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007.10.18 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.03.28 06:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006.12.28 00:02:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE295DE296
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{8DF2838F-9A1E-49C0-B00E-DC8CC7617363}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{967A10CF-F7FE-44E6-A6FF-2D82A45CB247}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{A6C933D4-11C0-4AD0-8DEA-83C05F3BCD0C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\SearchScopes\{F598805B-AFDB-41A7-8FFD-1CE006901343}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: finder%40meingutscheincode.de:3.0.3
FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8
FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.10
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.7
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0
FF - prefs.js..extensions.enabledAddons: %7BD19CA586-DD6C-4a0a-96F8-14644F340D60%7D:14.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@dimdim.com/DimdimPlugin: C:\Program Files\Dimdim\Plugin\Application\npDimDimControl.dll (Dimdim, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.09.30 13:14:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.21 23:42:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.04.08 15:31:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFConverter2012@ib.com: C:\Program Files\PDF Suite 2012\firefoxextension2012 [2012.01.19 18:05:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.12.13 23:19:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013.02.07 01:03:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.10.07 16:59:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 18:54:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 22:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.11.29 12:56:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.09.30 13:14:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 18:54:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 22:42:35 | 000,000,000 | ---D | M]
 
[2010.10.25 11:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Extensions
[2010.10.25 11:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2013.02.07 23:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions
[2010.04.28 10:06:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.14 17:09:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013.01.29 16:13:30 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012.08.01 15:04:23 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.07.23 10:39:00 | 000,000,000 | ---D | M] (FireFox accelerator) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\{E78313ED-E64C-451B-9B5F-8A66A8D08A64}
[2010.09.14 20:58:58 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\firefox@tvunetworks.com
[2010.11.12 17:43:05 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\support@predictad.com
[2011.10.16 22:59:03 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\extensions\finder@meingutscheincode.de.xpi
[2012.12.13 14:31:30 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\extensions\firebug@software.joehewitt.com.xpi
[2011.10.16 22:59:41 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2012.09.10 14:32:17 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\urflamingo\AppData\Roaming\mozilla\firefox\profiles\4zz1pslt.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013.02.06 18:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.02.07 01:03:18 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.12.13 23:19:46 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2013.02.06 18:54:42 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2012.07.05 13:55:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.10 14:04:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.05 13:55:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.11 09:33:29 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2012.07.05 13:55:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.18 13:49:37 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.07.05 13:55:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.05 13:55:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Dimdim NPRuntime Plugin for Netscape browsers (Enabled) = C:\Program Files\Dimdim\Plugin\Application\npDimDimControl.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: SiteAdvisor = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\urflamingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.02.08 14:32:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120702145158.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (PDF Suite 2012 Helper) - {a938761b-202b-4828-87e4-f21fec37d02d} - C:\Program Files\PDF Suite 2012\PDFIEHelper.dll (Interactive Brands Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PDF Suite 2012 Toolbar) - {11aa5c56-b4e2-4b8f-803a-d340415532f3} - C:\Program Files\PDF Suite 2012\PDFIEPlugin.dll (Interactive Brands Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CorelCreatorClient] C:\Program Files\Corel\Corel PDF Fusion\CorelCreatorClient.exe (Global Graphics Software Ltd.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_15_Plus\Trayserver.exe (MAGIX AG)
O4 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\Launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000..\Run: [SMASH] C:\Program Files\SoftMaker Office Professional 2012 (Trial)\smash.exe (SoftMaker Software GmbH)
O4 - Startup: C:\Users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\urflamingo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09B45471-8CDB-459E-84D6-40A2D15A253E}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F56A700-1388-464F-B01B-632C2938717E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{463FB10B-4FC8-44CD-824A-096C81AA3247}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4C48850-96A6-48A4-B659-90FD593E694E}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD4F4B37-B879-4A13-9722-9E613DE9BE89}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\urflamingo\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\urflamingo\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3339244594-544626258-3807575601-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dimdim.lnk - C:\Program Files\Dimdim\Plugin\Application\Dimdim.exe - ()
MsConfig - StartUpFolder: C:^Users^urflamingo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk -  - File not found
MsConfig - StartUpReg: 1&1 EasyLogin - hkey= - key= - C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
MsConfig - StartUpReg: BkupTray - hkey= - key= - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: eAudio - hkey= - key= - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: ePower_DMC - hkey= - key= - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: PLFSetI - hkey= - key= - C:\Windows\PLFSetI.exe ()
MsConfig - StartUpReg: Recordpad - hkey= - key= - C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe (NCH Software)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Software Informer - hkey= - key= - C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
MsConfig - StartUpReg: ZPdtWzdVitaKey MC3000 - hkey= - key= - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
 
Drivers32: msacm.dvacm_vspx5 - c:\Program Files\Corel\Corel VideoStudio Ultimate X5\Common Files\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.pDAD - C:\Windows\System32\prodad-codec.dll (proDAD GmbH)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.WMV3 - C:\Windows\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET|COMMAND /RS HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET|COMMAND /64 /RS CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.08 14:40:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.08 14:40:22 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Local\temp
[2013.02.08 14:32:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.08 13:54:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.08 13:54:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.08 13:54:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.08 13:43:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.08 13:42:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.07 23:06:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.07 22:50:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.07 22:48:00 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.07 00:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.07 00:21:51 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.06 21:56:49 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\Malwarebytes
[2013.02.06 21:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.06 21:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.06 18:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.05 18:10:27 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\vlc
[2013.02.05 18:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.05 18:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.02.03 12:05:42 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.03 12:05:07 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.03 12:05:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.03 12:05:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.31 17:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.01.30 23:42:09 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CdCoverCreator
[2013.01.30 23:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CdCoverCreator
[2013.01.30 23:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\CdCoverCreator
[2013.01.30 23:18:57 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
[2013.01.30 23:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony
[2013.01.30 23:18:50 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\DSite
[2013.01.30 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\Corel
[2013.01.30 16:18:35 | 000,013,880 | ---- | C] (InterVideo) -- C:\Windows\System32\drivers\regi.sys
[2013.01.28 19:05:51 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\Documents\Nero
[2013.01.28 19:04:25 | 000,031,576 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.01.28 19:03:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.28 19:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2013.01.28 19:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013.01.28 19:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013.01.28 18:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2013.01.22 21:21:49 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\Documents\Recordpad
[2013.01.19 01:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miracle Squeeze Page Builder
[2013.01.19 01:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Miracle Squeeze Page Builder
[2013.01.19 01:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\PinDetective
[2013.01.19 01:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\PinAutomation - Affiliate Robot
[2013.01.18 16:28:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus
[2013.01.18 01:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2013.01.17 16:33:51 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\Documents\MAGIX Speed
[2013.01.17 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\Documents\MAGIX Downloads
[2013.01.17 15:50:01 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\Documents\Corel MotionStudio 3D
[2013.01.14 00:34:52 | 000,331,136 | ---- | C] (Mirko Böer) -- C:\Windows\EMVUn.EXE
[2013.01.14 00:34:51 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\E-MailVerifier
[2013.01.14 00:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\E-MailVerifier
[2013.01.14 00:33:38 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\SuperMailer
[2013.01.14 00:33:15 | 000,331,136 | ---- | C] (Mirko Böer) -- C:\Windows\SMUn.EXE
[2013.01.14 00:33:14 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperMailer
[2013.01.14 00:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\SuperMailer
[2013.01.13 18:05:27 | 000,000,000 | ---D | C] -- C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2013.01.13 18:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2013.01.09 23:52:42 | 000,000,000 | ---D | C] -- C:\Betriebssystem
[2010.12.10 23:56:46 | 000,475,704 | ---- | C] (NCH Software) -- C:\ProgramData\prismsetup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.08 18:05:02 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2013.02.08 17:59:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.08 15:24:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.08 15:24:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.02.08 15:24:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.08 15:24:17 | 000,143,914 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.02.08 14:32:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.02.07 23:43:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.07 23:32:37 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.07 21:25:07 | 000,634,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.07 21:08:47 | 000,073,728 | ---- | M] () -- C:\Users\urflamingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.07 16:14:03 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.02.07 14:14:58 | 000,000,000 | ---- | M] () -- C:\Users\urflamingo\defogger_reenable
[2013.02.07 00:22:14 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.06 23:37:25 | 000,705,482 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.06 23:37:25 | 000,661,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.06 23:37:25 | 000,159,046 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.06 23:37:25 | 000,130,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.06 22:19:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.06 18:00:04 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\next.job
[2013.02.06 18:00:03 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2013.02.05 18:09:08 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.03 12:04:37 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.03 12:04:36 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.03 12:04:36 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.03 12:04:36 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.03 12:04:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.03 12:04:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.03 11:56:35 | 000,000,960 | ---- | M] () -- C:\Users\urflamingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.03 11:56:22 | 000,000,938 | ---- | M] () -- C:\Users\urflamingo\Desktop\Dropbox.lnk
[2013.02.03 11:55:15 | 000,047,104 | ---- | M] () -- C:\Users\urflamingo\AppData\Local\WebpageIcons.db
[2013.01.31 17:39:18 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.31 17:39:18 | 000,001,875 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.31 00:37:30 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000ED4.LCS
[2013.01.30 23:42:10 | 000,000,840 | ---- | M] () -- C:\Users\urflamingo\Desktop\CdCoverCreator.lnk
[2013.01.30 23:18:59 | 000,000,756 | ---- | M] () -- C:\Users\urflamingo\Desktop\MiPony.lnk
[2013.01.30 19:29:34 | 000,031,576 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.01.30 16:19:19 | 000,000,040 | -H-- | M] () -- C:\Windows\System32\ivireg.ivr
[2013.01.30 16:18:50 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk
[2013.01.30 12:38:44 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2013.01.19 01:42:19 | 000,000,206 | ---- | M] () -- C:\Windows\EurekaLog.ini
[2013.01.19 01:30:45 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk
[2013.01.19 01:23:01 | 000,000,841 | ---- | M] () -- C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk
[2013.01.19 01:13:09 | 000,001,069 | ---- | M] () -- C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk
[2013.01.18 14:56:31 | 000,000,970 | ---- | M] () -- C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk
[2013.01.17 18:36:47 | 000,029,053 | ---- | M] () -- C:\Users\urflamingo\Documents\Versuch1.ffd
[2013.01.17 16:34:34 | 000,000,046 | ---- | M] () -- C:\Windows\Speed.INI
[2013.01.17 15:50:01 | 000,000,024 | ---- | M] () -- C:\Windows\System32\DKRNL.JAX
[2013.01.16 16:18:43 | 000,007,592 | ---- | M] () -- C:\Users\urflamingo\AppData\Local\d3d9caps.dat
[2013.01.14 23:37:49 | 000,024,576 | ---- | M] () -- C:\Users\urflamingo\Documents\verguetungssysteme.dsam
[2013.01.14 23:23:40 | 000,322,760 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2013.01.14 13:43:56 | 000,143,914 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.01.14 00:34:52 | 000,002,269 | R--- | M] () -- C:\Windows\E-MailVerifier_Uninstall.in
[2013.01.14 00:34:52 | 000,000,715 | ---- | M] () -- C:\Users\urflamingo\Desktop\E-MailVerifier.lnk
[2013.01.14 00:33:15 | 000,003,306 | R--- | M] () -- C:\Windows\SuperMailer_Uninstall.in
[2013.01.14 00:33:15 | 000,000,695 | ---- | M] () -- C:\Users\urflamingo\Desktop\SuperMailer.lnk
[2013.01.13 18:04:09 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.08 13:54:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.08 13:54:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.08 13:54:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.08 13:54:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.08 13:54:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.07 14:14:58 | 000,000,000 | ---- | C] () -- C:\Users\urflamingo\defogger_reenable
[2013.02.07 00:22:14 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.05 18:09:08 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.31 17:39:18 | 000,001,875 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.30 23:42:10 | 000,000,840 | ---- | C] () -- C:\Users\urflamingo\Desktop\CdCoverCreator.lnk
[2013.01.30 23:18:59 | 000,000,756 | ---- | C] () -- C:\Users\urflamingo\Desktop\MiPony.lnk
[2013.01.30 16:19:10 | 000,000,040 | -H-- | C] () -- C:\Windows\System32\ivireg.ivr
[2013.01.30 16:18:50 | 000,001,746 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel WinDVD Pro 11.lnk
[2013.01.30 16:18:50 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk
[2013.01.19 01:30:45 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk
[2013.01.19 01:23:01 | 000,000,841 | ---- | C] () -- C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk
[2013.01.19 01:13:09 | 000,001,069 | ---- | C] () -- C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk
[2013.01.18 14:56:31 | 000,000,970 | ---- | C] () -- C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk
[2013.01.17 18:36:46 | 000,029,053 | ---- | C] () -- C:\Users\urflamingo\Documents\Versuch1.ffd
[2013.01.17 16:33:51 | 000,000,046 | ---- | C] () -- C:\Windows\Speed.INI
[2013.01.17 15:50:01 | 000,000,024 | ---- | C] () -- C:\Windows\System32\DKRNL.JAX
[2013.01.14 23:21:59 | 000,024,576 | ---- | C] () -- C:\Users\urflamingo\Documents\verguetungssysteme.dsam
[2013.01.14 00:34:52 | 000,002,269 | R--- | C] () -- C:\Windows\E-MailVerifier_Uninstall.in
[2013.01.14 00:34:52 | 000,000,715 | ---- | C] () -- C:\Users\urflamingo\Desktop\E-MailVerifier.lnk
[2013.01.14 00:33:15 | 000,003,306 | R--- | C] () -- C:\Windows\SuperMailer_Uninstall.in
[2013.01.14 00:33:15 | 000,000,695 | ---- | C] () -- C:\Users\urflamingo\Desktop\SuperMailer.lnk
[2013.01.13 18:04:09 | 000,000,788 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2013.01.13 18:04:08 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2013.01.03 01:04:36 | 000,237,568 | R--- | C] () -- C:\Windows\System32\qtmlClient.dll
[2013.01.03 01:04:36 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.4.ini
[2012.04.25 10:46:18 | 000,126,976 | ---- | C] () -- C:\Windows\System32\corelcreatorpm.dll
[2012.04.25 10:45:22 | 000,010,240 | ---- | C] () -- C:\Windows\System32\CorelCreatorMessagesPS.dll
[2012.04.06 16:11:27 | 000,035,451 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\snippets.html
[2012.04.06 16:11:27 | 000,030,634 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\style.css
[2012.04.06 16:11:27 | 000,003,421 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\single.php
[2012.04.06 16:11:27 | 000,001,066 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\tag.php
[2012.04.06 16:11:27 | 000,000,893 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\wvr-settings.php
[2012.04.06 16:11:27 | 000,000,738 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\wvr-admin-style.css
[2012.04.06 16:11:26 | 000,029,025 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\screenshot.png
[2012.04.06 16:11:26 | 000,004,629 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\rtl.css
[2012.04.06 16:11:26 | 000,001,900 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page.php
[2012.04.06 16:11:26 | 000,001,802 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\sidebar-footer.php
[2012.04.06 16:11:26 | 000,001,702 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\sidebar.php
[2012.04.06 16:11:26 | 000,001,507 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\search.php
[2012.04.06 16:11:26 | 000,000,522 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-wrapperonly.php
[2012.04.06 16:11:26 | 000,000,493 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\sidebar-altright.php
[2012.04.06 16:11:26 | 000,000,490 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\sidebar-altleft.php
[2012.04.06 16:11:25 | 000,002,843 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-sitemap.php
[2012.04.06 16:11:25 | 000,002,710 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-posts-excerpt2col.php
[2012.04.06 16:11:25 | 000,002,498 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-posts-title2col.php
[2012.04.06 16:11:25 | 000,002,495 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-posts-excerpt.php
[2012.04.06 16:11:25 | 000,002,485 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-posts2col.php
[2012.04.06 16:11:25 | 000,002,484 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-posts-title.php
[2012.04.06 16:11:25 | 000,002,473 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-posts.php
[2012.04.06 16:11:25 | 000,001,554 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-onecolumniframe.php
[2012.04.06 16:11:24 | 000,003,797 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\loop.php
[2012.04.06 16:11:24 | 000,001,796 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-multicolcontent.php
[2012.04.06 16:11:24 | 000,001,793 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-altright.php
[2012.04.06 16:11:24 | 000,001,779 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-altleft.php
[2012.04.06 16:11:24 | 000,001,736 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\page-customheader.php
[2012.04.06 16:11:24 | 000,001,453 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\onecolumn-page.php
[2012.04.06 16:11:23 | 000,004,568 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\loop-twocol.php
[2012.04.06 16:11:23 | 000,004,149 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\loop-pwp.php
[2012.04.06 16:11:23 | 000,001,380 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\index.php
[2012.04.06 16:11:22 | 000,092,084 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\help.html
[2012.04.06 16:11:22 | 000,044,722 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\functions.php
[2012.04.06 16:11:22 | 000,010,354 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\header.php
[2012.04.06 16:11:22 | 000,007,629 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\header-custom.php
[2012.04.06 16:11:22 | 000,001,227 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\gallery.php
[2012.04.06 16:11:21 | 000,020,595 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\css-help.html
[2012.04.06 16:11:21 | 000,003,862 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\editor-style.css
[2012.04.06 16:11:21 | 000,003,070 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\comments.php
[2012.04.06 16:11:21 | 000,001,971 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\footer.php
[2012.04.06 16:11:21 | 000,000,765 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\editor-style-rtl.css
[2012.04.06 16:11:20 | 000,004,094 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\attachment.php
[2012.04.06 16:11:20 | 000,002,380 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\author.php
[2012.04.06 16:11:20 | 000,001,361 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\category.php
[2012.04.06 16:11:19 | 000,002,084 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\archive.php
[2012.03.29 12:47:01 | 004,191,424 | ---- | C] () -- C:\Windows\ConferenceRS.exe
[2012.03.23 19:49:26 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.01.02 23:38:30 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.12.29 17:16:26 | 000,049,559 | ---- | C] () -- C:\Users\urflamingo\hotelreservierung.de.htm
[2011.12.27 13:00:57 | 000,000,021 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\mc.pixel.data
[2011.12.21 00:47:45 | 000,002,826 | ---- | C] () -- C:\Users\urflamingo\.recently-used.xbel
[2011.10.01 11:36:14 | 000,000,095 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\sgkpbhtr.bat
[2011.06.15 21:48:18 | 000,004,280 | ---- | C] () -- C:\Users\urflamingo\UST Erklärung 2009.elfo
[2011.02.02 12:34:36 | 000,000,000 | ---- | C] () -- C:\Users\urflamingo\.gtk-bookmarks
[2011.02.02 11:52:59 | 000,753,388 | ---- | C] () -- C:\Users\urflamingo\.fonts.cache-1
[2011.01.25 18:56:23 | 000,413,408 | ---- | C] () -- C:\Users\urflamingo\web_developer-1.1.9-fx+sm.xpi
[2011.01.24 20:25:48 | 002,294,376 | ---- | C] () -- C:\Users\urflamingo\BlogPimp-GridEasy-Designhilfe-1.1.psd
[2011.01.10 23:45:09 | 000,000,096 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\ptvice.bat
[2011.01.10 14:23:27 | 000,023,843 | ---- | C] () -- C:\Users\urflamingo\screenshot.png
[2011.01.10 14:23:27 | 000,000,536 | ---- | C] () -- C:\Users\urflamingo\style.css
[2011.01.10 14:23:23 | 000,005,098 | ---- | C] () -- C:\Users\urflamingo\comments.php
[2011.01.10 14:23:23 | 000,000,360 | ---- | C] () -- C:\Users\urflamingo\custom.css
[2011.01.10 14:23:23 | 000,000,264 | ---- | C] () -- C:\Users\urflamingo\header.php
[2011.01.10 14:23:23 | 000,000,163 | ---- | C] () -- C:\Users\urflamingo\index.php
[2011.01.10 14:23:23 | 000,000,138 | ---- | C] () -- C:\Users\urflamingo\functions.php
[2011.01.10 14:23:23 | 000,000,110 | ---- | C] () -- C:\Users\urflamingo\footer.php
[2010.12.13 23:48:17 | 000,014,882 | ---- | C] () -- C:\ProgramData\HelpGuide.html
[2010.12.13 23:48:17 | 000,004,411 | ---- | C] () -- C:\ProgramData\facebook-logo.png
[2010.12.13 23:48:17 | 000,002,137 | ---- | C] () -- C:\ProgramData\facebook-icon.png
[2010.11.21 11:15:57 | 000,023,888 | ---- | C] () -- C:\Users\urflamingo\AppData\Roaming\UserTile.png
[2010.11.07 18:47:13 | 000,086,016 | ---- | C] () -- C:\Users\urflamingo\Neugierig.camrec
[2010.10.31 16:57:46 | 002,785,494 | ---- | C] () -- C:\Users\urflamingo\.websiteauditor.properties
[2010.10.31 16:44:25 | 000,453,954 | ---- | C] () -- C:\Users\urflamingo\.linkassistant.properties
[2010.10.25 16:34:27 | 000,411,904 | ---- | C] () -- C:\Users\urflamingo\.ranktracker.properties
[2010.10.25 11:53:34 | 000,511,426 | ---- | C] () -- C:\Users\urflamingo\.spyglass.properties
[2010.06.27 19:33:37 | 000,007,592 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\d3d9caps.dat
[2010.04.13 11:20:40 | 1088,888,832 | ---- | C] () -- C:\Users\urflamingo\Cwolpersweb ME u.a..camrec
[2010.03.01 20:26:09 | 000,047,104 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\WebpageIcons.db
[2010.02.06 18:03:55 | 000,001,028 | ---- | C] () -- C:\Users\urflamingo\AppData\Roaming\WavCodec.wff
[2009.11.19 14:09:32 | 000,017,896 | ---- | C] () -- C:\Users\urflamingo\Akquisitionsseminar.pdf
[2009.09.20 09:27:40 | 000,000,132 | ---- | C] () -- C:\Users\urflamingo\AppData\Roaming\wklnhst.dat
[2009.08.31 14:13:31 | 000,000,094 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\mlrjpwnu.bat
[2009.08.13 10:31:48 | 000,143,914 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.13 08:14:50 | 000,143,914 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.04 22:22:34 | 000,073,728 | ---- | C] () -- C:\Users\urflamingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< c:\users\urflamingo\AppData\Roaming\*. >
[2010.08.24 10:32:56 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Acer
[2008.07.30 03:10:28 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Acer GameZone Console
[2012.02.09 17:27:39 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Adobe
[2010.11.08 22:42:49 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\AnvSoft
[2010.09.30 18:27:01 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Apple Computer
[2012.12.06 18:36:36 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\APP_NAME_NON_STRING
[2010.11.30 19:41:39 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\ArcSoft
[2010.03.25 17:23:51 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Artisteer
[2013.01.22 23:10:19 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Audacity
[2010.11.12 21:07:25 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Audio Record Edit Toolbox
[2009.08.17 12:09:52 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Avanquest
[2013.01.18 14:58:37 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\AVS4YOU
[2011.06.29 20:27:08 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Buhl Data Service
[2010.02.09 21:53:06 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\CD-DVD Druckerei 7
[2012.01.06 12:02:11 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\CherryPickerLive
[2010.02.11 18:18:32 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\ColorSchemer
[2013.01.30 16:46:54 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Corel
[2008.10.05 20:23:29 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\CyberLink
[2011.02.10 23:13:03 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Desktop Apps
[2010.10.23 14:58:07 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\dimdim
[2012.12.26 20:40:31 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\DivX
[2010.05.05 16:24:20 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011.03.19 19:43:57 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Downloaded Installations
[2013.02.07 00:08:44 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Dropbox
[2013.01.30 23:18:50 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\DSite
[2010.10.15 20:09:48 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Duybci
[2011.12.31 18:28:17 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\DVDVideoSoft
[2010.02.15 18:25:51 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\elsterformular
[2008.10.04 17:50:10 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\eSobi
[2010.10.20 15:52:13 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\eXPert PDF 5
[2010.02.16 12:13:16 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\eXPert PDF Editor
[2012.12.13 16:08:53 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\ffDiaporama
[2013.02.04 13:40:49 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\FileZilla
[2009.11.19 13:24:13 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Firelab
[2011.04.04 11:31:13 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\founder.de Website Booster
[2009.12.01 11:26:43 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\GetRightToGo
[2008.10.04 15:36:22 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Google
[2011.12.21 01:00:29 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\gtk-2.0
[2011.03.31 17:35:09 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Gutscheinmieze
[2011.03.08 22:16:22 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\HandBrake
[2009.11.18 19:40:43 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Hemera
[2009.10.07 10:10:06 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\HP
[2009.10.18 22:03:37 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\HTML Executable
[2008.10.04 15:10:48 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Identities
[2010.03.09 23:44:56 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\IDMComp
[2008.10.09 14:03:33 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\InstallShield
[2010.12.11 09:40:58 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Leawo
[2012.01.08 18:36:16 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\LogoMaker
[2008.10.04 15:11:16 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Macromedia
[2012.12.14 17:27:38 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\MAGIX
[2013.02.06 21:56:49 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Malwarebytes
[2013.01.13 18:05:27 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010.03.15 15:48:15 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\MatchWare
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Media Center Programs
[2010.12.11 02:31:51 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\mediAvatar
[2013.01.03 00:24:35 | 000,000,000 | --SD | M] -- c:\users\urflamingo\AppData\Roaming\Microsoft
[2010.11.19 02:20:14 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\mirabyte
[2008.10.13 15:50:38 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Mozilla
[2012.12.18 13:44:28 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\NCH Software
[2010.11.09 15:36:15 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\NCH Swift Sound
[2011.03.10 14:43:14 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Nitro PDF
[2011.03.05 00:26:03 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Notepad++
[2010.04.27 10:25:30 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Nvu
[2009.08.01 19:13:50 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\OpenOffice.org
[2011.04.18 11:31:46 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Opera
[2010.10.15 11:57:41 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Orqu
[2013.02.08 18:08:38 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\PDF Software
[2010.11.21 11:15:56 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\PeerNetworking
[2012.01.20 13:05:21 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\PhoenixLabs
[2013.01.03 01:08:05 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\proDAD
[2010.02.09 21:58:31 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\ProtectDisc
[2010.03.11 22:56:44 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Publish Providers
[2012.12.28 22:30:51 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\QTIndexSwapper
[2010.02.05 13:49:55 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Recordpad
[2009.08.24 01:34:31 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\ScreeNet iSaver
[2010.05.06 20:14:23 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\SmartDraw
[2012.01.08 08:40:36 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\SocialMediaManager
[2012.12.14 16:11:32 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\SoftMaker
[2010.10.24 20:16:42 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Software Informer
[2010.12.28 14:54:53 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Sony
[2013.01.14 00:33:38 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\SuperMailer
[2010.04.21 16:26:01 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\TechSmith
[2009.09.20 09:27:39 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Template
[2012.12.13 21:08:08 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Titler
[2013.01.17 15:49:50 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Ulead Systems
[2012.12.26 20:39:47 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Uniblue
[2013.02.05 18:11:35 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\vlc
[2009.12.17 23:44:10 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\WinRAR
[2012.01.08 16:34:02 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\Xilisoft
[2011.01.20 10:17:32 | 000,000,000 | ---D | M] -- c:\users\urflamingo\AppData\Roaming\XnView
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\urflamingo\Documents\Jazz on the Sea.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\urflamingo\Documents\Capture3.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\urflamingo\Documents\Capture2.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\urflamingo\Documents\Capture1.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\urflamingo\Documents\Capture.wav:TOC.WMV

< End of report >
--- --- ---


Gruß urflamingo
Alt 09.02.2013, 11:50   #6
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Servus,


jetzt könnte es etwas knifflig werden, da ich in der Logdatei nichts sehe, das für die Blockade verantwortlich sein könnte.

Führe bitte die folgenden Schritte im abgesicherten Modus aus:




Schritt 1
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).







Schritt 2
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von aswMBR,
  • die Logdatei von TDSS Killer.
Alt 09.02.2013, 13:00   #7
urflamingo
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Hallo Matthias,

beim letzten "Normalstart-Versuch" kam ich zum 1. Mal einen Schritt weiter. Nach dem Willkommens-Bildschirm öffnete sich das Desktop-Bild mit den positionierten Programmen. Dort war allerdings dann Schluss. Dort hat sich der PC dann wieder aufgehängt.

Hier nun zu Schritt 1
die aswMBR.txt

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-09 12:39:32
-----------------------------
12:39:32.411 OS Version: Windows 6.0.6002 Service Pack 2
12:39:32.411 Number of processors: 2 586 0x1706
12:39:32.411 ComputerName: MM-PC UserName:
12:39:33.331 Initialize success
12:41:02.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:41:02.829 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
12:41:02.829 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:41:02.844 Disk 1 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
12:41:02.891 Disk 0 MBR read successfully
12:41:02.891 Disk 0 MBR scan
12:41:02.891 Disk 0 unknown MBR code
12:41:02.907 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
12:41:02.922 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147501 MB offset 20973568
12:41:02.938 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143872 MB offset 323055616
12:41:02.969 Disk 0 Partition 4 00 12 Compaq diag NTFS 3630 MB offset 617705472
12:41:02.985 Disk 0 scanning sectors +625139712
12:41:03.031 Disk 0 scanning C:\Windows\system32\drivers
12:41:11.346 Service scanning
12:41:30.300 Modules scanning
12:41:33.639 Disk 0 trace - called modules:
12:41:33.654 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:41:33.654 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bfd2a8]
12:41:33.670 3 CLASSPNP.SYS[8b1d28b3] -> nt!IofCallDriver -> [0x853a02d8]
12:41:33.685 5 acpi.sys[82e9c6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d71028]
12:41:33.685 Scan finished successfully
12:42:28.207 Disk 0 MBR has been saved successfully to "D:\MBR.dat"
12:42:28.207 The log file has been saved successfully to "D:\aswMBR.txt"

Und zu Schritt 2
die TDSSKiller....log.txt

12:43:38.0829 2152 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:43:39.0765 2152 ============================================================
12:43:39.0765 2152 Current date / time: 2013/02/09 12:43:39.0765
12:43:39.0765 2152 SystemInfo:
12:43:39.0765 2152
12:43:39.0765 2152 OS Version: 6.0.6002 ServicePack: 2.0
12:43:39.0765 2152 Product type: Workstation
12:43:39.0765 2152 ComputerName: MM-PC
12:43:39.0765 2152 UserName: urflamingo
12:43:39.0765 2152 Windows directory: C:\Windows
12:43:39.0765 2152 System windows directory: C:\Windows
12:43:39.0765 2152 Processor architecture: Intel x86
12:43:39.0765 2152 Number of processors: 2
12:43:39.0765 2152 Page size: 0x1000
12:43:39.0765 2152 Boot type: Safe boot with network
12:43:39.0765 2152 ============================================================
12:43:40.0326 2152 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:43:40.0685 2152 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:43:40.0732 2152 Drive \Device\Harddisk2\DR2 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:43:40.0732 2152 ============================================================
12:43:40.0732 2152 \Device\Harddisk0\DR0:
12:43:40.0732 2152 MBR partitions:
12:43:40.0732 2152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800
12:43:40.0732 2152 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x11900000
12:43:40.0732 2152 \Device\Harddisk1\DR1:
12:43:40.0763 2152 MBR partitions:
12:43:40.0763 2152 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x165B59F5
12:43:40.0763 2152 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x165B5A3B, BlocksNum 0x774D8A4
12:43:40.0810 2152 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x1DD0331E, BlocksNum 0x772A3A3
12:43:40.0810 2152 \Device\Harddisk2\DR2:
12:43:40.0810 2152 MBR partitions:
12:43:40.0810 2152 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
12:43:40.0810 2152 ============================================================
12:43:40.0888 2152 C: <-> \Device\Harddisk0\DR0\Partition1
12:43:40.0919 2152 D: <-> \Device\Harddisk1\DR1\Partition1
12:43:40.0981 2152 E: <-> \Device\Harddisk0\DR0\Partition2
12:43:40.0981 2152 J: <-> \Device\Harddisk1\DR1\Partition3
12:43:41.0013 2152 H: <-> \Device\Harddisk1\DR1\Partition2
12:43:41.0013 2152 ============================================================
12:43:41.0013 2152 Initialize success
12:43:41.0013 2152 ============================================================
12:44:25.0332 4068 ============================================================
12:44:25.0332 4068 Scan started
12:44:25.0332 4068 Mode: Manual;
12:44:25.0332 4068 ============================================================
12:44:26.0065 4068 ================ Scan system memory ========================
12:44:26.0065 4068 System memory - ok
12:44:26.0065 4068 ================ Scan services =============================
12:44:26.0237 4068 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:44:26.0237 4068 ACDaemon - ok
12:44:26.0409 4068 [ A6FE70357A68AD1E279CD1012419CCE6 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
12:44:26.0409 4068 acedrv11 - ok
12:44:26.0455 4068 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:44:26.0455 4068 ACPI - ok
12:44:26.0533 4068 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:44:26.0533 4068 AdobeARMservice - ok
12:44:26.0611 4068 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:44:26.0611 4068 AdobeFlashPlayerUpdateSvc - ok
12:44:26.0658 4068 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:44:26.0674 4068 adp94xx - ok
12:44:26.0721 4068 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:44:26.0721 4068 adpahci - ok
12:44:26.0752 4068 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:44:26.0752 4068 adpu160m - ok
12:44:26.0767 4068 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:44:26.0767 4068 adpu320 - ok
12:44:26.0814 4068 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:44:26.0814 4068 AeLookupSvc - ok
12:44:26.0877 4068 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys
12:44:26.0877 4068 Afc - ok
12:44:26.0939 4068 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
12:44:26.0939 4068 AFD - ok
12:44:26.0986 4068 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:44:26.0986 4068 agp440 - ok
12:44:27.0017 4068 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:44:27.0017 4068 aic78xx - ok
12:44:27.0064 4068 [ 4490B8BDF38750458EB9B24835FDA8FE ] AlfaFF C:\Windows\system32\Drivers\AlfaFF.sys
12:44:27.0064 4068 AlfaFF - ok
12:44:27.0142 4068 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
12:44:27.0142 4068 ALG - ok
12:44:27.0173 4068 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
12:44:27.0173 4068 aliide - ok
12:44:27.0189 4068 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:44:27.0189 4068 amdagp - ok
12:44:27.0204 4068 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
12:44:27.0204 4068 amdide - ok
12:44:27.0251 4068 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:44:27.0251 4068 AmdK7 - ok
12:44:27.0267 4068 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:44:27.0267 4068 AmdK8 - ok
12:44:27.0298 4068 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
12:44:27.0298 4068 Appinfo - ok
12:44:27.0329 4068 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
12:44:27.0329 4068 arc - ok
12:44:27.0376 4068 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:44:27.0376 4068 arcsas - ok
12:44:27.0532 4068 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:44:27.0610 4068 aspnet_state - ok
12:44:27.0641 4068 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:44:27.0641 4068 AsyncMac - ok
12:44:27.0657 4068 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
12:44:27.0657 4068 atapi - ok
12:44:27.0719 4068 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:44:27.0719 4068 AudioEndpointBuilder - ok
12:44:27.0735 4068 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:44:27.0735 4068 Audiosrv - ok
12:44:27.0781 4068 [ 740970262714E0575F23A917A2A53A31 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
12:44:27.0781 4068 avgtp - ok
12:44:27.0859 4068 [ 9BD46C1D2F33A890B7226EDF543F18AA ] AVM WLAN Connection Service C:\Program Files\avmwlanstick\WlanNetService.exe
12:44:27.0859 4068 AVM WLAN Connection Service - ok
12:44:27.0922 4068 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\Windows\system32\drivers\avmeject.sys
12:44:27.0922 4068 avmeject - ok
12:44:27.0984 4068 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
12:44:28.0000 4068 Beep - ok
12:44:28.0047 4068 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
12:44:28.0078 4068 BFE - ok
12:44:28.0109 4068 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
12:44:28.0296 4068 BITS - ok
12:44:28.0343 4068 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:44:28.0343 4068 blbdrive - ok
12:44:28.0405 4068 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:44:28.0421 4068 Bonjour Service - ok
12:44:28.0452 4068 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:44:28.0452 4068 bowser - ok
12:44:28.0499 4068 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:44:28.0499 4068 BrFiltLo - ok
12:44:28.0530 4068 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:44:28.0530 4068 BrFiltUp - ok
12:44:28.0561 4068 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
12:44:28.0561 4068 Browser - ok
12:44:28.0577 4068 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:44:28.0577 4068 Brserid - ok
12:44:28.0624 4068 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:44:28.0624 4068 BrSerWdm - ok
12:44:28.0655 4068 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:44:28.0655 4068 BrUsbMdm - ok
12:44:28.0686 4068 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:44:28.0686 4068 BrUsbSer - ok
12:44:28.0702 4068 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:44:28.0702 4068 BTHMODEM - ok
12:44:28.0764 4068 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
12:44:28.0764 4068 BUNAgentSvc - ok
12:44:28.0780 4068 catchme - ok
12:44:28.0795 4068 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:44:28.0795 4068 cdfs - ok
12:44:28.0842 4068 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:44:28.0842 4068 cdrom - ok
12:44:28.0905 4068 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
12:44:28.0905 4068 CertPropSvc - ok
12:44:28.0951 4068 [ 67B20DA4727F54AEA29FDDAD810C898D ] cfwids C:\Windows\system32\drivers\cfwids.sys
12:44:28.0951 4068 cfwids - ok
12:44:28.0967 4068 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:44:28.0967 4068 circlass - ok
12:44:28.0998 4068 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
12:44:28.0998 4068 CLFS - ok
12:44:29.0076 4068 [ 5CA9B1062C0C3E3AE19C23AD9D8A5048 ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
12:44:29.0076 4068 CLHNService - ok
12:44:29.0154 4068 [ 34E7BE3042F7905D5582E0C666205202 ] CloudBerry Backup Service C:\Program Files\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe
12:44:29.0154 4068 CloudBerry Backup Service - ok
12:44:29.0201 4068 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:44:29.0248 4068 clr_optimization_v2.0.50727_32 - ok
12:44:29.0295 4068 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:44:29.0419 4068 clr_optimization_v4.0.30319_32 - ok
12:44:29.0466 4068 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:44:29.0466 4068 CmBatt - ok
12:44:29.0497 4068 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:44:29.0497 4068 cmdide - ok
12:44:29.0513 4068 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:44:29.0513 4068 Compbatt - ok
12:44:29.0529 4068 COMSysApp - ok
12:44:29.0591 4068 [ 5E39149218CF703B8FD2E1854A4CEDE7 ] CorelCreatorMessages C:\Windows\system32\CorelCreatorMessages.exe
12:44:29.0591 4068 CorelCreatorMessages - ok
12:44:29.0763 4068 cpuz132 - ok
12:44:29.0778 4068 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:44:29.0778 4068 crcdisk - ok
12:44:29.0809 4068 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:44:29.0809 4068 Crusoe - ok
12:44:29.0872 4068 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:44:29.0872 4068 CryptSvc - ok
12:44:29.0950 4068 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:44:29.0997 4068 DcomLaunch - ok
12:44:30.0043 4068 [ 699EF0FD9AE72B7F5AD756E382C73E0E ] dfmirage C:\Windows\system32\DRIVERS\dfmirage.sys
12:44:30.0043 4068 dfmirage - ok
12:44:30.0059 4068 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:44:30.0059 4068 DfsC - ok
12:44:30.0153 4068 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
12:44:30.0215 4068 DFSR - ok
12:44:30.0277 4068 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:44:30.0277 4068 Dhcp - ok
12:44:30.0324 4068 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
12:44:30.0324 4068 disk - ok
12:44:30.0355 4068 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
12:44:30.0355 4068 DKbFltr - ok
12:44:30.0387 4068 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:44:30.0387 4068 Dnscache - ok
12:44:30.0433 4068 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:44:30.0433 4068 dot3svc - ok
12:44:30.0465 4068 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
12:44:30.0465 4068 Dot4 - ok
12:44:30.0480 4068 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:44:30.0480 4068 Dot4Print - ok
12:44:30.0480 4068 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
12:44:30.0496 4068 dot4usb - ok
12:44:30.0527 4068 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
12:44:30.0527 4068 DPS - ok
12:44:30.0574 4068 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:44:30.0574 4068 drmkaud - ok
12:44:30.0621 4068 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:44:30.0636 4068 DXGKrnl - ok
12:44:30.0667 4068 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:44:30.0667 4068 E1G60 - ok
12:44:30.0730 4068 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
12:44:30.0730 4068 EapHost - ok
12:44:30.0792 4068 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
12:44:30.0792 4068 Ecache - ok
12:44:30.0901 4068 [ 2CE2DDCB1A41ED4488A2A8B98D286B3D ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
12:44:30.0917 4068 eDataSecurity Service - ok
12:44:30.0948 4068 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:44:30.0964 4068 ehRecvr - ok
12:44:30.0964 4068 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
12:44:30.0979 4068 ehSched - ok
12:44:30.0979 4068 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
12:44:30.0979 4068 ehstart - ok
12:44:31.0042 4068 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:44:31.0042 4068 elxstor - ok
12:44:31.0104 4068 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:44:31.0135 4068 EMDMgmt - ok
12:44:31.0167 4068 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:44:31.0167 4068 ErrDev - ok
12:44:31.0229 4068 [ 27D2754314D12EB27D81D462FD0D86C0 ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
12:44:31.0229 4068 ETService - ok
12:44:31.0276 4068 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
12:44:31.0291 4068 EventSystem - ok
12:44:31.0323 4068 [ 82E7EB9F12321052CD9A904B13724EE2 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
12:44:31.0323 4068 ewusbnet - ok
12:44:31.0385 4068 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
12:44:31.0385 4068 exfat - ok
12:44:31.0447 4068 Fabs - ok
12:44:31.0494 4068 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:44:31.0494 4068 fastfat - ok
12:44:31.0541 4068 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:44:31.0557 4068 fdc - ok
12:44:31.0603 4068 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
12:44:31.0603 4068 fdPHost - ok
12:44:31.0603 4068 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:44:31.0619 4068 FDResPub - ok
12:44:31.0619 4068 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:44:31.0619 4068 FileInfo - ok
12:44:31.0650 4068 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:44:31.0650 4068 Filetrace - ok
12:44:31.0744 4068 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
12:44:31.0806 4068 FirebirdServerMAGIXInstance - ok
12:44:31.0822 4068 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:44:31.0822 4068 flpydisk - ok
12:44:31.0869 4068 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:44:31.0869 4068 FltMgr - ok
12:44:31.0915 4068 [ 27C75AC6D6FC808D8244D9C9CEA681D1 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
12:44:31.0915 4068 fltsrv - ok
12:44:31.0993 4068 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
12:44:32.0025 4068 FontCache - ok
12:44:32.0071 4068 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:44:32.0071 4068 FontCache3.0.0.0 - ok
12:44:32.0103 4068 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:44:32.0103 4068 Fs_Rec - ok
12:44:32.0165 4068 [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
12:44:32.0165 4068 FWLANUSB - ok
12:44:32.0212 4068 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:44:32.0212 4068 gagp30kx - ok
12:44:32.0259 4068 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
12:44:32.0290 4068 gpsvc - ok
12:44:32.0368 4068 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca6630c49e7455 C:\Program Files\Google\Update\GoogleUpdate.exe
12:44:32.0368 4068 gupdate1ca6630c49e7455 - ok
12:44:32.0368 4068 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:44:32.0383 4068 gupdatem - ok
12:44:32.0446 4068 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:44:32.0461 4068 gusvc - ok
12:44:32.0508 4068 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:44:32.0508 4068 HdAudAddService - ok
12:44:32.0571 4068 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:44:32.0571 4068 HDAudBus - ok
12:44:32.0586 4068 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:44:32.0602 4068 HidBth - ok
12:44:32.0617 4068 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:44:32.0617 4068 HidIr - ok
12:44:32.0649 4068 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
12:44:32.0649 4068 hidserv - ok
12:44:32.0680 4068 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:44:32.0680 4068 HidUsb - ok
12:44:32.0758 4068 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
12:44:32.0758 4068 HipShieldK - ok
12:44:32.0805 4068 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:44:32.0805 4068 hkmsvc - ok
12:44:32.0820 4068 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:44:32.0820 4068 HpCISSs - ok
12:44:32.0945 4068 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:44:32.0961 4068 hpqcxs08 - ok
12:44:33.0007 4068 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:44:33.0007 4068 hpqddsvc - ok
12:44:33.0070 4068 [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
12:44:33.0101 4068 HPSLPSVC - ok
12:44:33.0163 4068 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:44:33.0163 4068 HSFHWAZL - ok
12:44:33.0226 4068 [ FADD7095163CB3CB4073793EBB50FE75 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:44:33.0241 4068 HSF_DPV - ok
12:44:33.0288 4068 [ 058783BEDD17615D1FECE09F77960436 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:44:33.0288 4068 HSXHWAZL - ok
12:44:33.0335 4068 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:44:33.0335 4068 HTTP - ok
12:44:33.0397 4068 [ 348C3A9D01E68A0222A246346924AA55 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:44:33.0397 4068 hwdatacard - ok
12:44:33.0429 4068 [ 460B1945C3E6B0419A76E1B507B90B71 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
12:44:33.0429 4068 hwusbdev - ok
12:44:33.0460 4068 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:44:33.0460 4068 i2omp - ok
12:44:33.0522 4068 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:44:33.0522 4068 i8042prt - ok
12:44:33.0600 4068 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:44:33.0616 4068 IAANTMON - ok
12:44:33.0663 4068 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:44:33.0663 4068 iaStor - ok
12:44:33.0678 4068 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:44:33.0694 4068 iaStorV - ok
12:44:33.0772 4068 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:44:33.0787 4068 idsvc - ok
12:44:33.0897 4068 [ 33FFC1E1117C4BE00A07AEDD72AE68B1 ] IGBASVC C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
12:44:33.0975 4068 IGBASVC - ok
12:44:34.0006 4068 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:44:34.0006 4068 iirsp - ok
12:44:34.0053 4068 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
12:44:34.0068 4068 IKEEXT - ok
12:44:34.0115 4068 [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15 C:\Windows\system32\drivers\int15.sys
12:44:34.0115 4068 int15 - ok
12:44:34.0209 4068 [ 219CA9A36D6DE2EC04F958C907673436 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:44:34.0240 4068 IntcAzAudAddService - ok
12:44:34.0287 4068 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
12:44:34.0287 4068 intelide - ok
12:44:34.0302 4068 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:44:34.0302 4068 intelppm - ok
12:44:34.0318 4068 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:44:34.0318 4068 IPBusEnum - ok
12:44:34.0333 4068 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:44:34.0333 4068 IpFilterDriver - ok
12:44:34.0349 4068 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:44:34.0365 4068 iphlpsvc - ok
12:44:34.0365 4068 IpInIp - ok
12:44:34.0396 4068 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:44:34.0396 4068 IPMIDRV - ok
12:44:34.0411 4068 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:44:34.0411 4068 IPNAT - ok
12:44:34.0427 4068 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:44:34.0427 4068 IRENUM - ok
12:44:34.0443 4068 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:44:34.0443 4068 isapnp - ok
12:44:34.0505 4068 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:44:34.0505 4068 iScsiPrt - ok
12:44:34.0521 4068 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:44:34.0521 4068 iteatapi - ok
12:44:34.0552 4068 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:44:34.0552 4068 iteraid - ok
12:44:34.0583 4068 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:44:34.0583 4068 kbdclass - ok
12:44:34.0599 4068 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:44:34.0599 4068 kbdhid - ok
12:44:34.0645 4068 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
12:44:34.0645 4068 KeyIso - ok
12:44:34.0677 4068 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:44:34.0692 4068 KSecDD - ok
12:44:34.0755 4068 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:44:34.0755 4068 KtmRm - ok
12:44:34.0786 4068 [ 86D7F66AC2C0123ED81B2F3E835845C2 ] L1E C:\Windows\system32\DRIVERS\L1E60x86.sys
12:44:34.0786 4068 L1E - ok
12:44:34.0817 4068 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
12:44:34.0864 4068 LanmanServer - ok
12:44:34.0911 4068 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:44:34.0911 4068 LightScribeService - ok
12:44:34.0911 4068 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:44:34.0911 4068 lltdio - ok
12:44:34.0957 4068 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:44:34.0957 4068 lltdsvc - ok
12:44:34.0973 4068 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:44:34.0973 4068 lmhosts - ok
12:44:35.0004 4068 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:44:35.0004 4068 LSI_FC - ok
12:44:35.0020 4068 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:44:35.0020 4068 LSI_SAS - ok
12:44:35.0067 4068 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:44:35.0067 4068 LSI_SCSI - ok
12:44:35.0098 4068 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
12:44:35.0098 4068 luafv - ok
12:44:35.0129 4068 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:44:35.0129 4068 MBAMProtector - ok
12:44:35.0191 4068 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:44:35.0207 4068 MBAMScheduler - ok
12:44:35.0238 4068 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:44:35.0254 4068 MBAMService - ok
12:44:35.0347 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
12:44:35.0347 4068 McAfee SiteAdvisor Service - ok
12:44:35.0472 4068 [ C58F15CD4EF79210455512CF0C449F39 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe
12:44:35.0488 4068 McComponentHostService - ok
12:44:35.0488 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
12:44:35.0488 4068 McMPFSvc - ok
12:44:35.0488 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
12:44:35.0488 4068 mcmscsvc - ok
12:44:35.0503 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
12:44:35.0503 4068 McNaiAnn - ok
12:44:35.0535 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
12:44:35.0535 4068 McNASvc - ok
12:44:35.0644 4068 [ C7DA06C9A9AEEFBE37AAC281EA6385D5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
12:44:35.0644 4068 McODS - ok
12:44:35.0644 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
12:44:35.0644 4068 McProxy - ok
12:44:35.0691 4068 [ E2E5B3BE663570089F352D311B3D335F ] McPvDrv C:\Windows\system32\drivers\McPvDrv.sys
12:44:35.0691 4068 McPvDrv - ok
12:44:35.0722 4068 [ 6C2D89C52DA8592C57FB0DC7BAB36FF7 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:44:35.0737 4068 McShield - ok
12:44:35.0769 4068 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:44:35.0769 4068 Mcx2Svc - ok
12:44:35.0815 4068 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:44:35.0815 4068 mdmxsdk - ok
12:44:35.0878 4068 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
12:44:35.0878 4068 megasas - ok
12:44:35.0909 4068 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
12:44:35.0925 4068 MegaSR - ok
12:44:35.0956 4068 [ BA3004F4C0A0CD19DB9C2C0AB3A84EFE ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
12:44:35.0956 4068 mfeapfk - ok
12:44:35.0987 4068 [ 39C20B7D9AC19BFE616CA09DD3A240AF ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
12:44:35.0987 4068 mfeavfk - ok
12:44:36.0003 4068 [ E3470DECDA0A4015A0CA00ED645F2EBE ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
12:44:36.0003 4068 mfebopk - ok
12:44:36.0034 4068 [ 4E13EA496E202BCB4FCC342D96FAF83A ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:44:36.0049 4068 mfefire - ok
12:44:36.0081 4068 [ C8AC8147E02ED8795E1FD946165BACCF ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
12:44:36.0081 4068 mfefirek - ok
12:44:36.0127 4068 [ 7AAF92954D8D2801B17A1163C60ABFE9 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
12:44:36.0127 4068 mfehidk - ok
12:44:36.0159 4068 [ 62D55D882D58A1250348F324BC0AFC06 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
12:44:36.0174 4068 mferkdet - ok
12:44:36.0205 4068 [ 82B7415D5A8FB24D3F6736400F5E1600 ] mfevtp C:\Windows\system32\mfevtps.exe
12:44:36.0205 4068 mfevtp - ok
12:44:36.0221 4068 [ 15F92BCD5CB189F5CC7D2F2381F179AC ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
12:44:36.0221 4068 mfewfpk - ok
12:44:36.0268 4068 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
12:44:36.0268 4068 MMCSS - ok
12:44:36.0299 4068 MobilityService - ok
12:44:36.0330 4068 [ 35176FA09A0FC58DB630991A81A0BA39 ] MOBKbackup C:\Program Files\McAfee Online Backup\MOBKbackup.exe
12:44:36.0330 4068 MOBKbackup - ok
12:44:36.0361 4068 [ E896775837A8BCE436348DF460522394 ] MOBKFilter C:\Windows\system32\DRIVERS\MOBK.sys
12:44:36.0361 4068 MOBKFilter - ok
12:44:36.0393 4068 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
12:44:36.0393 4068 Modem - ok
12:44:36.0408 4068 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:44:36.0408 4068 monitor - ok
12:44:36.0424 4068 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:44:36.0424 4068 mouclass - ok
12:44:36.0439 4068 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:44:36.0439 4068 mouhid - ok
12:44:36.0455 4068 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:44:36.0455 4068 MountMgr - ok
12:44:36.0549 4068 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:44:36.0549 4068 MozillaMaintenance - ok
12:44:36.0564 4068 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
12:44:36.0564 4068 mpio - ok
12:44:36.0580 4068 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:44:36.0580 4068 mpsdrv - ok
12:44:36.0627 4068 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
12:44:36.0627 4068 MpsSvc - ok
12:44:36.0673 4068 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:44:36.0673 4068 Mraid35x - ok
12:44:36.0689 4068 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:44:36.0689 4068 MRxDAV - ok
12:44:36.0705 4068 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:44:36.0705 4068 mrxsmb - ok
12:44:36.0751 4068 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:44:36.0751 4068 mrxsmb10 - ok
12:44:36.0767 4068 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:44:36.0767 4068 mrxsmb20 - ok
12:44:36.0783 4068 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
12:44:36.0783 4068 msahci - ok
12:44:36.0814 4068 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:44:36.0814 4068 msdsm - ok
12:44:36.0861 4068 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
12:44:36.0861 4068 MSDTC - ok
12:44:36.0876 4068 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:44:36.0876 4068 Msfs - ok
12:44:36.0892 4068 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:44:36.0892 4068 msisadrv - ok
12:44:36.0923 4068 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:44:36.0923 4068 MSiSCSI - ok
12:44:36.0923 4068 msiserver - ok
12:44:36.0954 4068 [ ECAB006AC6136F1307E140B633CDB8C2 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
12:44:36.0954 4068 MSK80Service - ok
12:44:36.0970 4068 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:44:36.0970 4068 MSKSSRV - ok
12:44:36.0985 4068 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:44:36.0985 4068 MSPCLOCK - ok
12:44:36.0985 4068 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:44:36.0985 4068 MSPQM - ok
12:44:37.0032 4068 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:44:37.0032 4068 MsRPC - ok
12:44:37.0048 4068 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:44:37.0048 4068 mssmbios - ok
12:44:37.0063 4068 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:44:37.0079 4068 MSTEE - ok
12:44:37.0110 4068 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
12:44:37.0110 4068 Mup - ok
12:44:37.0188 4068 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
12:44:37.0204 4068 napagent - ok
12:44:37.0235 4068 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:44:37.0235 4068 NativeWifiP - ok
12:44:37.0344 4068 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
12:44:37.0360 4068 NAUpdate - ok
12:44:37.0407 4068 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:44:37.0422 4068 NDIS - ok
12:44:37.0453 4068 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:44:37.0453 4068 NdisTapi - ok
12:44:37.0469 4068 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:44:37.0469 4068 Ndisuio - ok
12:44:37.0500 4068 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:44:37.0500 4068 NdisWan - ok
12:44:37.0516 4068 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:44:37.0516 4068 NDProxy - ok
12:44:37.0563 4068 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:44:37.0563 4068 Net Driver HPZ12 - ok
12:44:37.0578 4068 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:44:37.0578 4068 NetBIOS - ok
12:44:37.0609 4068 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:44:37.0609 4068 netbt - ok
12:44:37.0625 4068 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
12:44:37.0625 4068 Netlogon - ok
12:44:37.0687 4068 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
12:44:37.0687 4068 Netman - ok
12:44:37.0765 4068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:44:37.0828 4068 NetMsmqActivator - ok
12:44:37.0828 4068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:44:37.0828 4068 NetPipeActivator - ok
12:44:37.0843 4068 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
12:44:37.0859 4068 netprofm - ok
12:44:37.0875 4068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:44:37.0875 4068 NetTcpActivator - ok
12:44:37.0890 4068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:44:37.0890 4068 NetTcpPortSharing - ok
12:44:37.0999 4068 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
12:44:38.0015 4068 NETw5v32 - ok
12:44:38.0031 4068 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:44:38.0031 4068 nfrd960 - ok
12:44:38.0062 4068 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:44:38.0062 4068 NlaSvc - ok
12:44:38.0109 4068 [ F01C0516A88FFC54D891475947B96A7A ] nlsX86cc C:\Windows\system32\NLSSRV32.EXE
12:44:38.0124 4068 nlsX86cc - ok
12:44:38.0155 4068 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:44:38.0155 4068 Npfs - ok
12:44:38.0187 4068 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
12:44:38.0187 4068 nsi - ok
12:44:38.0202 4068 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:44:38.0202 4068 nsiproxy - ok
12:44:38.0249 4068 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:44:38.0280 4068 Ntfs - ok
12:44:38.0327 4068 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
12:44:38.0327 4068 NTIBackupSvc - ok
12:44:38.0374 4068 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
12:44:38.0374 4068 NTIDrvr - ok
12:44:38.0467 4068 [ 547BFA3591C70674B0BFC99354AB78B3 ] NTIPPKernel C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
12:44:38.0467 4068 NTIPPKernel - ok
12:44:38.0499 4068 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
12:44:38.0499 4068 NTISchedulerSvc - ok
12:44:38.0530 4068 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:44:38.0530 4068 ntrigdigi - ok
12:44:38.0545 4068 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
12:44:38.0545 4068 Null - ok
12:44:38.0577 4068 [ 2C7AC27710E8D41C1EB7D1599187D237 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
12:44:38.0577 4068 NVHDA - ok
12:44:38.0748 4068 [ CB0D6F8F65B8766FF2AAAA78881FD9F8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:44:38.0889 4068 nvlddmkm - ok
12:44:38.0935 4068 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:44:38.0935 4068 nvraid - ok
12:44:38.0967 4068 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:44:38.0967 4068 nvstor - ok
12:44:38.0998 4068 [ 15315BB51E9025FE41B482681C6E7BA2 ] nvsvc C:\Windows\system32\nvvsvc.exe
12:44:38.0998 4068 nvsvc - ok
12:44:39.0029 4068 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:44:39.0029 4068 nv_agp - ok
12:44:39.0029 4068 NwlnkFlt - ok
12:44:39.0029 4068 NwlnkFwd - ok
12:44:39.0076 4068 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:44:39.0076 4068 ohci1394 - ok
12:44:39.0138 4068 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:44:39.0154 4068 ose - ok
12:44:39.0201 4068 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:44:39.0216 4068 p2pimsvc - ok
12:44:39.0232 4068 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
12:44:39.0232 4068 p2psvc - ok
12:44:39.0263 4068 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
12:44:39.0263 4068 Parport - ok
12:44:39.0294 4068 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:44:39.0294 4068 partmgr - ok
12:44:39.0325 4068 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
12:44:39.0325 4068 Parvdm - ok
12:44:39.0357 4068 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
12:44:39.0357 4068 PcaSvc - ok
12:44:39.0388 4068 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
12:44:39.0388 4068 pci - ok
12:44:39.0419 4068 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
12:44:39.0419 4068 pciide - ok
12:44:39.0435 4068 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:44:39.0435 4068 pcmcia - ok
12:44:39.0513 4068 [ BC0226AAA30602FAE30DA145E83E0C09 ] PDF Suite 2012 Helper Service C:\Program Files\PDF Suite 2012\HelperService.exe
12:44:39.0544 4068 PDF Suite 2012 Helper Service - ok
12:44:39.0575 4068 [ 7D35111BA7E38B9C0842939A023BF560 ] PDF Suite 2012 Service C:\Program Files\PDF Suite 2012\ConversionService.exe
12:44:39.0591 4068 PDF Suite 2012 Service - ok
12:44:39.0637 4068 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:44:39.0653 4068 PEAUTH - ok
12:44:39.0731 4068 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
12:44:39.0778 4068 pla - ok
12:44:39.0809 4068 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:44:39.0856 4068 PlugPlay - ok
12:44:39.0887 4068 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:44:39.0887 4068 Pml Driver HPZ12 - ok
12:44:39.0903 4068 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:44:39.0918 4068 PNRPAutoReg - ok
12:44:39.0934 4068 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:44:39.0949 4068 PNRPsvc - ok
12:44:39.0981 4068 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:44:39.0981 4068 PolicyAgent - ok
12:44:40.0043 4068 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:44:40.0043 4068 PptpMiniport - ok
12:44:40.0059 4068 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
12:44:40.0059 4068 Processor - ok
12:44:40.0090 4068 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
12:44:40.0090 4068 ProfSvc - ok
12:44:40.0105 4068 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:44:40.0105 4068 ProtectedStorage - ok
12:44:40.0137 4068 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:44:40.0137 4068 PSched - ok
12:44:40.0137 4068 [ 1DCBB35090CC4B2BD3D661E6089523C6 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
12:44:40.0152 4068 PSDFilter - ok
12:44:40.0152 4068 [ E26E46D619469964AC3609620F443867 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
12:44:40.0152 4068 PSDNServ - ok
12:44:40.0168 4068 [ 3E1D134AF2806867D06047C4CC33CC65 ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
12:44:40.0168 4068 psdvdisk - ok
12:44:40.0199 4068 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:44:40.0199 4068 PSI_SVC_2 - ok
12:44:40.0230 4068 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
12:44:40.0230 4068 PxHelp20 - ok
12:44:40.0293 4068 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:44:40.0324 4068 ql2300 - ok
12:44:40.0371 4068 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:44:40.0371 4068 ql40xx - ok
12:44:40.0402 4068 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
12:44:40.0402 4068 QWAVE - ok
12:44:40.0417 4068 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:44:40.0433 4068 QWAVEdrv - ok
12:44:40.0449 4068 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:44:40.0449 4068 RasAcd - ok
12:44:40.0464 4068 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
12:44:40.0464 4068 RasAuto - ok
12:44:40.0480 4068 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:44:40.0480 4068 Rasl2tp - ok
12:44:40.0511 4068 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
12:44:40.0527 4068 RasMan - ok
12:44:40.0558 4068 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:44:40.0558 4068 RasPppoe - ok
12:44:40.0589 4068 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:44:40.0589 4068 RasSstp - ok
12:44:40.0620 4068 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:44:40.0620 4068 rdbss - ok
12:44:40.0651 4068 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:44:40.0651 4068 RDPCDD - ok
12:44:40.0683 4068 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:44:40.0683 4068 rdpdr - ok
12:44:40.0683 4068 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:44:40.0683 4068 RDPENCDD - ok
12:44:40.0729 4068 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:44:40.0729 4068 RDPWD - ok
12:44:40.0792 4068 [ 24D3B49DAB660A8B8AFA40240E735E24 ] regi C:\Windows\system32\drivers\regi.sys
12:44:40.0792 4068 regi - ok
12:44:40.0870 4068 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:44:40.0870 4068 RemoteAccess - ok
12:44:40.0917 4068 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:44:40.0917 4068 RemoteRegistry - ok
12:44:40.0948 4068 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
12:44:40.0948 4068 RpcLocator - ok
12:44:41.0010 4068 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
12:44:41.0010 4068 RpcSs - ok
12:44:41.0041 4068 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:44:41.0041 4068 rspndr - ok
12:44:41.0119 4068 [ 73835C4F79ADC404EF39C8A9E2D4183B ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
12:44:41.0119 4068 RS_Service - ok
12:44:41.0135 4068 [ 7A4F79DF3793160B280CDE152B61FE33 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
12:44:41.0135 4068 RTSTOR - ok
12:44:41.0151 4068 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
12:44:41.0151 4068 SamSs - ok
12:44:41.0166 4068 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:44:41.0166 4068 sbp2port - ok
12:44:41.0197 4068 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:44:41.0213 4068 SCardSvr - ok
12:44:41.0260 4068 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
12:44:41.0275 4068 Schedule - ok
12:44:41.0307 4068 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:44:41.0307 4068 SCPolicySvc - ok
12:44:41.0353 4068 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:44:41.0369 4068 SDRSVC - ok
12:44:41.0385 4068 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:44:41.0385 4068 secdrv - ok
12:44:41.0400 4068 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
12:44:41.0400 4068 seclogon - ok
12:44:41.0400 4068 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
12:44:41.0416 4068 SENS - ok
12:44:41.0447 4068 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
12:44:41.0447 4068 Serenum - ok
12:44:41.0463 4068 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
12:44:41.0463 4068 Serial - ok
12:44:41.0478 4068 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:44:41.0478 4068 sermouse - ok
12:44:41.0525 4068 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
12:44:41.0525 4068 SessionEnv - ok
12:44:41.0541 4068 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:44:41.0541 4068 sffdisk - ok
12:44:41.0572 4068 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:44:41.0587 4068 sffp_mmc - ok
12:44:41.0587 4068 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:44:41.0603 4068 sffp_sd - ok
12:44:41.0619 4068 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:44:41.0619 4068 sfloppy - ok
12:44:41.0650 4068 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:44:41.0665 4068 SharedAccess - ok
12:44:41.0697 4068 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:44:41.0712 4068 ShellHWDetection - ok
12:44:41.0728 4068 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:44:41.0728 4068 sisagp - ok
12:44:41.0743 4068 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:44:41.0743 4068 SiSRaid2 - ok
12:44:41.0775 4068 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:44:41.0775 4068 SiSRaid4 - ok
12:44:41.0884 4068 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
12:44:41.0962 4068 slsvc - ok
12:44:41.0993 4068 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:44:41.0993 4068 SLUINotify - ok
12:44:42.0040 4068 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:44:42.0040 4068 Smb - ok
12:44:42.0071 4068 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:44:42.0087 4068 SNMPTRAP - ok
12:44:42.0087 4068 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
12:44:42.0087 4068 spldr - ok
12:44:42.0118 4068 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
12:44:42.0118 4068 Spooler - ok
12:44:42.0165 4068 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:44:42.0165 4068 srv - ok
12:44:42.0211 4068 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:44:42.0211 4068 srv2 - ok
12:44:42.0243 4068 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:44:42.0243 4068 srvnet - ok
12:44:42.0289 4068 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:44:42.0289 4068 SSDPSRV - ok
12:44:42.0305 4068 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:44:42.0321 4068 SstpSvc - ok
12:44:42.0352 4068 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
12:44:42.0352 4068 StillCam - ok
12:44:42.0399 4068 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
12:44:42.0414 4068 stisvc - ok
12:44:42.0445 4068 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:44:42.0445 4068 swenum - ok
12:44:42.0492 4068 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
12:44:42.0492 4068 swprv - ok
12:44:42.0523 4068 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:44:42.0523 4068 Symc8xx - ok
12:44:42.0539 4068 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:44:42.0539 4068 Sym_hi - ok
12:44:42.0555 4068 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:44:42.0555 4068 Sym_u3 - ok
12:44:42.0617 4068 [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:44:42.0617 4068 SynTP - ok
12:44:42.0664 4068 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
12:44:42.0679 4068 SysMain - ok
12:44:42.0726 4068 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:44:42.0726 4068 TabletInputService - ok
12:44:42.0757 4068 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:44:42.0773 4068 TapiSrv - ok
12:44:42.0789 4068 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
12:44:42.0789 4068 TBS - ok
12:44:42.0835 4068 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:44:42.0851 4068 Tcpip - ok
12:44:42.0867 4068 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:44:42.0867 4068 Tcpip6 - ok
12:44:42.0898 4068 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:44:42.0898 4068 tcpipreg - ok
12:44:42.0929 4068 [ 72B9E77565DA5FA564581976E000D29B ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
12:44:42.0945 4068 TcUsb - ok
12:44:42.0976 4068 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:44:42.0976 4068 TDPIPE - ok
12:44:43.0007 4068 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:44:43.0007 4068 TDTCP - ok
12:44:43.0038 4068 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:44:43.0038 4068 tdx - ok
12:44:43.0179 4068 [ 3E85BDD019E3DB66D9471DAD7FD6A887 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
12:44:43.0257 4068 TeamViewer7 - ok
12:44:43.0288 4068 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:44:43.0288 4068 TermDD - ok
12:44:43.0319 4068 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
12:44:43.0335 4068 TermService - ok
12:44:43.0350 4068 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
12:44:43.0350 4068 Themes - ok
12:44:43.0366 4068 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
12:44:43.0366 4068 THREADORDER - ok
12:44:43.0397 4068 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
12:44:43.0413 4068 TrkWks - ok
12:44:43.0475 4068 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:44:43.0475 4068 TrustedInstaller - ok
12:44:43.0522 4068 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:44:43.0522 4068 tssecsrv - ok
12:44:43.0537 4068 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:44:43.0553 4068 tunmp - ok
12:44:43.0584 4068 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:44:43.0584 4068 tunnel - ok
12:44:43.0615 4068 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:44:43.0615 4068 uagp35 - ok
12:44:43.0631 4068 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
12:44:43.0631 4068 UBHelper - ok
12:44:43.0678 4068 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:44:43.0693 4068 udfs - ok
12:44:43.0709 4068 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:44:43.0709 4068 UI0Detect - ok
12:44:43.0725 4068 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:44:43.0725 4068 uliagpkx - ok
12:44:43.0771 4068 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:44:43.0771 4068 uliahci - ok
12:44:43.0787 4068 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:44:43.0787 4068 UlSata - ok
12:44:43.0818 4068 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:44:43.0818 4068 ulsata2 - ok
12:44:43.0834 4068 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:44:43.0834 4068 umbus - ok
12:44:43.0849 4068 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
12:44:43.0865 4068 upnphost - ok
12:44:43.0974 4068 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
12:44:43.0974 4068 UPnPService - ok
12:44:44.0037 4068 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:44:44.0037 4068 usbaudio - ok
12:44:44.0068 4068 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:44:44.0068 4068 usbccgp - ok
12:44:44.0083 4068 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:44:44.0083 4068 usbcir - ok
12:44:44.0115 4068 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:44:44.0115 4068 usbehci - ok
12:44:44.0146 4068 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:44:44.0146 4068 usbhub - ok
12:44:44.0177 4068 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:44:44.0177 4068 usbohci - ok
12:44:44.0224 4068 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:44:44.0224 4068 usbprint - ok
12:44:44.0239 4068 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:44:44.0239 4068 usbscan - ok
12:44:44.0271 4068 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:44:44.0271 4068 USBSTOR - ok
12:44:44.0271 4068 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:44:44.0271 4068 usbuhci - ok
12:44:44.0317 4068 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:44:44.0317 4068 usbvideo - ok
12:44:44.0333 4068 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
12:44:44.0349 4068 UxSms - ok
12:44:44.0380 4068 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
12:44:44.0395 4068 vds - ok
12:44:44.0427 4068 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:44:44.0427 4068 vga - ok
12:44:44.0458 4068 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
12:44:44.0458 4068 VgaSave - ok
12:44:44.0489 4068 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:44:44.0489 4068 viaagp - ok
12:44:44.0520 4068 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:44:44.0520 4068 ViaC7 - ok
12:44:44.0536 4068 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
12:44:44.0536 4068 viaide - ok
12:44:44.0551 4068 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:44:44.0551 4068 volmgr - ok
12:44:44.0567 4068 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:44:44.0583 4068 volmgrx - ok
12:44:44.0614 4068 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:44:44.0614 4068 volsnap - ok
12:44:44.0645 4068 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:44:44.0645 4068 vsmraid - ok
12:44:44.0692 4068 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
12:44:44.0723 4068 VSS - ok
12:44:44.0723 4068 vToolbarUpdater14.0.1 - ok
12:44:44.0770 4068 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
12:44:44.0770 4068 W32Time - ok
12:44:44.0801 4068 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:44:44.0801 4068 WacomPen - ok
12:44:44.0817 4068 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:44:44.0817 4068 Wanarp - ok
12:44:44.0832 4068 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:44:44.0832 4068 Wanarpv6 - ok
12:44:44.0848 4068 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:44:44.0863 4068 wcncsvc - ok
12:44:44.0910 4068 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:44:44.0910 4068 WcsPlugInService - ok
12:44:44.0926 4068 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
12:44:44.0926 4068 Wd - ok
12:44:44.0973 4068 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:44:44.0988 4068 Wdf01000 - ok
12:44:45.0004 4068 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:44:45.0004 4068 WdiServiceHost - ok
12:44:45.0004 4068 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:44:45.0019 4068 WdiSystemHost - ok
12:44:45.0051 4068 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
12:44:45.0066 4068 WebClient - ok
12:44:45.0082 4068 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:44:45.0097 4068 Wecsvc - ok
12:44:45.0097 4068 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:44:45.0113 4068 wercplsupport - ok
12:44:45.0144 4068 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
12:44:45.0160 4068 WerSvc - ok
12:44:45.0191 4068 [ BB9CBAF6AC20452B245C324F1F50EE81 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:44:45.0207 4068 winachsf - ok
12:44:45.0238 4068 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
12:44:45.0253 4068 winbondcir - ok
12:44:45.0300 4068 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:44:45.0300 4068 WinDefend - ok
12:44:45.0316 4068 WinHttpAutoProxySvc - ok
12:44:45.0363 4068 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:44:45.0394 4068 Winmgmt - ok
12:44:45.0441 4068 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
12:44:45.0472 4068 WinRM - ok
12:44:45.0519 4068 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:44:45.0550 4068 Wlansvc - ok
12:44:45.0565 4068 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:44:45.0565 4068 WmiAcpi - ok
12:44:45.0597 4068 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:44:45.0612 4068 wmiApSrv - ok
12:44:45.0675 4068 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:44:45.0690 4068 WMPNetworkSvc - ok
12:44:45.0737 4068 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:44:45.0737 4068 WPCSvc - ok
12:44:45.0768 4068 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:44:45.0768 4068 WPDBusEnum - ok
12:44:45.0877 4068 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:44:45.0893 4068 WPFFontCache_v0400 - ok
12:44:45.0924 4068 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:44:45.0924 4068 ws2ifsl - ok
12:44:45.0971 4068 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
12:44:45.0987 4068 wscsvc - ok
12:44:45.0987 4068 WSearch - ok
12:44:46.0065 4068 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:44:46.0111 4068 wuauserv - ok
12:44:46.0143 4068 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:44:46.0143 4068 WudfPf - ok
12:44:46.0189 4068 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:44:46.0189 4068 WUDFRd - ok
12:44:46.0221 4068 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:44:46.0236 4068 wudfsvc - ok
12:44:46.0283 4068 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
12:44:46.0283 4068 XAudio - ok
12:44:46.0299 4068 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
12:44:46.0314 4068 XAudioService - ok
12:44:46.0392 4068 [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
12:44:46.0392 4068 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
12:44:46.0392 4068 ================ Scan global ===============================
12:44:46.0423 4068 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:44:46.0455 4068 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:44:46.0486 4068 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:44:46.0533 4068 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:44:46.0533 4068 [Global] - ok
12:44:46.0533 4068 ================ Scan MBR ==================================
12:44:46.0548 4068 [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0
12:44:47.0359 4068 \Device\Harddisk0\DR0 - ok
12:44:47.0375 4068 [ E9BE5483500F315282A7234A18B73E9B ] \Device\Harddisk1\DR1
12:44:49.0653 4068 \Device\Harddisk1\DR1 - ok
12:44:50.0401 4068 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
12:44:50.0433 4068 \Device\Harddisk2\DR2 - ok
12:44:50.0433 4068 ================ Scan VBR ==================================
12:44:50.0448 4068 [ BDD6862677E238E07E74858BBCA6E6A3 ] \Device\Harddisk0\DR0\Partition1
12:44:50.0448 4068 \Device\Harddisk0\DR0\Partition1 - ok
12:44:50.0495 4068 [ 6B1530724991C27B9AEF834D53379547 ] \Device\Harddisk0\DR0\Partition2
12:44:50.0495 4068 \Device\Harddisk0\DR0\Partition2 - ok
12:44:50.0495 4068 [ C9587E5D5A45E683EEE2323DA746BDF3 ] \Device\Harddisk1\DR1\Partition1
12:44:50.0495 4068 \Device\Harddisk1\DR1\Partition1 - ok
12:44:50.0854 4068 [ F0DC43D9C09752D49CF40F8E0ABA159B ] \Device\Harddisk1\DR1\Partition2
12:44:50.0854 4068 \Device\Harddisk1\DR1\Partition2 - ok
12:44:50.0869 4068 [ 19D104DE6AF6263314901D3275C82669 ] \Device\Harddisk1\DR1\Partition3
12:44:50.0869 4068 \Device\Harddisk1\DR1\Partition3 - ok
12:44:50.0885 4068 [ 3DD97BF38586746C0CD7FFB12981FA3A ] \Device\Harddisk2\DR2\Partition1
12:44:50.0885 4068 \Device\Harddisk2\DR2\Partition1 - ok
12:44:50.0885 4068 ============================================================
12:44:50.0885 4068 Scan finished
12:44:50.0885 4068 ============================================================
12:44:50.0885 2292 Detected object count: 0
12:44:50.0885 2292 Actual detected object count: 0
12:47:32.0579 2168 Deinitialize success

Übrigens: bei TDSS Killer.exe scheint es eine neue Version zu geben - oder liegt es daran, dass nichts "Schlimmes" gefunden wurde? Jedenfalls habe ich die Buttons "Cure" und "Skip" nicht gesehen.

Gruß Urflamingo

Alt 09.02.2013, 15:19   #8
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Servus,


ok, danke für die Rückmeldung.


Wir machen zuerst einen kleinen Fix mit OTL und schauen anschließend mit FRST "von außen" auf dein System, evtl. seh ich so etwas.


OTL im abgesicherten Modus ausführen.



Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
[2010.11.12 17:43:05 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\urflamingo\AppData\Roaming\mozilla\Firefox\Profiles\4zz1pslt.default\extensions\support@predictad.com
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

:commands
[Emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von FRST.
Alt 09.02.2013, 18:15   #9
urflamingo
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Servus Matthias,

diesmal ging leider gar nichts. Ich bin überhaupt nicht zurechtgekommen.

Schritt 1:
OTL
Nach dem "Fix-Befehl" verschwand unmittelbar der gesamte Code bis auf die letzte Zeile mit empty temp.
Und sofort hat sich der PC aufgehängt.

Unter OTL\Moved Files\ gibt es einen Datum-Uhrzeit-Ordner und danach/dahinter noch etliche andere Ordner (urflamingo, AppData, Roaming etc)

Eine .txt Datei habe ich jedoch nicht gefunden.

Schritt 2:
FRST
Computer reparieren mit F8 hat funktioniert. Dann kam "Select a keyboard layout" (German eingestellt). Dann Login als urflamingo (Habe auch Admin-Rechte).

Dann: Choose a recovery tool

--- Startup Repair (automatically fix problems that are preventing Windows from Starting; das habe ich ausgeführt; Ergebnis: es gibt keine Probleme)

--- System Restore (restore Windows to an earlier point of time)

--- Windows Complete PC Restore (Restore your entire Computer from a Backup)

--- Windows Memory Diagnostic Tool (Check your Computer for memory HW errors)

--- Command Prompt (Open a command prompt window)

Darunter gibt es 2 Buttons: Shut Down und Restart

Die angesprochene "Eingabeaufforderung" oder eine andere entsprechende Fortsetzungs-Möglichkeit habe ich nicht gefunden.

Hast Du eine Idee, wie wir weiterkommen können?

Gruß urflamingo

PS: Ist das "Command Prompt" evtl. das von Dir gemeinte Eingabe-Feld?

Alt 09.02.2013, 19:42   #10
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Servus,


wähle Command Prompt. Das entspricht der deutschen Eingabeaufforderung.

Alt 09.02.2013, 20:41   #11
urflamingo
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Hallo Matthias,

hier der Inhalt der

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-02-2013
Ran by urflamingo at 09-02-2013 20:33:20
Running from F:\
Service Pack 2 (X86) OS Language: German Standard
Attention: Could not load system hive.
FEHLER: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-02-09 18:57 - 2013-02-09 18:57 - 00042254 ____A C:\Users\urflamingo\Downloads\Aktivierungshinweise_Gold_Mitgliedschaft.zip
2013-02-09 16:43 - 2013-02-09 16:43 - 00000000 ___DC C:\_OTL
2013-02-09 12:32 - 2013-02-09 12:32 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller (1).exe
2013-02-09 12:31 - 2013-02-09 12:31 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller.exe
2013-02-09 12:26 - 2013-02-09 12:27 - 04732416 ____A (AVAST Software) C:\Users\urflamingo\Downloads\aswMBR.exe
2013-02-08 20:34 - 2013-02-08 20:34 - 00000000 ____D C:\Users\urflamingo\Downloads\covertplayer_pro
2013-02-08 14:40 - 2013-02-08 14:40 - 00026095 ___AC C:\ComboFix.txt
2013-02-08 13:54 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2013-02-08 13:54 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2013-02-08 13:54 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-02-08 13:54 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-02-08 13:54 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-02-08 13:54 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2013-02-08 13:54 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2013-02-08 13:54 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2013-02-08 13:43 - 2013-02-08 14:40 - 00000000 ___DC C:\Qoobox
2013-02-08 13:42 - 2013-02-08 14:38 - 00000000 ____D C:\Windows\erdnt
2013-02-08 13:41 - 2013-02-08 13:41 - 05030592 ___RA (Swearware) C:\Users\urflamingo\Downloads\ComboFix.exe
2013-02-08 00:02 - 2013-02-08 00:02 - 00001199 ___AC C:\AdwCleaner[R1].txt
2013-02-07 23:10 - 2013-02-07 23:10 - 00582209 ____A C:\Users\urflamingo\Downloads\adwcleaner.exe
2013-02-07 23:07 - 2013-02-07 23:07 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE(1).exe
2013-02-07 23:06 - 2013-02-07 23:06 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE.exe
2013-02-07 23:06 - 2013-02-07 23:06 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-07 22:54 - 2013-02-07 22:54 - 00060754 ____A C:\Users\urflamingo\Desktop\JRT.txt
2013-02-07 22:50 - 2013-02-07 22:50 - 00000000 ____D C:\Windows\ERUNT
2013-02-07 22:48 - 2013-02-07 22:48 - 00000000 ___DC C:\JRT
2013-02-07 22:47 - 2013-02-07 22:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\Nicht bestätigt 518278.crdownload
2013-02-07 22:46 - 2013-02-07 22:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\JRT.exe
2013-02-07 21:05 - 2013-02-07 21:05 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1 (1).txt
2013-02-07 21:04 - 2013-02-07 21:04 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1.txt
2013-02-07 14:57 - 2013-02-07 14:57 - 00097512 ____A C:\Users\urflamingo\Downloads\Extras.Txt
2013-02-07 14:56 - 2013-02-09 16:33 - 00157902 ____A C:\Users\urflamingo\Downloads\OTL.Txt
2013-02-07 14:40 - 2013-02-07 14:40 - 00365568 ____A C:\Users\urflamingo\Downloads\gmer_2.0.18454.exe
2013-02-07 14:19 - 2013-02-07 14:19 - 00602112 ____A (OldTimer Tools) C:\Users\urflamingo\Downloads\OTL.exe
2013-02-07 14:14 - 2013-02-07 14:15 - 00000482 ____A C:\Users\urflamingo\Downloads\defogger_disable.log
2013-02-07 14:14 - 2013-02-07 14:14 - 00000000 ____A C:\Users\urflamingo\defogger_reenable
2013-02-07 14:12 - 2013-02-07 14:13 - 00050477 ____A C:\Users\urflamingo\Downloads\Defogger.exe
2013-02-07 00:22 - 2013-02-07 00:22 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-02-07 00:21 - 2012-12-14 16:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-02-06 21:56 - 2013-02-07 00:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Malwarebytes
2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-06 21:54 - 2013-02-06 21:54 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\urflamingo\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-06 18:51 - 2013-02-06 18:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-02-05 18:31 - 2013-02-05 18:31 - 00351281 ____A C:\Users\urflamingo\Downloads\covertplayer_pro.zip
2013-02-05 18:10 - 2013-02-05 18:11 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\vlc
2013-02-05 18:09 - 2013-02-05 18:09 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-02-05 18:08 - 2013-02-05 18:08 - 00000000 ____D C:\Program Files\VideoLAN
2013-02-05 18:07 - 2013-02-05 18:07 - 22916830 ____A C:\Users\urflamingo\Downloads\vlc-2.0.5-win32.exe
2013-02-03 12:05 - 2013-02-03 12:04 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-02-03 12:05 - 2013-02-03 12:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-02-03 12:05 - 2013-02-03 12:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-02-03 12:05 - 2013-02-03 12:04 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-01-31 17:39 - 2013-01-31 17:39 - 00001875 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-01-30 23:42 - 2013-01-30 23:42 - 00000840 ____A C:\Users\urflamingo\Desktop\CdCoverCreator.lnk
2013-01-30 23:42 - 2013-01-30 23:42 - 00000000 ____D C:\Program Files\CdCoverCreator
2013-01-30 23:41 - 2013-01-30 23:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3 (1).exe
2013-01-30 23:40 - 2013-01-30 23:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3.exe
2013-01-30 23:39 - 2013-01-30 23:39 - 00970480 ____A C:\Users\urflamingo\Downloads\setup (3).exe
2013-01-30 23:23 - 2013-01-30 23:23 - 00581184 ____A (www.download-sponsor.de) C:\Users\urflamingo\Downloads\Nicht bestätigt 154015.crdownload
2013-01-30 23:18 - 2013-01-30 23:18 - 00000756 ____A C:\Users\urflamingo\Desktop\MiPony.lnk
2013-01-30 23:18 - 2013-01-30 23:18 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\DSite
2013-01-30 23:17 - 2013-01-30 23:17 - 00663824 ____A C:\Users\urflamingo\Downloads\DownloadAcceleratorSetup.exe
2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c.exe
2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c (1).exe
2013-01-30 16:25 - 2013-01-30 16:25 - 00000000 ____D C:\Users\urflamingo\Corel
2013-01-30 16:19 - 2013-01-30 16:19 - 00000040 ___AH C:\Windows\System32\ivireg.ivr
2013-01-30 16:18 - 2013-01-30 16:18 - 00001734 ____A C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk
2013-01-30 16:18 - 2010-11-16 16:24 - 00013880 ____A (InterVideo) C:\Windows\System32\Drivers\regi.sys
2013-01-30 16:04 - 2013-01-30 16:06 - 123908088 ____A (Acresso Software Inc.) C:\Users\urflamingo\Downloads\WinDVD11_Pro_TBYB.exe
2013-01-28 19:05 - 2013-01-28 19:05 - 00000000 ____D C:\Users\urflamingo\Documents\Nero
2013-01-28 19:04 - 2013-01-30 19:29 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-01-28 19:01 - 2013-01-28 19:01 - 00000000 ____D C:\Program Files\Common Files\Nero
2013-01-28 19:00 - 2013-01-28 19:03 - 00000000 ____D C:\Users\All Users\Nero
2013-01-28 18:57 - 2013-01-28 19:03 - 00000000 ____D C:\Program Files\Nero
2013-01-28 13:29 - 2013-01-28 13:29 - 00803471 ____A C:\Users\urflamingo\Downloads\label.psd
2013-01-25 19:30 - 2013-01-25 19:32 - 00000000 ____D C:\Users\urflamingo\Downloads\WP Plugins Chrisler Azon
2013-01-25 13:52 - 2013-01-25 13:52 - 08507373 ____A C:\Users\urflamingo\Downloads\pitch_me_your_idea_2003_2493.zip
2013-01-22 21:21 - 2013-01-22 21:21 - 00000000 ____D C:\Users\urflamingo\Documents\Recordpad
2013-01-19 19:19 - 2013-01-19 19:22 - 90257957 ____A C:\Users\urflamingo\Downloads\LeadGenTsunami.mp4
2013-01-19 17:41 - 2013-01-19 17:41 - 03041739 ____A C:\Users\urflamingo\Downloads\quiz2.zip
2013-01-19 17:40 - 2013-02-05 18:31 - 00000000 ____D C:\Users\urflamingo\Downloads\JVZoo
2013-01-19 01:30 - 2013-01-19 01:30 - 01864128 ____A ( ) C:\Users\urflamingo\Downloads\MiracleSqueezePageBuilder.exe
2013-01-19 01:30 - 2013-01-19 01:30 - 00001799 ____A C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk
2013-01-19 01:30 - 2013-01-19 01:30 - 00000000 ____D C:\Program Files\Miracle Squeeze Page Builder
2013-01-19 01:23 - 2013-01-19 01:23 - 00000841 ____A C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk
2013-01-19 01:23 - 2013-01-19 01:23 - 00000000 ____D C:\Program Files\PinDetective
2013-01-19 01:22 - 2013-01-19 01:22 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2(1).exe
2013-01-19 01:21 - 2013-01-19 01:21 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2.exe
2013-01-19 01:13 - 2013-01-19 01:13 - 00001069 ____A C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk
2013-01-19 01:13 - 2013-01-19 01:13 - 00000000 ____D C:\Program Files\PinAutomation - Affiliate Robot
2013-01-19 01:12 - 2013-01-19 01:12 - 00398725 ____A ( ) C:\Users\urflamingo\Downloads\AffiliateRobot-Setup.exe
2013-01-18 16:28 - 2013-01-18 16:28 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus
2013-01-18 14:56 - 2013-01-18 14:56 - 00000970 ____A C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk
2013-01-18 14:21 - 2013-01-18 14:22 - 00004555 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log
2013-01-18 01:40 - 2013-01-18 01:40 - 00000000 ____D C:\Program Files\Citrix
2013-01-17 18:36 - 2013-01-17 18:36 - 00029053 ____A C:\Users\urflamingo\Documents\Versuch1.ffd
2013-01-17 16:33 - 2013-01-17 16:34 - 00000046 ____A C:\Windows\Speed.INI
2013-01-17 16:33 - 2013-01-17 16:34 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX Speed
2013-01-17 15:50 - 2013-01-17 15:50 - 00000024 ____A C:\Windows\System32\DKRNL.JAX
2013-01-17 15:50 - 2013-01-17 15:50 - 00000000 ____D C:\Users\urflamingo\Documents\Corel MotionStudio 3D
2013-01-14 23:21 - 2013-01-14 23:37 - 00024576 ____A C:\Users\urflamingo\Documents\verguetungssysteme.dsam
2013-01-14 23:13 - 2013-01-14 23:13 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42 (1).air
2013-01-14 16:25 - 2013-01-14 18:24 - 00005132 ____A C:\Users\urflamingo\Downloads\sitescripts.php
2013-01-14 00:34 - 2013-01-14 00:34 - 00002269 ____R C:\Windows\E-MailVerifier_Uninstall.in
2013-01-14 00:34 - 2013-01-14 00:34 - 00000715 ____A C:\Users\urflamingo\Desktop\E-MailVerifier.lnk
2013-01-14 00:34 - 2013-01-14 00:34 - 00000000 ____D C:\Program Files\E-MailVerifier
2013-01-14 00:34 - 2010-02-02 12:30 - 00331136 ____A (Mirko Böer) C:\Windows\EMVUn.EXE
2013-01-14 00:33 - 2013-01-14 00:33 - 00003306 ____R C:\Windows\SuperMailer_Uninstall.in
2013-01-14 00:33 - 2013-01-14 00:33 - 00000695 ____A C:\Users\urflamingo\Desktop\SuperMailer.lnk
2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\SuperMailer
2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Program Files\SuperMailer
2013-01-14 00:33 - 2010-03-17 10:45 - 00331136 ____A (Mirko Böer) C:\Windows\SMUn.EXE
2013-01-13 18:05 - 2013-01-13 18:05 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2013-01-13 18:04 - 2013-01-13 18:04 - 00000776 ____A C:\Users\Public\Desktop\Market Samurai.lnk
2013-01-13 18:03 - 2013-01-13 18:03 - 00000000 ____D C:\Program Files\Market Samurai
2013-01-13 17:59 - 2013-01-13 17:59 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42.air
2013-01-11 14:39 - 2013-01-11 14:40 - 01054871 ____A C:\Users\urflamingo\Downloads\MLMpro_D.zip
2013-01-10 14:54 - 2013-01-10 14:57 - 344471060 ____A C:\Users\urflamingo\Downloads\starter-mitglied-856024.zip
2013-01-10 14:14 - 2013-01-10 14:15 - 00276140 ____A C:\Windows\msxml4-KB2758694-enu.LOG


==================== One Month Modified Files and Folders ========

2013-02-09 20:33 - 2013-02-09 20:33 - 00000000 ___DC C:\FRST
2013-02-09 20:30 - 2008-01-21 03:47 - 20969324 ____A C:\Windows\PFRO.log
2013-02-09 20:19 - 2009-11-15 21:28 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-09 20:17 - 2009-08-13 10:31 - 00143914 ____A C:\Users\All Users\nvModes.001
2013-02-09 20:17 - 2008-09-09 03:07 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2013-02-09 20:17 - 2008-07-30 03:13 - 00000147 ____A C:\Windows\System32\agent.log
2013-02-09 20:17 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-09 20:17 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-09 20:17 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-09 18:57 - 2013-02-09 18:57 - 00042254 ____A C:\Users\urflamingo\Downloads\Aktivierungshinweise_Gold_Mitgliedschaft.zip
2013-02-09 18:52 - 2012-01-19 17:46 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\PDF Software
2013-02-09 17:54 - 2012-05-29 16:33 - 00001699 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-02-09 16:43 - 2013-02-09 16:43 - 00000000 ___DC C:\_OTL
2013-02-09 16:33 - 2013-02-07 14:56 - 00157902 ____A C:\Users\urflamingo\Downloads\OTL.Txt
2013-02-09 13:17 - 2012-12-26 20:39 - 00000338 ____A C:\Windows\Tasks\DriverScanner.job
2013-02-09 13:17 - 2009-11-15 21:28 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-09 12:43 - 2008-10-04 22:22 - 00075264 ____A C:\Users\urflamingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-09 12:32 - 2013-02-09 12:32 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller (1).exe
2013-02-09 12:31 - 2013-02-09 12:31 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller.exe
2013-02-09 12:27 - 2013-02-09 12:26 - 04732416 ____A (AVAST Software) C:\Users\urflamingo\Downloads\aswMBR.exe
2013-02-08 21:14 - 2010-02-22 04:07 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\FileZilla
2013-02-08 20:34 - 2013-02-08 20:34 - 00000000 ____D C:\Users\urflamingo\Downloads\covertplayer_pro
2013-02-08 14:40 - 2013-02-08 14:40 - 00026095 ___AC C:\ComboFix.txt
2013-02-08 14:40 - 2013-02-08 13:43 - 00000000 ___DC C:\Qoobox
2013-02-08 14:40 - 2006-11-02 12:18 - 00000000 ___RD C:\users\Public
2013-02-08 14:38 - 2013-02-08 13:42 - 00000000 ____D C:\Windows\erdnt
2013-02-08 14:32 - 2006-11-02 11:23 - 00000215 ___AC C:\Windows\system.ini
2013-02-08 14:21 - 2008-10-04 15:09 - 00000000 ____D C:\users\urflamingo
2013-02-08 13:41 - 2013-02-08 13:41 - 05030592 ___RA (Swearware) C:\Users\urflamingo\Downloads\ComboFix.exe
2013-02-08 00:02 - 2013-02-08 00:02 - 00001199 ___AC C:\AdwCleaner[R1].txt
2013-02-07 23:43 - 2012-07-31 13:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-07 23:10 - 2013-02-07 23:10 - 00582209 ____A C:\Users\urflamingo\Downloads\adwcleaner.exe
2013-02-07 23:07 - 2013-02-07 23:07 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE(1).exe
2013-02-07 23:06 - 2013-02-07 23:06 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE.exe
2013-02-07 23:06 - 2013-02-07 23:06 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-07 22:54 - 2013-02-07 22:54 - 00060754 ____A C:\Users\urflamingo\Desktop\JRT.txt
2013-02-07 22:50 - 2013-02-07 22:50 - 00000000 ____D C:\Windows\ERUNT
2013-02-07 22:48 - 2013-02-07 22:48 - 00000000 ___DC C:\JRT
2013-02-07 22:47 - 2013-02-07 22:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\Nicht bestätigt 518278.crdownload
2013-02-07 22:47 - 2013-02-07 22:46 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\JRT.exe
2013-02-07 21:25 - 2006-11-02 13:47 - 00634760 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-07 21:05 - 2013-02-07 21:05 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1 (1).txt
2013-02-07 21:04 - 2013-02-07 21:04 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1.txt
2013-02-07 14:57 - 2013-02-07 14:57 - 00097512 ____A C:\Users\urflamingo\Downloads\Extras.Txt
2013-02-07 14:40 - 2013-02-07 14:40 - 00365568 ____A C:\Users\urflamingo\Downloads\gmer_2.0.18454.exe
2013-02-07 14:19 - 2013-02-07 14:19 - 00602112 ____A (OldTimer Tools) C:\Users\urflamingo\Downloads\OTL.exe
2013-02-07 14:15 - 2013-02-07 14:14 - 00000482 ____A C:\Users\urflamingo\Downloads\defogger_disable.log
2013-02-07 14:14 - 2013-02-07 14:14 - 00000000 ____A C:\Users\urflamingo\defogger_reenable
2013-02-07 14:13 - 2013-02-07 14:12 - 00050477 ____A C:\Users\urflamingo\Downloads\Defogger.exe
2013-02-07 01:17 - 2008-09-09 02:52 - 01770546 ____A C:\Windows\WindowsUpdate.log
2013-02-07 01:17 - 2006-11-02 14:01 - 00032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-07 00:22 - 2013-02-07 00:22 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-02-07 00:22 - 2013-02-06 21:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-02-07 00:11 - 2012-12-13 21:32 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-02-07 00:08 - 2012-12-12 12:50 - 00000000 ___RD C:\Users\urflamingo\Dropbox
2013-02-07 00:08 - 2012-12-12 12:45 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Dropbox
2013-02-06 23:37 - 2008-01-21 08:16 - 01673560 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Malwarebytes
2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-06 21:54 - 2013-02-06 21:54 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\urflamingo\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-06 21:49 - 2012-05-02 16:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-02-06 19:19 - 2010-11-14 23:58 - 33997193 ____A C:\Users\urflamingo\Downloads\otopaket.zip
2013-02-06 18:54 - 2013-02-06 18:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-02-06 18:00 - 2010-10-23 14:56 - 00000304 ____A C:\Windows\Tasks\next.job
2013-02-06 18:00 - 2009-08-03 09:23 - 00000452 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2013-02-05 20:06 - 2012-12-13 23:21 - 00000000 ____D C:\Users\urflamingo\AppData\Local\CrashDumps
2013-02-05 18:31 - 2013-02-05 18:31 - 00351281 ____A C:\Users\urflamingo\Downloads\covertplayer_pro.zip
2013-02-05 18:31 - 2013-01-19 17:40 - 00000000 ____D C:\Users\urflamingo\Downloads\JVZoo
2013-02-05 18:11 - 2013-02-05 18:10 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\vlc
2013-02-05 18:09 - 2013-02-05 18:09 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-02-05 18:08 - 2013-02-05 18:08 - 00000000 ____D C:\Program Files\VideoLAN
2013-02-05 18:07 - 2013-02-05 18:07 - 22916830 ____A C:\Users\urflamingo\Downloads\vlc-2.0.5-win32.exe
2013-02-04 23:03 - 2012-01-19 18:06 - 00000000 ____D C:\Users\urflamingo\Documents\PDF Suite 2012 Files
2013-02-04 21:14 - 2010-11-30 17:57 - 00000000 ____D C:\Program Files\Common Files\ArcSoft
2013-02-04 21:14 - 2008-07-30 02:22 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-02-03 12:04 - 2013-02-03 12:05 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-02-03 12:04 - 2013-02-03 12:05 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-02-03 12:04 - 2013-02-03 12:05 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-02-03 12:04 - 2013-02-03 12:05 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-02-03 12:04 - 2012-11-06 16:51 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-02-03 12:04 - 2011-07-11 11:52 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-02-03 11:56 - 2012-12-12 12:50 - 00000938 ____A C:\Users\urflamingo\Desktop\Dropbox.lnk
2013-02-03 11:55 - 2010-03-01 20:26 - 00047104 ____A C:\Users\urflamingo\AppData\Local\WebpageIcons.db
2013-01-31 17:39 - 2013-01-31 17:39 - 00001875 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-01-31 17:39 - 2012-11-09 16:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-01-31 00:37 - 2010-02-09 21:58 - 00004096 ____A C:\Users\Public\Documents\00000ED4.LCS
2013-01-30 23:42 - 2013-01-30 23:42 - 00000840 ____A C:\Users\urflamingo\Desktop\CdCoverCreator.lnk
2013-01-30 23:42 - 2013-01-30 23:42 - 00000000 ____D C:\Program Files\CdCoverCreator
2013-01-30 23:41 - 2013-01-30 23:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3 (1).exe
2013-01-30 23:41 - 2013-01-30 23:40 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3.exe
2013-01-30 23:39 - 2013-01-30 23:39 - 00970480 ____A C:\Users\urflamingo\Downloads\setup (3).exe
2013-01-30 23:23 - 2013-01-30 23:23 - 00581184 ____A (www.download-sponsor.de) C:\Users\urflamingo\Downloads\Nicht bestätigt 154015.crdownload
2013-01-30 23:18 - 2013-01-30 23:18 - 00000756 ____A C:\Users\urflamingo\Desktop\MiPony.lnk
2013-01-30 23:18 - 2013-01-30 23:18 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\DSite
2013-01-30 23:17 - 2013-01-30 23:17 - 00663824 ____A C:\Users\urflamingo\Downloads\DownloadAcceleratorSetup.exe
2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c.exe
2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c (1).exe
2013-01-30 19:29 - 2013-01-28 19:04 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-01-30 16:46 - 2012-01-02 23:38 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Corel
2013-01-30 16:25 - 2013-01-30 16:25 - 00000000 ____D C:\Users\urflamingo\Corel
2013-01-30 16:20 - 2012-12-12 21:09 - 00000000 ____D C:\Users\All Users\Corel
2013-01-30 16:19 - 2013-01-30 16:19 - 00000040 ___AH C:\Windows\System32\ivireg.ivr
2013-01-30 16:18 - 2013-01-30 16:18 - 00001734 ____A C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk
2013-01-30 16:17 - 2012-12-12 21:00 - 00000000 ____D C:\Program Files\Corel
2013-01-30 16:06 - 2013-01-30 16:04 - 123908088 ____A (Acresso Software Inc.) C:\Users\urflamingo\Downloads\WinDVD11_Pro_TBYB.exe
2013-01-30 12:38 - 2009-08-03 09:23 - 00000426 ____A C:\Windows\Tasks\ParetoLogic Update Version2.job
2013-01-28 19:05 - 2013-01-28 19:05 - 00000000 ____D C:\Users\urflamingo\Documents\Nero
2013-01-28 19:03 - 2013-01-28 19:00 - 00000000 ____D C:\Users\All Users\Nero
2013-01-28 19:03 - 2013-01-28 18:57 - 00000000 ____D C:\Program Files\Nero
2013-01-28 19:01 - 2013-01-28 19:01 - 00000000 ____D C:\Program Files\Common Files\Nero
2013-01-28 16:31 - 2012-02-16 17:39 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX
2013-01-28 13:29 - 2013-01-28 13:29 - 00803471 ____A C:\Users\urflamingo\Downloads\label.psd
2013-01-25 19:32 - 2013-01-25 19:30 - 00000000 ____D C:\Users\urflamingo\Downloads\WP Plugins Chrisler Azon
2013-01-25 13:52 - 2013-01-25 13:52 - 08507373 ____A C:\Users\urflamingo\Downloads\pitch_me_your_idea_2003_2493.zip
2013-01-22 23:10 - 2010-11-28 16:00 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Audacity
2013-01-22 21:21 - 2013-01-22 21:21 - 00000000 ____D C:\Users\urflamingo\Documents\Recordpad
2013-01-20 15:41 - 2012-12-12 21:22 - 00000000 ____D C:\Users\All Users\SmartSound Software Inc
2013-01-19 19:22 - 2013-01-19 19:19 - 90257957 ____A C:\Users\urflamingo\Downloads\LeadGenTsunami.mp4
2013-01-19 17:41 - 2013-01-19 17:41 - 03041739 ____A C:\Users\urflamingo\Downloads\quiz2.zip
2013-01-19 01:42 - 2010-05-31 17:08 - 00000206 ____A C:\Windows\EurekaLog.ini
2013-01-19 01:30 - 2013-01-19 01:30 - 01864128 ____A ( ) C:\Users\urflamingo\Downloads\MiracleSqueezePageBuilder.exe
2013-01-19 01:30 - 2013-01-19 01:30 - 00001799 ____A C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk
2013-01-19 01:30 - 2013-01-19 01:30 - 00000000 ____D C:\Program Files\Miracle Squeeze Page Builder
2013-01-19 01:23 - 2013-01-19 01:23 - 00000841 ____A C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk
2013-01-19 01:23 - 2013-01-19 01:23 - 00000000 ____D C:\Program Files\PinDetective
2013-01-19 01:22 - 2013-01-19 01:22 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2(1).exe
2013-01-19 01:21 - 2013-01-19 01:21 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2.exe
2013-01-19 01:13 - 2013-01-19 01:13 - 00001069 ____A C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk
2013-01-19 01:13 - 2013-01-19 01:13 - 00000000 ____D C:\Program Files\PinAutomation - Affiliate Robot
2013-01-19 01:12 - 2013-01-19 01:12 - 00398725 ____A ( ) C:\Users\urflamingo\Downloads\AffiliateRobot-Setup.exe
2013-01-18 22:51 - 2009-08-06 21:00 - 00000000 ____D C:\Users\urflamingo\Documents\Camtasia Studio
2013-01-18 16:28 - 2013-01-18 16:28 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus
2013-01-18 14:58 - 2008-10-19 20:55 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\AVS4YOU
2013-01-18 14:57 - 2008-10-19 20:51 - 00000000 ____D C:\Program Files\AVS4YOU
2013-01-18 14:56 - 2013-01-18 14:56 - 00000970 ____A C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk
2013-01-18 14:22 - 2013-01-18 14:21 - 00004555 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log
2013-01-18 14:22 - 2009-08-01 19:08 - 00000000 ____D C:\Program Files\Java
2013-01-18 01:40 - 2013-01-18 01:40 - 00000000 ____D C:\Program Files\Citrix
2013-01-17 18:36 - 2013-01-17 18:36 - 00029053 ____A C:\Users\urflamingo\Documents\Versuch1.ffd
2013-01-17 16:34 - 2013-01-17 16:33 - 00000046 ____A C:\Windows\Speed.INI
2013-01-17 16:34 - 2013-01-17 16:33 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX Speed
2013-01-17 15:50 - 2013-01-17 15:50 - 00000024 ____A C:\Windows\System32\DKRNL.JAX
2013-01-17 15:50 - 2013-01-17 15:50 - 00000000 ____D C:\Users\urflamingo\Documents\Corel MotionStudio 3D
2013-01-17 15:49 - 2012-12-12 23:03 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Ulead Systems
2013-01-16 16:18 - 2010-06-27 19:33 - 00007592 ____A C:\Users\urflamingo\AppData\Local\d3d9caps.dat
2013-01-15 19:54 - 2012-03-19 12:57 - 00000000 ____D C:\Program Files\McAfee
2013-01-14 23:37 - 2013-01-14 23:21 - 00024576 ____A C:\Users\urflamingo\Documents\verguetungssysteme.dsam
2013-01-14 23:23 - 2010-05-05 17:28 - 00322760 ___AH C:\Windows\System32\mlfcache.dat
2013-01-14 23:13 - 2013-01-14 23:13 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42 (1).air
2013-01-14 18:24 - 2013-01-14 16:25 - 00005132 ____A C:\Users\urflamingo\Downloads\sitescripts.php
2013-01-14 13:43 - 2009-08-13 08:14 - 00143914 ____A C:\Users\All Users\nvModes.dat
2013-01-14 00:34 - 2013-01-14 00:34 - 00002269 ____R C:\Windows\E-MailVerifier_Uninstall.in
2013-01-14 00:34 - 2013-01-14 00:34 - 00000715 ____A C:\Users\urflamingo\Desktop\E-MailVerifier.lnk
2013-01-14 00:34 - 2013-01-14 00:34 - 00000000 ____D C:\Program Files\E-MailVerifier
2013-01-14 00:33 - 2013-01-14 00:33 - 00003306 ____R C:\Windows\SuperMailer_Uninstall.in
2013-01-14 00:33 - 2013-01-14 00:33 - 00000695 ____A C:\Users\urflamingo\Desktop\SuperMailer.lnk
2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\SuperMailer
2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Program Files\SuperMailer
2013-01-13 18:05 - 2013-01-13 18:05 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2013-01-13 18:04 - 2013-01-13 18:04 - 00000776 ____A C:\Users\Public\Desktop\Market Samurai.lnk
2013-01-13 18:03 - 2013-01-13 18:03 - 00000000 ____D C:\Program Files\Market Samurai
2013-01-13 17:59 - 2013-01-13 17:59 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42.air
2013-01-11 16:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-11 14:40 - 2013-01-11 14:39 - 01054871 ____A C:\Users\urflamingo\Downloads\MLMpro_D.zip
2013-01-10 14:57 - 2013-01-10 14:54 - 344471060 ____A C:\Users\urflamingo\Downloads\starter-mitglied-856024.zip
2013-01-10 14:33 - 2006-11-02 11:23 - 00000275 ____A C:\Windows\win.ini
2013-01-10 14:15 - 2013-01-10 14:14 - 00276140 ____A C:\Windows\msxml4-KB2758694-enu.LOG
2013-01-10 13:48 - 2006-11-02 11:24 - 65273848 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-12 12:25] - [2012-08-21 12:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3065.94 MB
Available physical RAM: 2485.23 MB
Total Pagefile: 10929.88 MB
Available Pagefile: 10573.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.89 MB

==================== Partitions =============================

1 Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:35.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:178.85 GB) (Free:100.95 GB) NTFS
3 Drive e: (DATA) (Fixed) (Total:140.5 GB) (Free:86.21 GB) NTFS
4 Drive f: () (Removable) (Total:3.84 GB) (Free:1.67 GB) FAT32
6 Drive h: (DATA) (Fixed) (Total:59.65 GB) (Free:55.37 GB) NTFS
7 Drive i: () (Removable) (Total:3.69 GB) (Free:3.23 GB) FAT32
8 Drive j: (DATA) (Fixed) (Total:59.58 GB) (Free:59.49 GB) NTFS

Datentr ### Status GrӇe Frei Dyn GPT
-------- ---------- ------- ------- --- ---
0 Online 298 GB 0 B
1 Online 298 GB 0 B
2 Online 3782 MB 0 B
3 Online 3935 MB 0 B



Last Boot: 2013-02-09 18:05

==================== End Of Log ============================

Soll ich hinsichtlich der OTL noch etwas machen?

Gruß urflamingo

Alt 09.02.2013, 20:50   #12
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Servus,



du kannst immer noch nicht normal starten, oder?



Irgendwie hat das mit FRST nicht so wirklich geklappt. Kannst du bitte nochmal in den Reparatur Optionen starten, nichts anderes tun und FRST wie in meiner Anleitung beschrieben nochmal ausführen?

Alt 09.02.2013, 21:09   #13
urflamingo
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Hallo Matthias,

irgendwie ist meine Antwort von eben ja gar nicht im Thread.
Für den Fall, dass Du sie nicht wirklich erhalten hast,
hier noch einmal die

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-02-2013
Ran by urflamingo at 09-02-2013 20:33:20
Running from F:\
Service Pack 2 (X86) OS Language: German Standard
Attention: Could not load system hive.
FEHLER: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-02-09 18:57 - 2013-02-09 18:57 - 00042254 ____A C:\Users\urflamingo\Downloads\Aktivierungshinweise_Gold_Mitgliedschaft.zip
2013-02-09 16:43 - 2013-02-09 16:43 - 00000000 ___DC C:\_OTL
2013-02-09 12:32 - 2013-02-09 12:32 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller (1).exe
2013-02-09 12:31 - 2013-02-09 12:31 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller.exe
2013-02-09 12:26 - 2013-02-09 12:27 - 04732416 ____A (AVAST Software) C:\Users\urflamingo\Downloads\aswMBR.exe
2013-02-08 20:34 - 2013-02-08 20:34 - 00000000 ____D C:\Users\urflamingo\Downloads\covertplayer_pro
2013-02-08 14:40 - 2013-02-08 14:40 - 00026095 ___AC C:\ComboFix.txt
2013-02-08 13:54 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2013-02-08 13:54 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2013-02-08 13:54 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-02-08 13:54 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-02-08 13:54 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-02-08 13:54 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2013-02-08 13:54 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2013-02-08 13:54 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2013-02-08 13:43 - 2013-02-08 14:40 - 00000000 ___DC C:\Qoobox
2013-02-08 13:42 - 2013-02-08 14:38 - 00000000 ____D C:\Windows\erdnt
2013-02-08 13:41 - 2013-02-08 13:41 - 05030592 ___RA (Swearware) C:\Users\urflamingo\Downloads\ComboFix.exe
2013-02-08 00:02 - 2013-02-08 00:02 - 00001199 ___AC C:\AdwCleaner[R1].txt
2013-02-07 23:10 - 2013-02-07 23:10 - 00582209 ____A C:\Users\urflamingo\Downloads\adwcleaner.exe
2013-02-07 23:07 - 2013-02-07 23:07 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE(1).exe
2013-02-07 23:06 - 2013-02-07 23:06 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE.exe
2013-02-07 23:06 - 2013-02-07 23:06 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-07 22:54 - 2013-02-07 22:54 - 00060754 ____A C:\Users\urflamingo\Desktop\JRT.txt
2013-02-07 22:50 - 2013-02-07 22:50 - 00000000 ____D C:\Windows\ERUNT
2013-02-07 22:48 - 2013-02-07 22:48 - 00000000 ___DC C:\JRT
2013-02-07 22:47 - 2013-02-07 22:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\Nicht bestätigt 518278.crdownload
2013-02-07 22:46 - 2013-02-07 22:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\JRT.exe
2013-02-07 21:05 - 2013-02-07 21:05 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1 (1).txt
2013-02-07 21:04 - 2013-02-07 21:04 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1.txt
2013-02-07 14:57 - 2013-02-07 14:57 - 00097512 ____A C:\Users\urflamingo\Downloads\Extras.Txt
2013-02-07 14:56 - 2013-02-09 16:33 - 00157902 ____A C:\Users\urflamingo\Downloads\OTL.Txt
2013-02-07 14:40 - 2013-02-07 14:40 - 00365568 ____A C:\Users\urflamingo\Downloads\gmer_2.0.18454.exe
2013-02-07 14:19 - 2013-02-07 14:19 - 00602112 ____A (OldTimer Tools) C:\Users\urflamingo\Downloads\OTL.exe
2013-02-07 14:14 - 2013-02-07 14:15 - 00000482 ____A C:\Users\urflamingo\Downloads\defogger_disable.log
2013-02-07 14:14 - 2013-02-07 14:14 - 00000000 ____A C:\Users\urflamingo\defogger_reenable
2013-02-07 14:12 - 2013-02-07 14:13 - 00050477 ____A C:\Users\urflamingo\Downloads\Defogger.exe
2013-02-07 00:22 - 2013-02-07 00:22 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-02-07 00:21 - 2012-12-14 16:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-02-06 21:56 - 2013-02-07 00:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Malwarebytes
2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-06 21:54 - 2013-02-06 21:54 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\urflamingo\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-06 18:51 - 2013-02-06 18:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-02-05 18:31 - 2013-02-05 18:31 - 00351281 ____A C:\Users\urflamingo\Downloads\covertplayer_pro.zip
2013-02-05 18:10 - 2013-02-05 18:11 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\vlc
2013-02-05 18:09 - 2013-02-05 18:09 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-02-05 18:08 - 2013-02-05 18:08 - 00000000 ____D C:\Program Files\VideoLAN
2013-02-05 18:07 - 2013-02-05 18:07 - 22916830 ____A C:\Users\urflamingo\Downloads\vlc-2.0.5-win32.exe
2013-02-03 12:05 - 2013-02-03 12:04 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-02-03 12:05 - 2013-02-03 12:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-02-03 12:05 - 2013-02-03 12:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-02-03 12:05 - 2013-02-03 12:04 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-01-31 17:39 - 2013-01-31 17:39 - 00001875 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-01-30 23:42 - 2013-01-30 23:42 - 00000840 ____A C:\Users\urflamingo\Desktop\CdCoverCreator.lnk
2013-01-30 23:42 - 2013-01-30 23:42 - 00000000 ____D C:\Program Files\CdCoverCreator
2013-01-30 23:41 - 2013-01-30 23:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3 (1).exe
2013-01-30 23:40 - 2013-01-30 23:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3.exe
2013-01-30 23:39 - 2013-01-30 23:39 - 00970480 ____A C:\Users\urflamingo\Downloads\setup (3).exe
2013-01-30 23:23 - 2013-01-30 23:23 - 00581184 ____A (www.download-sponsor.de) C:\Users\urflamingo\Downloads\Nicht bestätigt 154015.crdownload
2013-01-30 23:18 - 2013-01-30 23:18 - 00000756 ____A C:\Users\urflamingo\Desktop\MiPony.lnk
2013-01-30 23:18 - 2013-01-30 23:18 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\DSite
2013-01-30 23:17 - 2013-01-30 23:17 - 00663824 ____A C:\Users\urflamingo\Downloads\DownloadAcceleratorSetup.exe
2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c.exe
2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c (1).exe
2013-01-30 16:25 - 2013-01-30 16:25 - 00000000 ____D C:\Users\urflamingo\Corel
2013-01-30 16:19 - 2013-01-30 16:19 - 00000040 ___AH C:\Windows\System32\ivireg.ivr
2013-01-30 16:18 - 2013-01-30 16:18 - 00001734 ____A C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk
2013-01-30 16:18 - 2010-11-16 16:24 - 00013880 ____A (InterVideo) C:\Windows\System32\Drivers\regi.sys
2013-01-30 16:04 - 2013-01-30 16:06 - 123908088 ____A (Acresso Software Inc.) C:\Users\urflamingo\Downloads\WinDVD11_Pro_TBYB.exe
2013-01-28 19:05 - 2013-01-28 19:05 - 00000000 ____D C:\Users\urflamingo\Documents\Nero
2013-01-28 19:04 - 2013-01-30 19:29 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-01-28 19:01 - 2013-01-28 19:01 - 00000000 ____D C:\Program Files\Common Files\Nero
2013-01-28 19:00 - 2013-01-28 19:03 - 00000000 ____D C:\Users\All Users\Nero
2013-01-28 18:57 - 2013-01-28 19:03 - 00000000 ____D C:\Program Files\Nero
2013-01-28 13:29 - 2013-01-28 13:29 - 00803471 ____A C:\Users\urflamingo\Downloads\label.psd
2013-01-25 19:30 - 2013-01-25 19:32 - 00000000 ____D C:\Users\urflamingo\Downloads\WP Plugins Chrisler Azon
2013-01-25 13:52 - 2013-01-25 13:52 - 08507373 ____A C:\Users\urflamingo\Downloads\pitch_me_your_idea_2003_2493.zip
2013-01-22 21:21 - 2013-01-22 21:21 - 00000000 ____D C:\Users\urflamingo\Documents\Recordpad
2013-01-19 19:19 - 2013-01-19 19:22 - 90257957 ____A C:\Users\urflamingo\Downloads\LeadGenTsunami.mp4
2013-01-19 17:41 - 2013-01-19 17:41 - 03041739 ____A C:\Users\urflamingo\Downloads\quiz2.zip
2013-01-19 17:40 - 2013-02-05 18:31 - 00000000 ____D C:\Users\urflamingo\Downloads\JVZoo
2013-01-19 01:30 - 2013-01-19 01:30 - 01864128 ____A ( ) C:\Users\urflamingo\Downloads\MiracleSqueezePageBuilder.exe
2013-01-19 01:30 - 2013-01-19 01:30 - 00001799 ____A C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk
2013-01-19 01:30 - 2013-01-19 01:30 - 00000000 ____D C:\Program Files\Miracle Squeeze Page Builder
2013-01-19 01:23 - 2013-01-19 01:23 - 00000841 ____A C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk
2013-01-19 01:23 - 2013-01-19 01:23 - 00000000 ____D C:\Program Files\PinDetective
2013-01-19 01:22 - 2013-01-19 01:22 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2(1).exe
2013-01-19 01:21 - 2013-01-19 01:21 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2.exe
2013-01-19 01:13 - 2013-01-19 01:13 - 00001069 ____A C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk
2013-01-19 01:13 - 2013-01-19 01:13 - 00000000 ____D C:\Program Files\PinAutomation - Affiliate Robot
2013-01-19 01:12 - 2013-01-19 01:12 - 00398725 ____A ( ) C:\Users\urflamingo\Downloads\AffiliateRobot-Setup.exe
2013-01-18 16:28 - 2013-01-18 16:28 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus
2013-01-18 14:56 - 2013-01-18 14:56 - 00000970 ____A C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk
2013-01-18 14:21 - 2013-01-18 14:22 - 00004555 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log
2013-01-18 01:40 - 2013-01-18 01:40 - 00000000 ____D C:\Program Files\Citrix
2013-01-17 18:36 - 2013-01-17 18:36 - 00029053 ____A C:\Users\urflamingo\Documents\Versuch1.ffd
2013-01-17 16:33 - 2013-01-17 16:34 - 00000046 ____A C:\Windows\Speed.INI
2013-01-17 16:33 - 2013-01-17 16:34 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX Speed
2013-01-17 15:50 - 2013-01-17 15:50 - 00000024 ____A C:\Windows\System32\DKRNL.JAX
2013-01-17 15:50 - 2013-01-17 15:50 - 00000000 ____D C:\Users\urflamingo\Documents\Corel MotionStudio 3D
2013-01-14 23:21 - 2013-01-14 23:37 - 00024576 ____A C:\Users\urflamingo\Documents\verguetungssysteme.dsam
2013-01-14 23:13 - 2013-01-14 23:13 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42 (1).air
2013-01-14 16:25 - 2013-01-14 18:24 - 00005132 ____A C:\Users\urflamingo\Downloads\sitescripts.php
2013-01-14 00:34 - 2013-01-14 00:34 - 00002269 ____R C:\Windows\E-MailVerifier_Uninstall.in
2013-01-14 00:34 - 2013-01-14 00:34 - 00000715 ____A C:\Users\urflamingo\Desktop\E-MailVerifier.lnk
2013-01-14 00:34 - 2013-01-14 00:34 - 00000000 ____D C:\Program Files\E-MailVerifier
2013-01-14 00:34 - 2010-02-02 12:30 - 00331136 ____A (Mirko Böer) C:\Windows\EMVUn.EXE
2013-01-14 00:33 - 2013-01-14 00:33 - 00003306 ____R C:\Windows\SuperMailer_Uninstall.in
2013-01-14 00:33 - 2013-01-14 00:33 - 00000695 ____A C:\Users\urflamingo\Desktop\SuperMailer.lnk
2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\SuperMailer
2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Program Files\SuperMailer
2013-01-14 00:33 - 2010-03-17 10:45 - 00331136 ____A (Mirko Böer) C:\Windows\SMUn.EXE
2013-01-13 18:05 - 2013-01-13 18:05 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2013-01-13 18:04 - 2013-01-13 18:04 - 00000776 ____A C:\Users\Public\Desktop\Market Samurai.lnk
2013-01-13 18:03 - 2013-01-13 18:03 - 00000000 ____D C:\Program Files\Market Samurai
2013-01-13 17:59 - 2013-01-13 17:59 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42.air
2013-01-11 14:39 - 2013-01-11 14:40 - 01054871 ____A C:\Users\urflamingo\Downloads\MLMpro_D.zip
2013-01-10 14:54 - 2013-01-10 14:57 - 344471060 ____A C:\Users\urflamingo\Downloads\starter-mitglied-856024.zip
2013-01-10 14:14 - 2013-01-10 14:15 - 00276140 ____A C:\Windows\msxml4-KB2758694-enu.LOG


==================== One Month Modified Files and Folders ========

2013-02-09 20:33 - 2013-02-09 20:33 - 00000000 ___DC C:\FRST
2013-02-09 20:30 - 2008-01-21 03:47 - 20969324 ____A C:\Windows\PFRO.log
2013-02-09 20:19 - 2009-11-15 21:28 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-09 20:17 - 2009-08-13 10:31 - 00143914 ____A C:\Users\All Users\nvModes.001
2013-02-09 20:17 - 2008-09-09 03:07 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2013-02-09 20:17 - 2008-07-30 03:13 - 00000147 ____A C:\Windows\System32\agent.log
2013-02-09 20:17 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-09 20:17 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-09 20:17 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-09 18:57 - 2013-02-09 18:57 - 00042254 ____A C:\Users\urflamingo\Downloads\Aktivierungshinweise_Gold_Mitgliedschaft.zip
2013-02-09 18:52 - 2012-01-19 17:46 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\PDF Software
2013-02-09 17:54 - 2012-05-29 16:33 - 00001699 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-02-09 16:43 - 2013-02-09 16:43 - 00000000 ___DC C:\_OTL
2013-02-09 16:33 - 2013-02-07 14:56 - 00157902 ____A C:\Users\urflamingo\Downloads\OTL.Txt
2013-02-09 13:17 - 2012-12-26 20:39 - 00000338 ____A C:\Windows\Tasks\DriverScanner.job
2013-02-09 13:17 - 2009-11-15 21:28 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-09 12:43 - 2008-10-04 22:22 - 00075264 ____A C:\Users\urflamingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-09 12:32 - 2013-02-09 12:32 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller (1).exe
2013-02-09 12:31 - 2013-02-09 12:31 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller.exe
2013-02-09 12:27 - 2013-02-09 12:26 - 04732416 ____A (AVAST Software) C:\Users\urflamingo\Downloads\aswMBR.exe
2013-02-08 21:14 - 2010-02-22 04:07 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\FileZilla
2013-02-08 20:34 - 2013-02-08 20:34 - 00000000 ____D C:\Users\urflamingo\Downloads\covertplayer_pro
2013-02-08 14:40 - 2013-02-08 14:40 - 00026095 ___AC C:\ComboFix.txt
2013-02-08 14:40 - 2013-02-08 13:43 - 00000000 ___DC C:\Qoobox
2013-02-08 14:40 - 2006-11-02 12:18 - 00000000 ___RD C:\users\Public
2013-02-08 14:38 - 2013-02-08 13:42 - 00000000 ____D C:\Windows\erdnt
2013-02-08 14:32 - 2006-11-02 11:23 - 00000215 ___AC C:\Windows\system.ini
2013-02-08 14:21 - 2008-10-04 15:09 - 00000000 ____D C:\users\urflamingo
2013-02-08 13:41 - 2013-02-08 13:41 - 05030592 ___RA (Swearware) C:\Users\urflamingo\Downloads\ComboFix.exe
2013-02-08 00:02 - 2013-02-08 00:02 - 00001199 ___AC C:\AdwCleaner[R1].txt
2013-02-07 23:43 - 2012-07-31 13:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-07 23:10 - 2013-02-07 23:10 - 00582209 ____A C:\Users\urflamingo\Downloads\adwcleaner.exe
2013-02-07 23:07 - 2013-02-07 23:07 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE(1).exe
2013-02-07 23:06 - 2013-02-07 23:06 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE.exe
2013-02-07 23:06 - 2013-02-07 23:06 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-07 22:54 - 2013-02-07 22:54 - 00060754 ____A C:\Users\urflamingo\Desktop\JRT.txt
2013-02-07 22:50 - 2013-02-07 22:50 - 00000000 ____D C:\Windows\ERUNT
2013-02-07 22:48 - 2013-02-07 22:48 - 00000000 ___DC C:\JRT
2013-02-07 22:47 - 2013-02-07 22:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\Nicht bestätigt 518278.crdownload
2013-02-07 22:47 - 2013-02-07 22:46 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\JRT.exe
2013-02-07 21:25 - 2006-11-02 13:47 - 00634760 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-07 21:05 - 2013-02-07 21:05 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1 (1).txt
2013-02-07 21:04 - 2013-02-07 21:04 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1.txt
2013-02-07 14:57 - 2013-02-07 14:57 - 00097512 ____A C:\Users\urflamingo\Downloads\Extras.Txt
2013-02-07 14:40 - 2013-02-07 14:40 - 00365568 ____A C:\Users\urflamingo\Downloads\gmer_2.0.18454.exe
2013-02-07 14:19 - 2013-02-07 14:19 - 00602112 ____A (OldTimer Tools) C:\Users\urflamingo\Downloads\OTL.exe
2013-02-07 14:15 - 2013-02-07 14:14 - 00000482 ____A C:\Users\urflamingo\Downloads\defogger_disable.log
2013-02-07 14:14 - 2013-02-07 14:14 - 00000000 ____A C:\Users\urflamingo\defogger_reenable
2013-02-07 14:13 - 2013-02-07 14:12 - 00050477 ____A C:\Users\urflamingo\Downloads\Defogger.exe
2013-02-07 01:17 - 2008-09-09 02:52 - 01770546 ____A C:\Windows\WindowsUpdate.log
2013-02-07 01:17 - 2006-11-02 14:01 - 00032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-07 00:22 - 2013-02-07 00:22 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-02-07 00:22 - 2013-02-06 21:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-02-07 00:11 - 2012-12-13 21:32 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-02-07 00:08 - 2012-12-12 12:50 - 00000000 ___RD C:\Users\urflamingo\Dropbox
2013-02-07 00:08 - 2012-12-12 12:45 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Dropbox
2013-02-06 23:37 - 2008-01-21 08:16 - 01673560 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Malwarebytes
2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-06 21:54 - 2013-02-06 21:54 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\urflamingo\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-06 21:49 - 2012-05-02 16:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-02-06 19:19 - 2010-11-14 23:58 - 33997193 ____A C:\Users\urflamingo\Downloads\otopaket.zip
2013-02-06 18:54 - 2013-02-06 18:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-02-06 18:00 - 2010-10-23 14:56 - 00000304 ____A C:\Windows\Tasks\next.job
2013-02-06 18:00 - 2009-08-03 09:23 - 00000452 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2013-02-05 20:06 - 2012-12-13 23:21 - 00000000 ____D C:\Users\urflamingo\AppData\Local\CrashDumps
2013-02-05 18:31 - 2013-02-05 18:31 - 00351281 ____A C:\Users\urflamingo\Downloads\covertplayer_pro.zip
2013-02-05 18:31 - 2013-01-19 17:40 - 00000000 ____D C:\Users\urflamingo\Downloads\JVZoo
2013-02-05 18:11 - 2013-02-05 18:10 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\vlc
2013-02-05 18:09 - 2013-02-05 18:09 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-02-05 18:08 - 2013-02-05 18:08 - 00000000 ____D C:\Program Files\VideoLAN
2013-02-05 18:07 - 2013-02-05 18:07 - 22916830 ____A C:\Users\urflamingo\Downloads\vlc-2.0.5-win32.exe
2013-02-04 23:03 - 2012-01-19 18:06 - 00000000 ____D C:\Users\urflamingo\Documents\PDF Suite 2012 Files
2013-02-04 21:14 - 2010-11-30 17:57 - 00000000 ____D C:\Program Files\Common Files\ArcSoft
2013-02-04 21:14 - 2008-07-30 02:22 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-02-03 12:04 - 2013-02-03 12:05 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-02-03 12:04 - 2013-02-03 12:05 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-02-03 12:04 - 2013-02-03 12:05 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-02-03 12:04 - 2013-02-03 12:05 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-02-03 12:04 - 2012-11-06 16:51 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-02-03 12:04 - 2011-07-11 11:52 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-02-03 11:56 - 2012-12-12 12:50 - 00000938 ____A C:\Users\urflamingo\Desktop\Dropbox.lnk
2013-02-03 11:55 - 2010-03-01 20:26 - 00047104 ____A C:\Users\urflamingo\AppData\Local\WebpageIcons.db
2013-01-31 17:39 - 2013-01-31 17:39 - 00001875 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-01-31 17:39 - 2012-11-09 16:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-01-31 00:37 - 2010-02-09 21:58 - 00004096 ____A C:\Users\Public\Documents\00000ED4.LCS
2013-01-30 23:42 - 2013-01-30 23:42 - 00000840 ____A C:\Users\urflamingo\Desktop\CdCoverCreator.lnk
2013-01-30 23:42 - 2013-01-30 23:42 - 00000000 ____D C:\Program Files\CdCoverCreator
2013-01-30 23:41 - 2013-01-30 23:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3 (1).exe
2013-01-30 23:41 - 2013-01-30 23:40 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3.exe
2013-01-30 23:39 - 2013-01-30 23:39 - 00970480 ____A C:\Users\urflamingo\Downloads\setup (3).exe
2013-01-30 23:23 - 2013-01-30 23:23 - 00581184 ____A (www.download-sponsor.de) C:\Users\urflamingo\Downloads\Nicht bestätigt 154015.crdownload
2013-01-30 23:18 - 2013-01-30 23:18 - 00000756 ____A C:\Users\urflamingo\Desktop\MiPony.lnk
2013-01-30 23:18 - 2013-01-30 23:18 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\DSite
2013-01-30 23:17 - 2013-01-30 23:17 - 00663824 ____A C:\Users\urflamingo\Downloads\DownloadAcceleratorSetup.exe
2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c.exe
2013-01-30 23:14 - 2013-01-30 23:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c (1).exe
2013-01-30 19:29 - 2013-01-28 19:04 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-01-30 16:46 - 2012-01-02 23:38 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Corel
2013-01-30 16:25 - 2013-01-30 16:25 - 00000000 ____D C:\Users\urflamingo\Corel
2013-01-30 16:20 - 2012-12-12 21:09 - 00000000 ____D C:\Users\All Users\Corel
2013-01-30 16:19 - 2013-01-30 16:19 - 00000040 ___AH C:\Windows\System32\ivireg.ivr
2013-01-30 16:18 - 2013-01-30 16:18 - 00001734 ____A C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk
2013-01-30 16:17 - 2012-12-12 21:00 - 00000000 ____D C:\Program Files\Corel
2013-01-30 16:06 - 2013-01-30 16:04 - 123908088 ____A (Acresso Software Inc.) C:\Users\urflamingo\Downloads\WinDVD11_Pro_TBYB.exe
2013-01-30 12:38 - 2009-08-03 09:23 - 00000426 ____A C:\Windows\Tasks\ParetoLogic Update Version2.job
2013-01-28 19:05 - 2013-01-28 19:05 - 00000000 ____D C:\Users\urflamingo\Documents\Nero
2013-01-28 19:03 - 2013-01-28 19:00 - 00000000 ____D C:\Users\All Users\Nero
2013-01-28 19:03 - 2013-01-28 18:57 - 00000000 ____D C:\Program Files\Nero
2013-01-28 19:01 - 2013-01-28 19:01 - 00000000 ____D C:\Program Files\Common Files\Nero
2013-01-28 16:31 - 2012-02-16 17:39 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX
2013-01-28 13:29 - 2013-01-28 13:29 - 00803471 ____A C:\Users\urflamingo\Downloads\label.psd
2013-01-25 19:32 - 2013-01-25 19:30 - 00000000 ____D C:\Users\urflamingo\Downloads\WP Plugins Chrisler Azon
2013-01-25 13:52 - 2013-01-25 13:52 - 08507373 ____A C:\Users\urflamingo\Downloads\pitch_me_your_idea_2003_2493.zip
2013-01-22 23:10 - 2010-11-28 16:00 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Audacity
2013-01-22 21:21 - 2013-01-22 21:21 - 00000000 ____D C:\Users\urflamingo\Documents\Recordpad
2013-01-20 15:41 - 2012-12-12 21:22 - 00000000 ____D C:\Users\All Users\SmartSound Software Inc
2013-01-19 19:22 - 2013-01-19 19:19 - 90257957 ____A C:\Users\urflamingo\Downloads\LeadGenTsunami.mp4
2013-01-19 17:41 - 2013-01-19 17:41 - 03041739 ____A C:\Users\urflamingo\Downloads\quiz2.zip
2013-01-19 01:42 - 2010-05-31 17:08 - 00000206 ____A C:\Windows\EurekaLog.ini
2013-01-19 01:30 - 2013-01-19 01:30 - 01864128 ____A ( ) C:\Users\urflamingo\Downloads\MiracleSqueezePageBuilder.exe
2013-01-19 01:30 - 2013-01-19 01:30 - 00001799 ____A C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk
2013-01-19 01:30 - 2013-01-19 01:30 - 00000000 ____D C:\Program Files\Miracle Squeeze Page Builder
2013-01-19 01:23 - 2013-01-19 01:23 - 00000841 ____A C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk
2013-01-19 01:23 - 2013-01-19 01:23 - 00000000 ____D C:\Program Files\PinDetective
2013-01-19 01:22 - 2013-01-19 01:22 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2(1).exe
2013-01-19 01:21 - 2013-01-19 01:21 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2.exe
2013-01-19 01:13 - 2013-01-19 01:13 - 00001069 ____A C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk
2013-01-19 01:13 - 2013-01-19 01:13 - 00000000 ____D C:\Program Files\PinAutomation - Affiliate Robot
2013-01-19 01:12 - 2013-01-19 01:12 - 00398725 ____A ( ) C:\Users\urflamingo\Downloads\AffiliateRobot-Setup.exe
2013-01-18 22:51 - 2009-08-06 21:00 - 00000000 ____D C:\Users\urflamingo\Documents\Camtasia Studio
2013-01-18 16:28 - 2013-01-18 16:28 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus
2013-01-18 14:58 - 2008-10-19 20:55 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\AVS4YOU
2013-01-18 14:57 - 2008-10-19 20:51 - 00000000 ____D C:\Program Files\AVS4YOU
2013-01-18 14:56 - 2013-01-18 14:56 - 00000970 ____A C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk
2013-01-18 14:22 - 2013-01-18 14:21 - 00004555 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log
2013-01-18 14:22 - 2009-08-01 19:08 - 00000000 ____D C:\Program Files\Java
2013-01-18 01:40 - 2013-01-18 01:40 - 00000000 ____D C:\Program Files\Citrix
2013-01-17 18:36 - 2013-01-17 18:36 - 00029053 ____A C:\Users\urflamingo\Documents\Versuch1.ffd
2013-01-17 16:34 - 2013-01-17 16:33 - 00000046 ____A C:\Windows\Speed.INI
2013-01-17 16:34 - 2013-01-17 16:33 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX Speed
2013-01-17 15:50 - 2013-01-17 15:50 - 00000024 ____A C:\Windows\System32\DKRNL.JAX
2013-01-17 15:50 - 2013-01-17 15:50 - 00000000 ____D C:\Users\urflamingo\Documents\Corel MotionStudio 3D
2013-01-17 15:49 - 2012-12-12 23:03 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Ulead Systems
2013-01-16 16:18 - 2010-06-27 19:33 - 00007592 ____A C:\Users\urflamingo\AppData\Local\d3d9caps.dat
2013-01-15 19:54 - 2012-03-19 12:57 - 00000000 ____D C:\Program Files\McAfee
2013-01-14 23:37 - 2013-01-14 23:21 - 00024576 ____A C:\Users\urflamingo\Documents\verguetungssysteme.dsam
2013-01-14 23:23 - 2010-05-05 17:28 - 00322760 ___AH C:\Windows\System32\mlfcache.dat
2013-01-14 23:13 - 2013-01-14 23:13 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42 (1).air
2013-01-14 18:24 - 2013-01-14 16:25 - 00005132 ____A C:\Users\urflamingo\Downloads\sitescripts.php
2013-01-14 13:43 - 2009-08-13 08:14 - 00143914 ____A C:\Users\All Users\nvModes.dat
2013-01-14 00:34 - 2013-01-14 00:34 - 00002269 ____R C:\Windows\E-MailVerifier_Uninstall.in
2013-01-14 00:34 - 2013-01-14 00:34 - 00000715 ____A C:\Users\urflamingo\Desktop\E-MailVerifier.lnk
2013-01-14 00:34 - 2013-01-14 00:34 - 00000000 ____D C:\Program Files\E-MailVerifier
2013-01-14 00:33 - 2013-01-14 00:33 - 00003306 ____R C:\Windows\SuperMailer_Uninstall.in
2013-01-14 00:33 - 2013-01-14 00:33 - 00000695 ____A C:\Users\urflamingo\Desktop\SuperMailer.lnk
2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\SuperMailer
2013-01-14 00:33 - 2013-01-14 00:33 - 00000000 ____D C:\Program Files\SuperMailer
2013-01-13 18:05 - 2013-01-13 18:05 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2013-01-13 18:04 - 2013-01-13 18:04 - 00000776 ____A C:\Users\Public\Desktop\Market Samurai.lnk
2013-01-13 18:03 - 2013-01-13 18:03 - 00000000 ____D C:\Program Files\Market Samurai
2013-01-13 17:59 - 2013-01-13 17:59 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42.air
2013-01-11 16:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-11 14:40 - 2013-01-11 14:39 - 01054871 ____A C:\Users\urflamingo\Downloads\MLMpro_D.zip
2013-01-10 14:57 - 2013-01-10 14:54 - 344471060 ____A C:\Users\urflamingo\Downloads\starter-mitglied-856024.zip
2013-01-10 14:33 - 2006-11-02 11:23 - 00000275 ____A C:\Windows\win.ini
2013-01-10 14:15 - 2013-01-10 14:14 - 00276140 ____A C:\Windows\msxml4-KB2758694-enu.LOG
2013-01-10 13:48 - 2006-11-02 11:24 - 65273848 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-12 12:25] - [2012-08-21 12:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3065.94 MB
Available physical RAM: 2485.23 MB
Total Pagefile: 10929.88 MB
Available Pagefile: 10573.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.89 MB

==================== Partitions =============================

1 Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:35.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:178.85 GB) (Free:100.95 GB) NTFS
3 Drive e: (DATA) (Fixed) (Total:140.5 GB) (Free:86.21 GB) NTFS
4 Drive f: () (Removable) (Total:3.84 GB) (Free:1.67 GB) FAT32
6 Drive h: (DATA) (Fixed) (Total:59.65 GB) (Free:55.37 GB) NTFS
7 Drive i: () (Removable) (Total:3.69 GB) (Free:3.23 GB) FAT32
8 Drive j: (DATA) (Fixed) (Total:59.58 GB) (Free:59.49 GB) NTFS

Datentr ### Status GrӇe Frei Dyn GPT
-------- ---------- ------- ------- --- ---
0 Online 298 GB 0 B
1 Online 298 GB 0 B
2 Online 3782 MB 0 B
3 Online 3935 MB 0 B



Last Boot: 2013-02-09 18:05

==================== End Of Log ============================

Hast Du die schon gehabt?

Ich hatte die Datei
vom Desktop aus unter .... Ausführen gestartet.

Zunächst hatte ich den Befehl in dem Reparatur-Tableau eingegeben. Aber da erhielt ich die Fehlermeldung:

... is not required as an internal or external command

Was kann ich falsch gemacht haben?

Normalstart geht leider noch immer nicht.

Ich hatte eben noch nicht gecheckt, dass ein Umbruch auf Seite 2 stattgefunden hatte. Deshalb das wiederholte Posting.

Bitte schau Dir doch noch einmal die Vorgehensbeschreibung zu FRST an. Da kriege ich irgendwie keinen Sinn rein.

Nach "Command Prompt" öffnet sich ein System-Bildschirm.
Da gebe ich "notepad" ein und es öffnet sich eine neue Datei in Notepad.

Und was passiert jetzt? Muss ich da jetzt etwas eingeben? Oder hat das Ganze mit "speichern unter" nur den Zweck, den Laufwerks-Buchstaben herauszukriegen? Soll ich hier eine Leere Datei speichern? Wenn ja, unter welchem Namen?

Wenn alles nur wegen des LW-Buchstabens war: Wie geht es denn jetzt nach "Notepad schließen" weiter? Wo soll ich F:\FRST.exe eingeben?

Die Systemantwort in Command Prompt lautete übrigens komplett: ".. is not recognized as an internal or external command, operable program or batch"

Hast Du noch eine Idee?

Gruß urflamingo

Alt 10.02.2013, 12:35   #14
M-K-D-B
/// TB-Ausbilder
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Servus,


die Eingabe von notepad in die Eingabeaufforderung dient nur zur Ermittlung des Laufwerkbuchstabens, der zum USB-Stick gehört.

Laut dem geposteten Logfile ist dein USB-Stick Laufwerk F: !

Ich versuche nun die Anleitung nochmal etwas zu verdeutlichen, da ich denke, dass du FRST nicht richtig ausgeführt hast.

Bitte genau lesen:

  1. Vergewissere dich, dass sich auf dem USB-Stick die FRST.exe befindet (nicht in einem Ordner!)
  2. Du steckst den USB-Stick mit FRST an den Computer an und startest den Rechner.
  3. Du drückst mehrmals F8 und gelangst zum erweiterten Boot-Menü
  4. Dort wählst du Computer reparieren
  5. Du wählst das keyboard layout und meldest dich mit deinem Benutzernamen an.
  6. Unter Choose a recovery tool wählst du Command Prompt. Es öffnet sich ein schwarzes "Eingabefenster".
  7. Du gibst F:\FRST.exe ein und drückst auf Enter
    Solltest du eine Fehlermeldung erhalten, kannst du anstatt F: andere Laufwerkbuchstaben wie E: oder G: ausprobieren.
  8. Es wird ein Hinweis zu FRST (Disclaimer) erscheinen. Diesen bestätigst du mit Yes und dann siehst du das Fenster von FRST. Hier drückst du auf Scan.
  9. Du wirst eine Meldung erhalten, dass der Suchlauf beendet ist. Du schließt FRST, das Eingabefenster und fährst den Computer herunter.
  10. Du startest in den abgesicherten Modus mit Netzwerkunterstütung, öffnest deinen USB-Stick. Dort befindet sich neben der FRST.exe jetzt eine FRST.txt.
  11. Deren Inhalt bitte hier posten.
Alt 10.02.2013, 13:35   #15
urflamingo
 
Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Standard

Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


Hallo Matthias,

danke, danke, dass Du auch noch am Wochenende dran bleibst!

Die Reaktionen von Computern sind manchmal unergründlich.

Ich hatte auch vorher alles genau so gemacht wie beschrieben. Also kam auch wieder die vorher schon genannte Fehlermeldung "... is not recognized as .....command, operable program or batch"

Dann kam mir ein Gedanke. Ich habe den Stick an meinen anderen USB-Anschluss gesteckt, an dem vorher der Drucker war. Nun erschien "G" als Laufwerk. Und plötzlich ging es!

Hier der Inhalt der

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-02-2013
Ran by SYSTEM at 10-02-2013 13:08:21
Running from G:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [167936 2008-07-18] (Acer Corp.)
HKLM\...\Run: [TrayServer] C:\PROGRA~1\MAGIX\VIDEO_~2\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2008-03-25] (Hewlett-Packard)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-12] (Hewlett-Packard)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278648 2012-09-12] (McAfee, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM\...\Run: [CorelCreatorClient] C:\Program Files\Corel\Corel PDF Fusion\CorelCreatorClient.exe [667648 2012-04-25] (Global Graphics Software Ltd.)
HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Default User\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\urflamingo\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-10-04] (Google Inc.)
HKU\urflamingo\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\urflamingo\...\Run: [SMASH] "C:\Program Files\SoftMaker Office Professional 2012 (Trial)\smash.exe" [233507 2012-05-07] (SoftMaker Software GmbH)
HKU\urflamingo\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\urflamingo\...\Run: [DriverScanner] "C:\PROGRA~1\Uniblue\DRIVER~1\launcher.exe" delay 20000 [338296 2011-10-20] (Uniblue Systems Limited)
HKLM\...\RunOnce: [OTL] "C:\Users\urflamingo\Downloads\OTL.exe" [602112 2013-02-07] (OldTimer Tools)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.)

==================== Services (Whitelisted) ===================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [356352 2006-12-27] (AVM Berlin)
2 BUNAgentSvc; "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [16384 2008-03-03] (NewTech Infosystems, Inc.)
2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] ()
2 CloudBerry Backup Service; "C:\Program Files\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe" [32256 2012-03-02] (CloudBerry Lab Inc.)
3 CorelCreatorMessages; "C:\Windows\system32\CorelCreatorMessages.exe" [73728 2012-04-25] (Global Graphics Software Ltd)
2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-01] ()
2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [1840128 2011-05-24] (MAGIX AG)
3 FirebirdServerMAGIXInstance; "C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe" [2702848 2011-04-26] (MAGIX®)
2 gupdate1ca6630c49e7455; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-11-15] (Google Inc.)
2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3602432 2008-09-08] ()
2 LanmanWorkstation; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-20] (Microsoft Corporation)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe" [234776 2012-10-26] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [279048 2012-11-16] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [203400 2012-11-08] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [168880 2012-11-08] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [167344 2012-11-08] (McAfee, Inc.)
2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [110592 2007-12-06] ()
2 MOBKbackup; "C:\Program Files\McAfee Online Backup\MOBKbackup.exe" [229688 2010-04-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [769432 2012-07-13] (Nero AG)
2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
3 PDF Suite 2012 Helper Service; "C:\Program Files\PDF Suite 2012\HelperService.exe" [813960 2011-12-07] (Interactive Brands Inc.)
2 PDF Suite 2012 Service; "C:\Program Files\PDF Suite 2012\ConversionService.exe" [886664 2011-12-07] (Interactive Brands Inc.)
2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)
3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
2 PSI_SVC_2; "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [x]

==================== Drivers (Whitelisted) ====================

2 acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH)
3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-09-08] (Alfa Corporation)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [31576 2013-01-30] (AVG Technologies)
3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2006-12-27] (AVM Berlin)
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-11-08] (McAfee, Inc.)
3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2009-03-28] (DemoForge, LLC)
3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2006-12-27] (AVM GmbH)
3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [100736 2009-06-22] (Huawei Technologies Co., Ltd.)
2 int15; \??\C:\Windows\system32\drivers\int15.sys [69632 2007-01-25] ()
3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47104 2008-05-19] (Atheros Communications, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [64832 2012-09-14] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [132912 2012-11-08] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [234824 2012-11-08] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65488 2012-11-08] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [362640 2012-11-08] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565352 2012-11-08] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-11-08] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210136 2012-11-08] (McAfee, Inc.)
1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
2 regi; \??\C:\Windows\system32\drivers\regi.sys [13880 2010-11-16] (InterVideo)
3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-27] (Winbond Electronics Corporation)
2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz132; \??\C:\Users\URFLAM~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-02-09 09:57 - 2013-02-09 09:57 - 00042254 ____A C:\Users\urflamingo\Downloads\Aktivierungshinweise_Gold_Mitgliedschaft.zip
2013-02-09 07:43 - 2013-02-09 07:43 - 00000000 ___DC C:\_OTL
2013-02-09 03:32 - 2013-02-09 03:32 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller (1).exe
2013-02-09 03:31 - 2013-02-09 03:31 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller.exe
2013-02-09 03:26 - 2013-02-09 03:27 - 04732416 ____A (AVAST Software) C:\Users\urflamingo\Downloads\aswMBR.exe
2013-02-08 11:34 - 2013-02-08 11:34 - 00000000 ____D C:\Users\urflamingo\Downloads\covertplayer_pro
2013-02-08 05:40 - 2013-02-08 05:40 - 00026095 ___AC C:\ComboFix.txt
2013-02-08 04:54 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-02-08 04:54 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-02-08 04:54 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-02-08 04:54 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-02-08 04:54 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-02-08 04:54 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-02-08 04:54 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-02-08 04:54 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-02-08 04:43 - 2013-02-08 05:40 - 00000000 ___DC C:\Qoobox
2013-02-08 04:42 - 2013-02-08 05:38 - 00000000 ____D C:\Windows\erdnt
2013-02-08 04:41 - 2013-02-08 04:41 - 05030592 ___RA (Swearware) C:\Users\urflamingo\Downloads\ComboFix.exe
2013-02-07 15:02 - 2013-02-07 15:02 - 00001199 ___AC C:\AdwCleaner[R1].txt
2013-02-07 14:10 - 2013-02-07 14:10 - 00582209 ____A C:\Users\urflamingo\Downloads\adwcleaner.exe
2013-02-07 14:07 - 2013-02-07 14:07 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE(1).exe
2013-02-07 14:06 - 2013-02-07 14:06 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE.exe
2013-02-07 14:06 - 2013-02-07 14:06 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-07 13:54 - 2013-02-07 13:54 - 00060754 ____A C:\Users\urflamingo\Desktop\JRT.txt
2013-02-07 13:50 - 2013-02-07 13:50 - 00000000 ____D C:\Windows\ERUNT
2013-02-07 13:48 - 2013-02-07 13:48 - 00000000 ___DC C:\JRT
2013-02-07 13:47 - 2013-02-07 13:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\Nicht bestätigt 518278.crdownload
2013-02-07 13:46 - 2013-02-07 13:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\JRT.exe
2013-02-07 12:05 - 2013-02-07 12:05 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1 (1).txt
2013-02-07 12:04 - 2013-02-07 12:04 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1.txt
2013-02-07 05:57 - 2013-02-07 05:57 - 00097512 ____A C:\Users\urflamingo\Downloads\Extras.Txt
2013-02-07 05:56 - 2013-02-09 07:33 - 00157902 ____A C:\Users\urflamingo\Downloads\OTL.Txt
2013-02-07 05:40 - 2013-02-07 05:40 - 00365568 ____A C:\Users\urflamingo\Downloads\gmer_2.0.18454.exe
2013-02-07 05:19 - 2013-02-07 05:19 - 00602112 ____A (OldTimer Tools) C:\Users\urflamingo\Downloads\OTL.exe
2013-02-07 05:14 - 2013-02-07 05:15 - 00000482 ____A C:\Users\urflamingo\Downloads\defogger_disable.log
2013-02-07 05:14 - 2013-02-07 05:14 - 00000000 ____A C:\Users\urflamingo\defogger_reenable
2013-02-07 05:12 - 2013-02-07 05:13 - 00050477 ____A C:\Users\urflamingo\Downloads\Defogger.exe
2013-02-06 15:22 - 2013-02-06 15:22 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-02-06 15:21 - 2012-12-14 07:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-02-06 12:56 - 2013-02-06 15:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-02-06 12:56 - 2013-02-06 12:56 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Malwarebytes
2013-02-06 12:56 - 2013-02-06 12:56 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-06 12:54 - 2013-02-06 12:54 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\urflamingo\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-06 09:51 - 2013-02-06 09:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-02-05 09:31 - 2013-02-05 09:31 - 00351281 ____A C:\Users\urflamingo\Downloads\covertplayer_pro.zip
2013-02-05 09:10 - 2013-02-05 09:11 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\vlc
2013-02-05 09:09 - 2013-02-05 09:09 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-02-05 09:08 - 2013-02-05 09:08 - 00000000 ____D C:\Program Files\VideoLAN
2013-02-05 09:07 - 2013-02-05 09:07 - 22916830 ____A C:\Users\urflamingo\Downloads\vlc-2.0.5-win32.exe
2013-02-03 03:05 - 2013-02-03 03:04 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-02-03 03:05 - 2013-02-03 03:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-02-03 03:05 - 2013-02-03 03:04 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-02-03 03:05 - 2013-02-03 03:04 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-01-31 08:39 - 2013-01-31 08:39 - 00001875 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-01-30 14:42 - 2013-01-30 14:42 - 00000840 ____A C:\Users\urflamingo\Desktop\CdCoverCreator.lnk
2013-01-30 14:42 - 2013-01-30 14:42 - 00000000 ____D C:\Program Files\CdCoverCreator
2013-01-30 14:41 - 2013-01-30 14:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3 (1).exe
2013-01-30 14:40 - 2013-01-30 14:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3.exe
2013-01-30 14:39 - 2013-01-30 14:39 - 00970480 ____A C:\Users\urflamingo\Downloads\setup (3).exe
2013-01-30 14:23 - 2013-01-30 14:23 - 00581184 ____A (www.download-sponsor.de) C:\Users\urflamingo\Downloads\Nicht bestätigt 154015.crdownload
2013-01-30 14:18 - 2013-01-30 14:18 - 00000756 ____A C:\Users\urflamingo\Desktop\MiPony.lnk
2013-01-30 14:18 - 2013-01-30 14:18 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\DSite
2013-01-30 14:17 - 2013-01-30 14:17 - 00663824 ____A C:\Users\urflamingo\Downloads\DownloadAcceleratorSetup.exe
2013-01-30 14:14 - 2013-01-30 14:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c.exe
2013-01-30 14:14 - 2013-01-30 14:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c (1).exe
2013-01-30 07:25 - 2013-01-30 07:25 - 00000000 ____D C:\Users\urflamingo\Corel
2013-01-30 07:19 - 2013-01-30 07:19 - 00000040 ___AH C:\Windows\System32\ivireg.ivr
2013-01-30 07:18 - 2013-01-30 07:18 - 00001734 ____A C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk
2013-01-30 07:18 - 2010-11-16 07:24 - 00013880 ____A (InterVideo) C:\Windows\System32\Drivers\regi.sys
2013-01-30 07:04 - 2013-01-30 07:06 - 123908088 ____A (Acresso Software Inc.) C:\Users\urflamingo\Downloads\WinDVD11_Pro_TBYB.exe
2013-01-28 10:05 - 2013-01-28 10:05 - 00000000 ____D C:\Users\urflamingo\Documents\Nero
2013-01-28 10:04 - 2013-01-30 10:29 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-01-28 10:01 - 2013-01-28 10:01 - 00000000 ____D C:\Program Files\Common Files\Nero
2013-01-28 10:00 - 2013-01-28 10:03 - 00000000 ____D C:\Users\All Users\Nero
2013-01-28 09:57 - 2013-01-28 10:03 - 00000000 ____D C:\Program Files\Nero
2013-01-28 04:29 - 2013-01-28 04:29 - 00803471 ____A C:\Users\urflamingo\Downloads\label.psd
2013-01-25 10:30 - 2013-01-25 10:32 - 00000000 ____D C:\Users\urflamingo\Downloads\WP Plugins Chrisler Azon
2013-01-25 04:52 - 2013-01-25 04:52 - 08507373 ____A C:\Users\urflamingo\Downloads\pitch_me_your_idea_2003_2493.zip
2013-01-22 12:21 - 2013-01-22 12:21 - 00000000 ____D C:\Users\urflamingo\Documents\Recordpad
2013-01-19 10:19 - 2013-01-19 10:22 - 90257957 ____A C:\Users\urflamingo\Downloads\LeadGenTsunami.mp4
2013-01-19 08:41 - 2013-01-19 08:41 - 03041739 ____A C:\Users\urflamingo\Downloads\quiz2.zip
2013-01-19 08:40 - 2013-02-05 09:31 - 00000000 ____D C:\Users\urflamingo\Downloads\JVZoo
2013-01-18 16:30 - 2013-01-18 16:30 - 01864128 ____A ( ) C:\Users\urflamingo\Downloads\MiracleSqueezePageBuilder.exe
2013-01-18 16:30 - 2013-01-18 16:30 - 00001799 ____A C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk
2013-01-18 16:30 - 2013-01-18 16:30 - 00000000 ____D C:\Program Files\Miracle Squeeze Page Builder
2013-01-18 16:23 - 2013-01-18 16:23 - 00000841 ____A C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk
2013-01-18 16:23 - 2013-01-18 16:23 - 00000000 ____D C:\Program Files\PinDetective
2013-01-18 16:22 - 2013-01-18 16:22 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2(1).exe
2013-01-18 16:21 - 2013-01-18 16:21 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2.exe
2013-01-18 16:13 - 2013-01-18 16:13 - 00001069 ____A C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk
2013-01-18 16:13 - 2013-01-18 16:13 - 00000000 ____D C:\Program Files\PinAutomation - Affiliate Robot
2013-01-18 16:12 - 2013-01-18 16:12 - 00398725 ____A ( ) C:\Users\urflamingo\Downloads\AffiliateRobot-Setup.exe
2013-01-18 07:28 - 2013-01-18 07:28 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus
2013-01-18 05:56 - 2013-01-18 05:56 - 00000970 ____A C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk
2013-01-18 05:21 - 2013-01-18 05:22 - 00004555 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log
2013-01-17 16:40 - 2013-01-17 16:40 - 00000000 ____D C:\Program Files\Citrix
2013-01-17 09:36 - 2013-01-17 09:36 - 00029053 ____A C:\Users\urflamingo\Documents\Versuch1.ffd
2013-01-17 07:33 - 2013-01-17 07:34 - 00000046 ____A C:\Windows\Speed.INI
2013-01-17 07:33 - 2013-01-17 07:34 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX Speed
2013-01-17 06:50 - 2013-01-17 06:50 - 00000024 ____A C:\Windows\System32\DKRNL.JAX
2013-01-17 06:50 - 2013-01-17 06:50 - 00000000 ____D C:\Users\urflamingo\Documents\Corel MotionStudio 3D
2013-01-14 14:21 - 2013-01-14 14:37 - 00024576 ____A C:\Users\urflamingo\Documents\verguetungssysteme.dsam
2013-01-14 14:13 - 2013-01-14 14:13 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42 (1).air
2013-01-14 07:25 - 2013-01-14 09:24 - 00005132 ____A C:\Users\urflamingo\Downloads\sitescripts.php
2013-01-13 15:34 - 2013-01-13 15:34 - 00002269 ____R C:\Windows\E-MailVerifier_Uninstall.in
2013-01-13 15:34 - 2013-01-13 15:34 - 00000715 ____A C:\Users\urflamingo\Desktop\E-MailVerifier.lnk
2013-01-13 15:34 - 2013-01-13 15:34 - 00000000 ____D C:\Program Files\E-MailVerifier
2013-01-13 15:34 - 2010-02-02 03:30 - 00331136 ____A (Mirko Böer) C:\Windows\EMVUn.EXE
2013-01-13 15:33 - 2013-01-13 15:33 - 00003306 ____R C:\Windows\SuperMailer_Uninstall.in
2013-01-13 15:33 - 2013-01-13 15:33 - 00000695 ____A C:\Users\urflamingo\Desktop\SuperMailer.lnk
2013-01-13 15:33 - 2013-01-13 15:33 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\SuperMailer
2013-01-13 15:33 - 2013-01-13 15:33 - 00000000 ____D C:\Program Files\SuperMailer
2013-01-13 15:33 - 2010-03-17 01:45 - 00331136 ____A (Mirko Böer) C:\Windows\SMUn.EXE
2013-01-13 09:05 - 2013-01-13 09:05 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2013-01-13 09:04 - 2013-01-13 09:04 - 00000776 ____A C:\Users\Public\Desktop\Market Samurai.lnk
2013-01-13 09:03 - 2013-01-13 09:03 - 00000000 ____D C:\Program Files\Market Samurai
2013-01-13 08:59 - 2013-01-13 08:59 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42.air
2013-01-11 05:39 - 2013-01-11 05:40 - 01054871 ____A C:\Users\urflamingo\Downloads\MLMpro_D.zip


==================== One Month Modified Files and Folders ========

2013-02-10 03:24 - 2012-05-29 07:33 - 00001699 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-02-10 03:18 - 2008-01-20 18:47 - 20971084 ____A C:\Windows\PFRO.log
2013-02-10 03:08 - 2009-08-13 01:31 - 00143914 ____A C:\Users\All Users\nvModes.001
2013-02-10 03:08 - 2008-09-08 18:07 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2013-02-10 03:08 - 2008-07-29 18:13 - 00000147 ____A C:\Windows\System32\agent.log
2013-02-10 03:08 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-10 03:08 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-10 03:08 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-09 13:18 - 2010-06-27 10:33 - 00008268 ____A C:\Users\urflamingo\AppData\Local\d3d9caps.dat
2013-02-09 12:49 - 2012-01-19 08:46 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\PDF Software
2013-02-09 11:33 - 2013-02-09 11:33 - 00000000 ___DC C:\FRST
2013-02-09 11:19 - 2009-11-15 12:28 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-09 09:57 - 2013-02-09 09:57 - 00042254 ____A C:\Users\urflamingo\Downloads\Aktivierungshinweise_Gold_Mitgliedschaft.zip
2013-02-09 07:43 - 2013-02-09 07:43 - 00000000 ___DC C:\_OTL
2013-02-09 07:33 - 2013-02-07 05:56 - 00157902 ____A C:\Users\urflamingo\Downloads\OTL.Txt
2013-02-09 04:17 - 2012-12-26 11:39 - 00000338 ____A C:\Windows\Tasks\DriverScanner.job
2013-02-09 04:17 - 2009-11-15 12:28 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-09 03:43 - 2008-10-04 13:22 - 00075264 ____A C:\Users\urflamingo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-09 03:32 - 2013-02-09 03:32 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller (1).exe
2013-02-09 03:31 - 2013-02-09 03:31 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\urflamingo\Downloads\tdsskiller.exe
2013-02-09 03:27 - 2013-02-09 03:26 - 04732416 ____A (AVAST Software) C:\Users\urflamingo\Downloads\aswMBR.exe
2013-02-08 12:14 - 2010-02-21 19:07 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\FileZilla
2013-02-08 11:34 - 2013-02-08 11:34 - 00000000 ____D C:\Users\urflamingo\Downloads\covertplayer_pro
2013-02-08 05:40 - 2013-02-08 05:40 - 00026095 ___AC C:\ComboFix.txt
2013-02-08 05:40 - 2013-02-08 04:43 - 00000000 ___DC C:\Qoobox
2013-02-08 05:40 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
2013-02-08 05:38 - 2013-02-08 04:42 - 00000000 ____D C:\Windows\erdnt
2013-02-08 05:32 - 2006-11-02 02:23 - 00000215 ___AC C:\Windows\system.ini
2013-02-08 05:21 - 2008-10-04 06:09 - 00000000 ____D C:\users\urflamingo
2013-02-08 04:41 - 2013-02-08 04:41 - 05030592 ___RA (Swearware) C:\Users\urflamingo\Downloads\ComboFix.exe
2013-02-07 15:02 - 2013-02-07 15:02 - 00001199 ___AC C:\AdwCleaner[R1].txt
2013-02-07 14:43 - 2012-07-31 04:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-07 14:10 - 2013-02-07 14:10 - 00582209 ____A C:\Users\urflamingo\Downloads\adwcleaner.exe
2013-02-07 14:07 - 2013-02-07 14:07 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE(1).exe
2013-02-07 14:06 - 2013-02-07 14:06 - 28181408 ____A (TuneUp Software) C:\Users\urflamingo\Downloads\TuneUpUtilities2013_de-DE.exe
2013-02-07 14:06 - 2013-02-07 14:06 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-07 13:54 - 2013-02-07 13:54 - 00060754 ____A C:\Users\urflamingo\Desktop\JRT.txt
2013-02-07 13:50 - 2013-02-07 13:50 - 00000000 ____D C:\Windows\ERUNT
2013-02-07 13:48 - 2013-02-07 13:48 - 00000000 ___DC C:\JRT
2013-02-07 13:47 - 2013-02-07 13:47 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\Nicht bestätigt 518278.crdownload
2013-02-07 13:47 - 2013-02-07 13:46 - 00547275 ____A (Oleg N. Scherbakov) C:\Users\urflamingo\Downloads\JRT.exe
2013-02-07 12:25 - 2006-11-02 04:47 - 00634760 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-07 12:05 - 2013-02-07 12:05 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1 (1).txt
2013-02-07 12:04 - 2013-02-07 12:04 - 00080828 ____A C:\Users\urflamingo\Downloads\OTLTeil1.txt
2013-02-07 05:57 - 2013-02-07 05:57 - 00097512 ____A C:\Users\urflamingo\Downloads\Extras.Txt
2013-02-07 05:40 - 2013-02-07 05:40 - 00365568 ____A C:\Users\urflamingo\Downloads\gmer_2.0.18454.exe
2013-02-07 05:19 - 2013-02-07 05:19 - 00602112 ____A (OldTimer Tools) C:\Users\urflamingo\Downloads\OTL.exe
2013-02-07 05:15 - 2013-02-07 05:14 - 00000482 ____A C:\Users\urflamingo\Downloads\defogger_disable.log
2013-02-07 05:14 - 2013-02-07 05:14 - 00000000 ____A C:\Users\urflamingo\defogger_reenable
2013-02-07 05:13 - 2013-02-07 05:12 - 00050477 ____A C:\Users\urflamingo\Downloads\Defogger.exe
2013-02-06 16:17 - 2008-09-08 17:52 - 01770546 ____A C:\Windows\WindowsUpdate.log
2013-02-06 16:17 - 2006-11-02 05:01 - 00032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-06 15:22 - 2013-02-06 15:22 - 00000870 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-02-06 15:22 - 2013-02-06 12:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-02-06 15:11 - 2012-12-13 12:32 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-02-06 15:08 - 2012-12-12 03:50 - 00000000 ___RD C:\Users\urflamingo\Dropbox
2013-02-06 15:08 - 2012-12-12 03:45 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Dropbox
2013-02-06 14:37 - 2008-01-20 23:16 - 01673560 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-06 12:56 - 2013-02-06 12:56 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Malwarebytes
2013-02-06 12:56 - 2013-02-06 12:56 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-06 12:54 - 2013-02-06 12:54 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\urflamingo\Downloads\mbam-setup-1.70.0.1100.exe
2013-02-06 12:49 - 2012-05-02 07:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-02-06 10:19 - 2010-11-14 14:58 - 33997193 ____A C:\Users\urflamingo\Downloads\otopaket.zip
2013-02-06 09:54 - 2013-02-06 09:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-02-06 09:00 - 2010-10-23 05:56 - 00000304 ____A C:\Windows\Tasks\next.job
2013-02-06 09:00 - 2009-08-03 00:23 - 00000452 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2013-02-05 11:06 - 2012-12-13 14:21 - 00000000 ____D C:\Users\urflamingo\AppData\Local\CrashDumps
2013-02-05 09:31 - 2013-02-05 09:31 - 00351281 ____A C:\Users\urflamingo\Downloads\covertplayer_pro.zip
2013-02-05 09:31 - 2013-01-19 08:40 - 00000000 ____D C:\Users\urflamingo\Downloads\JVZoo
2013-02-05 09:11 - 2013-02-05 09:10 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\vlc
2013-02-05 09:09 - 2013-02-05 09:09 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-02-05 09:08 - 2013-02-05 09:08 - 00000000 ____D C:\Program Files\VideoLAN
2013-02-05 09:07 - 2013-02-05 09:07 - 22916830 ____A C:\Users\urflamingo\Downloads\vlc-2.0.5-win32.exe
2013-02-04 14:03 - 2012-01-19 09:06 - 00000000 ____D C:\Users\urflamingo\Documents\PDF Suite 2012 Files
2013-02-04 12:14 - 2010-11-30 08:57 - 00000000 ____D C:\Program Files\Common Files\ArcSoft
2013-02-04 12:14 - 2008-07-29 17:22 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-02-03 03:04 - 2013-02-03 03:05 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-02-03 03:04 - 2013-02-03 03:05 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-02-03 03:04 - 2013-02-03 03:05 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-02-03 03:04 - 2013-02-03 03:05 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-02-03 03:04 - 2012-11-06 07:51 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-02-03 03:04 - 2011-07-11 02:52 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-02-03 02:56 - 2012-12-12 03:50 - 00000938 ____A C:\Users\urflamingo\Desktop\Dropbox.lnk
2013-02-03 02:55 - 2010-03-01 11:26 - 00047104 ____A C:\Users\urflamingo\AppData\Local\WebpageIcons.db
2013-01-31 08:39 - 2013-01-31 08:39 - 00001875 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-01-31 08:39 - 2012-11-09 07:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-01-30 15:37 - 2010-02-09 12:58 - 00004096 ____A C:\Users\Public\Documents\00000ED4.LCS
2013-01-30 14:42 - 2013-01-30 14:42 - 00000840 ____A C:\Users\urflamingo\Desktop\CdCoverCreator.lnk
2013-01-30 14:42 - 2013-01-30 14:42 - 00000000 ____D C:\Program Files\CdCoverCreator
2013-01-30 14:41 - 2013-01-30 14:41 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3 (1).exe
2013-01-30 14:41 - 2013-01-30 14:40 - 02831657 ____A C:\Users\urflamingo\Downloads\CdCoverCreator-Setup-2.5.3.exe
2013-01-30 14:39 - 2013-01-30 14:39 - 00970480 ____A C:\Users\urflamingo\Downloads\setup (3).exe
2013-01-30 14:23 - 2013-01-30 14:23 - 00581184 ____A (www.download-sponsor.de) C:\Users\urflamingo\Downloads\Nicht bestätigt 154015.crdownload
2013-01-30 14:18 - 2013-01-30 14:18 - 00000756 ____A C:\Users\urflamingo\Desktop\MiPony.lnk
2013-01-30 14:18 - 2013-01-30 14:18 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\DSite
2013-01-30 14:17 - 2013-01-30 14:17 - 00663824 ____A C:\Users\urflamingo\Downloads\DownloadAcceleratorSetup.exe
2013-01-30 14:14 - 2013-01-30 14:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c.exe
2013-01-30 14:14 - 2013-01-30 14:14 - 00284064 ____A C:\Users\urflamingo\Downloads\zipper_V.6827832c (1).exe
2013-01-30 10:29 - 2013-01-28 10:04 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-01-30 07:46 - 2012-01-02 14:38 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Corel
2013-01-30 07:25 - 2013-01-30 07:25 - 00000000 ____D C:\Users\urflamingo\Corel
2013-01-30 07:20 - 2012-12-12 12:09 - 00000000 ____D C:\Users\All Users\Corel
2013-01-30 07:19 - 2013-01-30 07:19 - 00000040 ___AH C:\Windows\System32\ivireg.ivr
2013-01-30 07:18 - 2013-01-30 07:18 - 00001734 ____A C:\Users\Public\Desktop\Corel WinDVD Pro 11.lnk
2013-01-30 07:17 - 2012-12-12 12:00 - 00000000 ____D C:\Program Files\Corel
2013-01-30 07:06 - 2013-01-30 07:04 - 123908088 ____A (Acresso Software Inc.) C:\Users\urflamingo\Downloads\WinDVD11_Pro_TBYB.exe
2013-01-30 03:38 - 2009-08-03 00:23 - 00000426 ____A C:\Windows\Tasks\ParetoLogic Update Version2.job
2013-01-28 10:05 - 2013-01-28 10:05 - 00000000 ____D C:\Users\urflamingo\Documents\Nero
2013-01-28 10:03 - 2013-01-28 10:00 - 00000000 ____D C:\Users\All Users\Nero
2013-01-28 10:03 - 2013-01-28 09:57 - 00000000 ____D C:\Program Files\Nero
2013-01-28 10:01 - 2013-01-28 10:01 - 00000000 ____D C:\Program Files\Common Files\Nero
2013-01-28 07:31 - 2012-02-16 08:39 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX
2013-01-28 04:29 - 2013-01-28 04:29 - 00803471 ____A C:\Users\urflamingo\Downloads\label.psd
2013-01-25 10:32 - 2013-01-25 10:30 - 00000000 ____D C:\Users\urflamingo\Downloads\WP Plugins Chrisler Azon
2013-01-25 04:52 - 2013-01-25 04:52 - 08507373 ____A C:\Users\urflamingo\Downloads\pitch_me_your_idea_2003_2493.zip
2013-01-22 14:10 - 2010-11-28 07:00 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Audacity
2013-01-22 12:21 - 2013-01-22 12:21 - 00000000 ____D C:\Users\urflamingo\Documents\Recordpad
2013-01-20 06:41 - 2012-12-12 12:22 - 00000000 ____D C:\Users\All Users\SmartSound Software Inc
2013-01-19 10:22 - 2013-01-19 10:19 - 90257957 ____A C:\Users\urflamingo\Downloads\LeadGenTsunami.mp4
2013-01-19 08:41 - 2013-01-19 08:41 - 03041739 ____A C:\Users\urflamingo\Downloads\quiz2.zip
2013-01-18 16:42 - 2010-05-31 08:08 - 00000206 ____A C:\Windows\EurekaLog.ini
2013-01-18 16:30 - 2013-01-18 16:30 - 01864128 ____A ( ) C:\Users\urflamingo\Downloads\MiracleSqueezePageBuilder.exe
2013-01-18 16:30 - 2013-01-18 16:30 - 00001799 ____A C:\Users\Public\Desktop\Miracle Squeeze Page Builder .lnk
2013-01-18 16:30 - 2013-01-18 16:30 - 00000000 ____D C:\Program Files\Miracle Squeeze Page Builder
2013-01-18 16:23 - 2013-01-18 16:23 - 00000841 ____A C:\Users\urflamingo\Desktop\PinDetective v1.2.lnk
2013-01-18 16:23 - 2013-01-18 16:23 - 00000000 ____D C:\Program Files\PinDetective
2013-01-18 16:22 - 2013-01-18 16:22 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2(1).exe
2013-01-18 16:21 - 2013-01-18 16:21 - 00422659 ____A ( ) C:\Users\urflamingo\Downloads\PinDetective-Setupv1-2.exe
2013-01-18 16:13 - 2013-01-18 16:13 - 00001069 ____A C:\Users\urflamingo\Desktop\PinAutomation - Affiliate Robot v1.2.lnk
2013-01-18 16:13 - 2013-01-18 16:13 - 00000000 ____D C:\Program Files\PinAutomation - Affiliate Robot
2013-01-18 16:12 - 2013-01-18 16:12 - 00398725 ____A ( ) C:\Users\urflamingo\Downloads\AffiliateRobot-Setup.exe
2013-01-18 13:51 - 2009-08-06 12:00 - 00000000 ____D C:\Users\urflamingo\Documents\Camtasia Studio
2013-01-18 07:28 - 2013-01-18 07:28 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Video_deluxe_15_Plus
2013-01-18 05:58 - 2008-10-19 11:55 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\AVS4YOU
2013-01-18 05:57 - 2008-10-19 11:51 - 00000000 ____D C:\Program Files\AVS4YOU
2013-01-18 05:56 - 2013-01-18 05:56 - 00000970 ____A C:\Users\urflamingo\Desktop\AVS Video ReMaker.lnk
2013-01-18 05:22 - 2013-01-18 05:21 - 00004555 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log
2013-01-18 05:22 - 2009-08-01 10:08 - 00000000 ____D C:\Program Files\Java
2013-01-17 16:40 - 2013-01-17 16:40 - 00000000 ____D C:\Program Files\Citrix
2013-01-17 09:36 - 2013-01-17 09:36 - 00029053 ____A C:\Users\urflamingo\Documents\Versuch1.ffd
2013-01-17 07:34 - 2013-01-17 07:33 - 00000046 ____A C:\Windows\Speed.INI
2013-01-17 07:34 - 2013-01-17 07:33 - 00000000 ____D C:\Users\urflamingo\Documents\MAGIX Speed
2013-01-17 06:50 - 2013-01-17 06:50 - 00000024 ____A C:\Windows\System32\DKRNL.JAX
2013-01-17 06:50 - 2013-01-17 06:50 - 00000000 ____D C:\Users\urflamingo\Documents\Corel MotionStudio 3D
2013-01-17 06:49 - 2012-12-12 14:03 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\Ulead Systems
2013-01-15 10:54 - 2012-03-19 03:57 - 00000000 ____D C:\Program Files\McAfee
2013-01-14 14:37 - 2013-01-14 14:21 - 00024576 ____A C:\Users\urflamingo\Documents\verguetungssysteme.dsam
2013-01-14 14:23 - 2010-05-05 08:28 - 00322760 ___AH C:\Windows\System32\mlfcache.dat
2013-01-14 14:13 - 2013-01-14 14:13 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42 (1).air
2013-01-14 09:24 - 2013-01-14 07:25 - 00005132 ____A C:\Users\urflamingo\Downloads\sitescripts.php
2013-01-14 04:43 - 2009-08-12 23:14 - 00143914 ____A C:\Users\All Users\nvModes.dat
2013-01-13 15:34 - 2013-01-13 15:34 - 00002269 ____R C:\Windows\E-MailVerifier_Uninstall.in
2013-01-13 15:34 - 2013-01-13 15:34 - 00000715 ____A C:\Users\urflamingo\Desktop\E-MailVerifier.lnk
2013-01-13 15:34 - 2013-01-13 15:34 - 00000000 ____D C:\Program Files\E-MailVerifier
2013-01-13 15:33 - 2013-01-13 15:33 - 00003306 ____R C:\Windows\SuperMailer_Uninstall.in
2013-01-13 15:33 - 2013-01-13 15:33 - 00000695 ____A C:\Users\urflamingo\Desktop\SuperMailer.lnk
2013-01-13 15:33 - 2013-01-13 15:33 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\SuperMailer
2013-01-13 15:33 - 2013-01-13 15:33 - 00000000 ____D C:\Program Files\SuperMailer
2013-01-13 09:05 - 2013-01-13 09:05 - 00000000 ____D C:\Users\urflamingo\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2013-01-13 09:04 - 2013-01-13 09:04 - 00000776 ____A C:\Users\Public\Desktop\Market Samurai.lnk
2013-01-13 09:03 - 2013-01-13 09:03 - 00000000 ____D C:\Program Files\Market Samurai
2013-01-13 08:59 - 2013-01-13 08:59 - 03818253 ____A C:\Users\urflamingo\Downloads\MarketSamurai.0.92.42.air
2013-01-11 07:37 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-11 05:40 - 2013-01-11 05:39 - 01054871 ____A C:\Users\urflamingo\Downloads\MLMpro_D.zip

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-12 03:25] - [2012-08-21 03:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A



testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-03 03:02:33
Restore point made on: 2013-02-04 12:14:10

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 4090.07 MB
Available physical RAM: 3718.34 MB
Total Pagefile: 3955.55 MB
Available Pagefile: 3805.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.35 MB

==================== Partitions =============================

1 Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:35.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:178.85 GB) (Free:105.44 GB) NTFS
3 Drive e: (DATA) (Fixed) (Total:59.58 GB) (Free:59.49 GB) NTFS
4 Drive f: () (Removable) (Total:3.69 GB) (Free:3.23 GB) FAT32
5 Drive g: () (Removable) (Total:3.84 GB) (Free:1.67 GB) FAT32
6 Drive h: (DATA) (Fixed) (Total:140.5 GB) (Free:86.21 GB) NTFS
7 Drive i: (DATA) (Fixed) (Total:59.65 GB) (Free:55.37 GB) NTFS
9 Drive x: (PQSERVICE) (Fixed) (Total:10 GB) (Free:0.7 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 298 GB 1563 KB
Disk 2 Online 3782 MB 0 B
Disk 3 Online 3935 MB 0 B

Partitions of Disk 0:
===============

ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.

=========================================================

Partitions of Disk 1:
===============

ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.

=========================================================

Partitions of Disk 2:
===============

ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.

=========================================================

Partitions of Disk 3:
===============

ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.

=========================================================

Last Boot: 2013-02-10 03:36

==================== End Of Log ============================

So, dann lass uns auf neue Erkenntnisse hoffen. Übrigens habe ich mich beim Durchsehen einer der bisherigen Listen daran erinnert, dass ich ungefähr zum Monatswechsel (30. oder 31.1.) die neueste Java-Version geloaded habe (7.13). Habe aber wohl die Vorgänger-Version (6. und irgendwas) nicht entfernt. Kann aus dieser Ecke etwas resultieren?

Gruß urflamingo

Antwort
Seite 1 von 3 1 23

Themen zu Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension
32 bit, 7-zip, adware.funmoods, anti-malware, anwendungen, appdata, audacity, avg secure search, becker, bildschirm, bla, booten, computer, dateien, einloggen, entfernen, ergebnis, folge, gmer, google, infiziert, infiziert., install.exe, kunde, launch, log-datei, malwarebytes, maus, microsoft office 2003, mipony, nicht mehr, ordner, policyagent, problem, programm, recycle.bin, robot, scan, secure search, startbildschirm, trojaner-board, vista, visual studio, windows, windows vista, winload toolbar


« bei etwa jeder zweiten google suche werde ich zu "click compare" verlinkt. | BDS/ZeroAccess.Gen - kehrt stets zurück »


Ähnliche Themen: Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension


  1. (iMac) Werbe Pop-up in Browser Links
    Alles rund um Mac OSX & Linux - 17.09.2015 (12)
  2. Win 7 (64): Links im Browser unterstrichen; eDeals, SlamDunk Savings u.v.m.
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (26)
  3. Trojanerbefall, Werbe-popups nach sich ständig selbst installierender Chrome-Extension - Hilfe auch für jemanden der Englisch spricht?
    Plagegeister aller Art und deren Bekämpfung - 21.07.2014 (3)
  4. Mac - lokale Wordpress Installation - unerwünschte Hotword Links zu http://de.clickcompare.info
    Alles rund um Mac OSX & Linux - 11.03.2014 (7)
  5. Bekomme Links zu http://de.clickcompare.info
    Plagegeister aller Art und deren Bekämpfung - 04.02.2014 (9)
  6. rvzr-a.akamaihd.net und blau unterstichene Wörter als Werbe-Links
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (8)
  7. Links zu http://de.clickcompare.info
    Log-Analyse und Auswertung - 19.08.2013 (7)
  8. Trojaner clickcompare.info - Bitte um Hilfe!!
    Log-Analyse und Auswertung - 27.07.2013 (9)
  9. Willkürliche Links zu clickcompare.info und sich willkürlich öffnende Werbetabs
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (11)
  10. Unerwünschte Werbe-Links zu de.clickcompare
    Log-Analyse und Auswertung - 01.03.2013 (19)
  11. Yontoo 2.04 LLC und Wörter in Internettexten verlinken mich auf clickcompare.info
    Log-Analyse und Auswertung - 27.02.2013 (14)
  12. wörter in firefox verlinken auf clickcompare.info
    Plagegeister aller Art und deren Bekämpfung - 20.02.2013 (19)
  13. Savings Sidekick und ungewollte Links
    Plagegeister aller Art und deren Bekämpfung - 05.12.2012 (13)
  14. Falsche Weiterleitung von Links und Werbe-Popup unten Rechts
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (36)
  15. Falsche Weiterleitung von Links und Werbe-Popup unten Rechts Falsche Weiterleitung von Links und Werbe-Popup unten Rechts
    Mülltonne - 03.09.2012 (1)
  16. links werden umgeleitet und werbe-links öffnen sich von allein (firefox)
    Log-Analyse und Auswertung - 08.04.2010 (18)
  17. firefox: links werden umgeleitet und werbe-links öffnen sich von allein
    Log-Analyse und Auswertung - 30.03.2010 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension - Hallo, so ging es los: Ich entdeckte auf einer Landingsite eines Kunden unerwünschte Werbe-Links zu de.clickcompare.info/search. Beim Überfahren der Links mit der Maus erschien als Hover-Text: Giant Savings Extension Ich - Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension...
Archiv
Du betrachtest: Unerwünschte Werbe-Links zu de.clickcompare.info über Programm Giant Savings Extension auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129