Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus drauf wird aber von Scanner nicht erkannt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.07.2013, 21:08   #1
scar_curse
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



Guten Abend,

ich hoffe ich habs jetzt nachm editieren richtig gemacht

Also mein Problem:


Seid einigen Tagen ist mein PC erheblich Langsamer geworden. Außerdem wird wenn ich anwendungen öffne wie zb den Internet Explorer oder Firefox sofort eine Website mit irgendeiner Werbung geöffnet. Des Weiteren passiert das auch wenn ich eine neuen Task öffne und auf sämtlichen Seiten sind willkürlich ausgewählte Wörter mit irgendwelche Seite verlinkt.

Ich habe die 20€ Version von Kaspersky und den Windows Defender mehrmals drüber laufen lassen und es wird bei beiden keine Meldung über einen Virus oder eine Bedrohung angezeigt.

Ich hoffe mir kann hier irgendjemand helfen


Code:
ATTFilter
OTL logfile created on: 30.07.2013 21:21:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dennis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 15,44% Memory free
7,82 Gb Paging File | 3,26 Gb Available in Paging File | 41,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,41 Gb Total Space | 23,54 Gb Free Space | 7,83% Space Free | Partition Type: NTFS
Drive D: | 373,22 Gb Total Space | 120,21 Gb Free Space | 32,21% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.30 21:21:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
PRC - [2013.07.30 21:16:15 | 000,050,477 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCF2750X\Defogger.exe
PRC - [2013.07.26 13:52:08 | 000,376,896 | ---- | M] (Wsys Co., Ltd.) -- C:\ProgramData\eSafe\eGdpSvc.exe
PRC - [2013.07.01 16:27:30 | 001,519,680 | ---- | M] (1und1 Mail und Media GmbH) -- C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
PRC - [2013.03.04 22:12:34 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013.01.29 15:28:02 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2011.12.07 00:59:51 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.06.10 20:49:10 | 002,255,360 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011.04.28 16:04:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.04.28 12:44:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.19 02:51:32 | 000,496,560 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2011.02.01 23:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 23:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.13 04:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.10.08 00:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.08.18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.30 21:16:15 | 000,050,477 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCF2750X\Defogger.exe
MOD - [2013.07.14 13:45:34 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1773f7168685423c144d14727e45be6f\IAStorUtil.ni.dll
MOD - [2013.07.14 13:45:34 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll
MOD - [2013.07.14 12:30:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll
MOD - [2013.07.14 12:29:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013.07.14 12:29:51 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.14 12:29:40 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013.07.14 12:29:36 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.14 12:29:32 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.14 12:29:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.14 12:29:25 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
MOD - [2013.04.07 10:54:20 | 000,306,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll
MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll
MOD - [2013.01.29 15:28:02 | 000,170,840 | ---- | M] () -- C:\Program Files\Web Assistant\Extension32.dll
MOD - [2012.08.17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012.04.13 15:46:46 | 002,660,016 | ---- | M] () -- C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\tbcore3.dll
MOD - [2012.04.13 15:46:46 | 000,311,472 | ---- | M] () -- C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\tbhelper.dll
MOD - [2012.04.13 15:46:46 | 000,268,960 | ---- | M] () -- C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\suggestion_plugin.dll
MOD - [2011.06.10 20:49:10 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
MOD - [2011.04.28 12:44:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2011.02.19 06:23:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.01.18 13:21:56 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013.04.07 10:54:58 | 001,455,408 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2013.01.29 15:28:02 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant)
SRV:64bit: - [2011.01.26 00:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.30 01:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013.07.26 13:52:08 | 000,376,896 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (WsysSvc)
SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.04 22:12:34 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.04.28 16:04:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.04.28 12:44:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.02.01 23:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 23:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.19 19:38:27 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013.04.26 14:01:23 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.04.26 14:01:23 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013.03.04 22:26:34 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013.03.04 22:26:34 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012.06.05 16:03:52 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.04.28 12:44:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.03.26 10:19:48 | 012,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 21:21:16 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.03 15:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.26 03:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2011.02.16 11:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.02.11 00:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.11 00:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.31 12:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.11.30 08:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.11.30 01:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.20 12:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.02.25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.05.26 05:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523
IE - HKLM\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?affID=119776&tt=160512c_ctrl&babsrc=HP_ss&mntrId=F82D72DE2BF09AD1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Dennis\Pictures
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {D8ABEA3F-1283-4DA7-BE65-E40597C4948C}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119776&tt=160512c_ctrl&babsrc=SP_ss&mntrId=F82D72DE2BF09AD1
IE - HKCU\..\SearchScopes\{1F4D59AD-0B58-4A7F-8954-0DCE61660B4B}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = hxxp://search.speedbit.com/search.aspx?aff=svd_0&q={searchTerms}
IE - HKCU\..\SearchScopes\{8E354526-36E3-46CF-8F74-BC804D385922}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{C1F821C0-7823-4701-BB8D-3886288006DD}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyLooBtrf&i=26
IE - HKCU\..\SearchScopes\{D8ABEA3F-1283-4DA7-BE65-E40597C4948C}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..browser.startup.homepage: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523"
FF - prefs.js..browser.search.defaultenginename: "qvo6"
FF - prefs.js..browser.search.order.1: "qvo6"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.search.selectedEngine: "qvo6"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013.03.01 15:53:00 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013.03.01 15:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox [2012.04.13 15:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox [2012.04.13 15:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013.03.01 15:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013.03.01 15:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.26 14:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.26 14:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.26 14:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.26 14:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.26 14:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.12 14:21:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyrix@lyrixeeker.co: C:\Program Files (x86)\LyriXeeker\125.xpi [2013.07.26 13:51:29 | 000,009,283 | ---- | M] ()
 
[2013.07.11 20:35:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2013.07.26 13:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.04.08 19:11:52 | 000,199,379 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\extensions\m2k@m2kdownloader.com.xpi
[2013.07.27 14:14:37 | 000,002,120 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\ypoje2mk.default\searchplugins\MyStart Search.xml
[2013.07.11 20:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.16 14:16:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.05 16:05:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.07.11 20:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.11 20:29:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.07.26 13:52:03 | 000,000,735 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (LyricXeeker) - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files (x86)\LyriXeeker\125.dll (LyriXeeker Tech)
O2 - BHO: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (SpeedBit Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\tbcore3.dll ()
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Game Master 2.2 Toolbar) - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\grabber.dll (SpeedBit)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Game Master 2.2 Toolbar) - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert 1.3 Toolbar) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Game Master 2.2 Toolbar) - {D8215D9C-81ED-4E53-B420-BFCDBAC4734D} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Dennis\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -update activex File not found
O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68F7DAB1-8917-41C6-914E-31F62D999FF5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{7bb70e58-71e1-11e1-9bd0-5404a6e0a73d}\Shell - "" = AutoRun
O33 - MountPoints2\{7bb70e58-71e1-11e1-9bd0-5404a6e0a73d}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{8506d0cc-5eea-11e1-a99b-5404a6e0a73d}\Shell - "" = AutoRun
O33 - MountPoints2\{8506d0cc-5eea-11e1-a99b-5404a6e0a73d}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.30 21:20:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2013.07.26 18:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.07.26 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Mp3tag
[2013.07.26 17:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2013.07.26 13:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013.07.26 13:51:43 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\eIntaller
[2013.07.26 13:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyriXeeker
[2013.07.15 18:48:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.07.14 21:42:01 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\{FC85F24E-B059-4C37-8F7F-746C878660C3}
[2013.07.13 13:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2013.07.13 13:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
[2013.07.13 13:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEB.DE MailCheck
[2013.07.11 20:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.07.11 20:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.07.03 20:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.30 21:21:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2013.07.30 21:16:49 | 000,000,000 | ---- | M] () -- C:\Users\Dennis\defogger_reenable
[2013.07.30 20:16:27 | 000,682,942 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.30 20:16:27 | 000,633,118 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.30 20:16:27 | 000,139,568 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.30 20:16:27 | 000,115,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.30 20:16:26 | 001,559,994 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.30 20:12:44 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001UA.job
[2013.07.30 20:12:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.30 14:07:02 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\LyricXeeker Update.job
[2013.07.30 14:06:44 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001Core.job
[2013.07.29 20:27:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.29 20:27:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.27 14:13:18 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.07.27 14:13:17 | 000,001,471 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013.07.27 14:12:55 | 3149,635,584 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.26 17:57:56 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2013.07.26 13:52:07 | 000,002,148 | ---- | M] () -- C:\Users\Dennis\Desktop\WEB.DE.lnk
[2013.07.26 13:52:07 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.07.26 13:52:07 | 000,001,371 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.07.26 13:50:38 | 000,001,087 | ---- | M] () -- C:\Users\Dennis\Desktop\Continue Download Helper Installation.lnk
[2013.07.16 20:13:43 | 000,081,056 | ---- | M] () -- C:\Users\Dennis\Documents\Bulgarien 2.pdf
[2013.07.16 20:13:27 | 000,326,997 | ---- | M] () -- C:\Users\Dennis\Documents\Bulgarien 1.pdf
[2013.07.13 13:14:26 | 000,277,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.30 21:16:49 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\defogger_reenable
[2013.07.26 17:57:56 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2013.07.26 13:51:29 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\LyricXeeker Update.job
[2013.07.26 13:50:38 | 000,001,087 | ---- | C] () -- C:\Users\Dennis\Desktop\Continue Download Helper Installation.lnk
[2013.07.16 20:13:43 | 000,081,056 | ---- | C] () -- C:\Users\Dennis\Documents\Bulgarien 2.pdf
[2013.07.16 20:13:25 | 000,326,997 | ---- | C] () -- C:\Users\Dennis\Documents\Bulgarien 1.pdf
[2013.07.11 20:29:51 | 000,001,371 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.07.11 20:29:50 | 000,001,383 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.13 20:41:58 | 000,007,605 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg
[2012.08.26 17:45:17 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.08.26 17:45:17 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.08.26 17:45:17 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.07.16 15:09:05 | 000,007,661 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\.freeciv-client-rc-2.3
[2012.04.04 23:00:54 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.03.18 22:17:35 | 000,004,608 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.07 16:28:59 | 000,017,408 | ---- | C] () -- C:\Users\Dennis\AppData\Local\WebpageIcons.db
[2012.02.26 00:18:51 | 000,102,912 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2012.02.26 00:18:51 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2012.02.08 13:08:27 | 001,564,440 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.16 15:08:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\.freeciv
[2012.02.08 12:42:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ASUS WebStorage
[2012.05.17 12:37:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Babylon
[2012.05.16 14:22:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Cocoon Software
[2012.09.08 19:01:51 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2013.07.26 18:08:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoft
[2013.07.26 18:07:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.07.26 13:51:43 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\eIntaller
[2013.06.28 15:18:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\File Scout
[2012.09.20 21:11:29 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Freemium
[2013.07.26 18:03:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mp3tag
[2013.03.30 17:16:15 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nokia
[2013.03.30 17:16:15 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nokia Suite
[2012.08.18 12:35:24 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nuance
[2012.09.20 21:11:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenCandy
[2012.12.17 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Opera
[2012.03.19 21:17:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PC Suite
[2013.07.26 19:20:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SoftGrid Client
[2012.02.08 15:12:43 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TP
[2012.09.20 21:13:04 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2013.01.12 03:34:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Wargaming.net
[2012.03.13 21:45:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Windows Live Writer
[2012.08.08 23:26:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:862BDB1A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:957E9765

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 30.07.2013 21:21:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dennis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 15,44% Memory free
7,82 Gb Paging File | 3,26 Gb Available in Paging File | 41,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,41 Gb Total Space | 23,54 Gb Free Space | 7,83% Space Free | Partition Type: NTFS
Drive D: | 373,22 Gb Total Space | 120,21 Gb Free Space | 32,21% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Dennis\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SPEEDbitVideoConverter] -- "C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe" -convert=%1 (SPEEDbit Ltd.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Dennis\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SPEEDbitVideoConverter] -- "C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe" -convert=%1 (SPEEDbit Ltd.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F0E9315-BE45-4613-AC05-0B66A7EDCCC8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{29E7C2D8-75F1-48D1-86BC-BFD7AD323ABE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{40685409-EF6D-4917-AB79-363E925610E1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{47C72676-90BB-4640-87A3-657AC0E73AA9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{55D441A1-29BD-42E9-82FF-AE5D98704820}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{58E72BCA-AAC9-445E-8C8C-08A77B305E14}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6105A0E9-3E9B-4B11-AE3D-9BC012C87928}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{67AD0860-CC3A-4B9F-946F-DF18C549CFE3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6AB2D1B0-2C2D-4DA9-B18B-EAE0E50F2EB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{70C2B3F3-1F34-4BC9-AF9A-E2280243C8ED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{748CB872-727C-4742-8DF1-FBE2441BBF59}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7CDB0B4B-9D77-428C-B72A-5FA1DF1B878E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{805CF2D5-CBE2-408F-A376-AC62CB8D88B5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{99DE6BCC-287A-481F-B324-B0708C1A2554}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{A8C150B4-F6A5-4471-AD87-7719B23E2788}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A9270C74-65BA-457D-8ED0-91D0A1858B90}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B676651C-007C-47B5-96B2-C89AFD2935D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B74B9974-8309-4D4B-9D78-85DF3DD1F659}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C7A8C9CF-5920-419B-8D86-267B5670F73A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D62E7AC8-B3D0-4BCB-ABF4-50AB7E7C7E7B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D71B82F9-A67C-4AF6-855F-26CBDC07FECD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DD740C99-9E1F-4F6C-B12D-47581EBD0B95}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{DFEDFD4C-90D3-498C-A019-764994A05730}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E9BF3629-BBC2-4BDF-A1E9-6AA9D5936564}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0979CCBC-FC16-4E3C-B51C-BC350E42A2E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{09D1DC46-26F9-4E06-804D-8F32A9DF25FB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{16B9E514-4DE9-4E52-941E-8917DBD2307E}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{17D6824C-E403-44C7-8E32-CC92B27F9075}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E369545-520B-43F1-BE64-92E0373FF338}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{2585DD95-3777-4D3B-8F25-C25F94F181C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{288DD202-16C2-4EA3-8AF3-E75446E0E3A4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe | 
"{38A6D1F7-2BE9-4F6D-A608-7A8CEC34191C}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{39BCF1A3-5AF3-4E7E-B3D2-4A03B3431CB1}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{4CA2ECDA-103C-46F4-99F7-1DEB28C72527}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5A5A1C10-D408-4DC4-A2DF-8E9688D04CB2}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{63A4B0CA-29F2-49D2-BB2A-01A5587611BC}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{6835EC21-1DE2-47CD-9EAE-24B7152634CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6AF11C3C-DB4F-4FA4-9C22-1ADADD2C63BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6CCA79C6-AC53-43E7-93E5-8956507FABB2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7339D0B7-28D3-41E0-96C8-947B71D9BC1E}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{73A3BC8E-9938-43A4-874F-E439B36BD185}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{78CC96F5-053A-4D6C-8BC0-AAE8086175B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{79A4362B-0237-4089-BA1C-06FF7C8FDCA8}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{79CDCDBC-850C-4B07-A921-7ACD4D2C69B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F3F2858-12AF-48A0-91EA-682FB32FE7F6}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{7F81A4DF-E1A4-422B-AA2F-6C0C90BCA8B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8C175214-A31E-4CBA-8C2B-23C0526052BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{AC006DDE-9C16-40AD-9DA3-EFBB6EE91BFA}" = protocol=6 | dir=out | app=system | 
"{B01B4F6E-9632-4FAC-91A3-D8D865CEB73B}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{B5181AC3-39B1-409C-A157-68E6DD2225DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BBBC22CD-79AF-4F99-8927-86DB60FE259A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0877613-8A31-470B-A03B-C4481822FC8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C1037972-D67B-46A6-8A9B-F29E6EAB032D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{D63CA58C-3C1D-4D38-9544-EEDAEE84DDCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D95E4CBF-DF5A-4661-A13D-AC3FA644047D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DBE82048-47E5-42C5-A20E-0BC81CB64F27}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E09B4617-93F2-4EF1-9C4C-7062D5E88859}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{E4DC1CD0-E63F-4785-8CA8-9697E24A81E5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{E6C30F76-1E0D-48F6-83D6-B8AF71CDA072}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{F8F48BAA-E751-4341-BA8F-56B79028BFB7}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{F9E40860-4AE8-483E-963D-D2C33F917172}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE880F54-B818-4173-A398-48441A037F35}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.572
"{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid
"{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{74AC7ECE-87E1-41F7-ABA2-5ED9B13CECFA}" = Windows Live Family Safety
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.39
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71277DC4-4217-462A-9FF4-62D7815B2C69}" = ADDICT-THING
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}" = Wireless Console 3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"1&1 Mail & Media GmbH 1und1DesktopIconsInstaller" = WEB.DE Desktop Icons
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"Free Audio Converter_is1" = Free Audio Converter version 5.0.27.725
"Game_Master_2.2 Toolbar" = Game Master 2.2 Toolbar
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"lyrix@lyrixeeker.co" = LyricXeeker
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.57
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.11.1661" = Opera 12.11
"SPEEDbit Video Downloader" = SpeedBit Video Downloader
"Submarine Titans" = Subm
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WiseConvert_1.3 Toolbar" = WiseConvert 1.3 Toolbar
"WNLT" = IB Updater Service
"WsysControl" = Wsys Control 1.0.0.2557
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.04.2013 09:06:53 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Error - 08.04.2013 09:08:45 | Computer Name = Dennis-PC | Source = Application Error
 | ID = 1000
 
Error - 08.04.2013 09:50:16 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Error - 08.04.2013 09:57:47 | Computer Name = Dennis-PC | Source = Application Error
 | ID = 1000
 
Error - 08.04.2013 09:59:38 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Error - 08.04.2013 10:23:00 | Computer Name = Dennis-PC | Source = Application Error
 | ID = 1000
 
Error - 08.04.2013 10:23:03 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x10d8  Startzeit der fehlerhaften Anwendung: 0x01ce3461507259b5
Pfad
 der fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: d288d895-a057-11e2-9006-5404a6e0a73d
 
Error - 09.04.2013 08:54:37 | Computer Name = Dennis-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.04.2013 13:35:02 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Error - 09.04.2013 13:36:12 | Computer Name = Dennis-PC | Source = Application Error
 | ID = 1000
 
Error - 09.04.2013 14:04:58 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Error - 10.04.2013 09:51:07 | Computer Name = Dennis-PC | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description = 
Error - 10.04.2013 13:30:03 | Computer Name = Dennis-PC | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description = 
Error - 10.04.2013 14:27:56 | Computer Name = Dennis-PC | Source = Application Error
 | ID = 1000
 
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16470, Zeitstempel: 0x510c8801
Name des fehlerhaften Moduls: Grabber_pluginU.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ea97632
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0d983af8
ID des fehlerhaften Prozesses: 0x1d5c
Startzeit der fehlerhaften Anwendung: 0x01ce3610bc59db0e
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad des fehlerhaften Moduls: Grabber_pluginU.dll
Berichtskennung: 5ce25db6-a20c-11e2-9006-5404a6e0a73d
Error - 10.04.2013 15:42:59 | Computer Name = Dennis-PC | Source = Application Error
 | ID = 1000
 
Error - 11.04.2013 11:34:15 | Computer Name = Dennis-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 11.04.2013 15:13:48 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Error - 13.04.2013 07:12:14 | Computer Name = Dennis-PC | Source = Application Error
 | ID = 1000
 
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16476, Zeitstempel: 0x5126e7ac
Name des fehlerhaften Moduls: Grabber_pluginU.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ea97632
Ausnahmecode: 0xc0000005
Fehleroffset: 0x06303af8
ID des fehlerhaften Prozesses: 0x99c
Startzeit der fehlerhaften Anwendung: 0x01ce36f254ff481b
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad des fehlerhaften Moduls: Grabber_pluginU.dll
Berichtskennung: fdff3146-a42a-11e2-a55d-5404a6e0a73d
 
Error encountered while reading event logs.
 
< End of report >
         

Geändert von scar_curse (30.07.2013 um 21:23 Uhr)

Alt 30.07.2013, 21:45   #2
M-K-D-B
/// TB-Ausbilder
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.



Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.
__________________

__________________

Alt 30.07.2013, 21:51   #3
M-K-D-B
/// TB-Ausbilder
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



Servus,






AdwCleaner bitte zweimal direkt hintereinander genau so ausführen und beide Logdateien davon posten!

Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von AdwCleaner,
  • die Logdatei von JRT.
__________________
__________________

Alt 30.07.2013, 22:14   #4
scar_curse
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



da ist die GMER datei die hatte oben keinen platz mehr


Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-30 22:51:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0001 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dennis\AppData\Local\Temp\pwdirpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                   fffff800031bb000 77 bytes [4C, 8D, 05, 99, 6D, 07, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 639                                                                                                   fffff800031bb04f 16 bytes {MOV RCX, [RSP+0x260]; XOR RCX, RSP; CALL 0xffffffffffd65081}

---- User code sections - GMER 2.1 ----

.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                0000000076d2efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                              0000000076d599b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                              0000000076d694d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                              0000000076d69640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                       0000000076d8a500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                   000007fefcea3460 7 bytes JMP 000007fffce900d8
.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                     000007fefcea9940 6 bytes JMP 000007fffce90148
.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                        000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                 000007fefceaa150 5 bytes JMP 000007fffce90110
.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                  000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                000007fefd25be40 8 bytes JMP 000007fffce901b8
.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\ole32.dll!CoCreateInstance                                                        000007fefe4f7490 11 bytes JMP 000007fffce90228
.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1316] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                       000007fefe50bf00 7 bytes JMP 000007fffce90260
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                          00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                 000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                 00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                 0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                   0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4                                               0000000076788cd3 1 byte [FC]
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                      0000000075c51d1b 5 bytes JMP 0000000173042450
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                    0000000075c51dc9 5 bytes JMP 00000001730424b0
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                        0000000075c52aa4 5 bytes JMP 0000000173042520
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                           0000000075c52d0a 5 bytes JMP 0000000173042670
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                   0000000075e8e9a2 5 bytes JMP 0000000173041a00
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                     0000000075e8ebdc 5 bytes JMP 0000000173041a90
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                          0000000075ac5ea5 5 bytes JMP 0000000173041ce0
.text     C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[1456] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                           0000000075af9d0b 5 bytes JMP 0000000173041c70
.text     C:\ProgramData\eSafe\eGdpSvc.exe[1568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                       00000000760b1465 2 bytes [0B, 76]
.text     C:\ProgramData\eSafe\eGdpSvc.exe[1568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                      00000000760b14bb 2 bytes [0B, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Windows\system32\Dwm.exe[1876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                000007fefcea3460 7 bytes JMP 000007fffce900d8
.text     C:\Windows\system32\Dwm.exe[1876] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                  000007fefcea9940 6 bytes JMP 000007fffce90148
.text     C:\Windows\system32\Dwm.exe[1876] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                     000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text     C:\Windows\system32\Dwm.exe[1876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                              000007fefceaa150 5 bytes JMP 000007fffce90110
.text     C:\Windows\system32\Dwm.exe[1876] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                               000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text     C:\Windows\system32\Dwm.exe[1876] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                             000007fefd25be40 8 bytes JMP 000007fffce901b8
.text     C:\Windows\AsScrPro.exe[1092] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                        00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Windows\AsScrPro.exe[1092] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                               000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Windows\AsScrPro.exe[1092] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                               00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Windows\AsScrPro.exe[1092] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                               0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Windows\AsScrPro.exe[1092] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                 0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Windows\AsScrPro.exe[1092] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4                                                                             0000000076788cd3 1 byte [FC]
.text     C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                            000007fefcea3460 7 bytes JMP 000007fffce900d8
.text     C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                              000007fefcea9940 6 bytes JMP 000007fffce90148
.text     C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text     C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                          000007fefceaa150 5 bytes JMP 000007fffce90110
.text     C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                           000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text     C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                         000007fefd25be40 8 bytes JMP 000007fffce901b8
.text     C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                 000007fefe4f7490 11 bytes JMP 000007fffce90228
.text     C:\Windows\system32\taskeng.exe[1176] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                000007fefe50bf00 7 bytes JMP 000007fffce90260
.text     C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                    0000000076d2efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                  0000000076d599b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                  0000000076d694d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                  0000000076d69640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                           0000000076d8a500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                       000007fefcea3460 7 bytes JMP 000007fffce900d8
.text     C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                         000007fefcea9940 6 bytes JMP 000007fffce90148
.text     C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                            000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text     C:\Program Files\P4G\BatteryLife.exe[1564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                     000007fefceaa150 5 bytes JMP 000007fffce90110
.text     C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                            000007fefcea3460 7 bytes JMP 000007fffce900d8
.text     C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                              000007fefcea9940 6 bytes JMP 000007fffce90148
.text     C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text     C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                          000007fefceaa150 5 bytes JMP 000007fffce90110
.text     C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                           000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text     C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                         000007fefd25be40 8 bytes JMP 000007fffce901b8
.text     C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                 000007fefe4f7490 11 bytes JMP 000007fffce90228
.text     C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                000007fefe50bf00 7 bytes JMP 000007fffce90260
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                          00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                 000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                 00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                 0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                   0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4                                               0000000076788cd3 1 byte [FC]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                      0000000075c51d1b 5 bytes JMP 0000000173042450
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                    0000000075c51dc9 5 bytes JMP 00000001730424b0
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                        0000000075c52aa4 5 bytes JMP 0000000173042520
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                           0000000075c52d0a 5 bytes JMP 0000000173042670
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                   0000000075e8e9a2 5 bytes JMP 0000000173041a00
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1776] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                     0000000075e8ebdc 5 bytes JMP 0000000173041a90
.text     C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1996] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                    00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1996] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                           000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1996] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                           00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1996] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                           0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1996] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                             0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1996] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4                                         0000000076788cd3 1 byte [FC]
.text     C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2028] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                           00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2028] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                  000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2028] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                  00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2028] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                  0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2028] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                    0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2028] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4                                                0000000076788cd3 1 byte [FC]
.text     C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                           000007fefcea3460 7 bytes JMP 000007fffce900d8
.text     C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                             000007fefcea9940 6 bytes JMP 000007fffce90148
.text     C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text     C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                         000007fefceaa150 5 bytes JMP 000007fffce90110
.text     C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                          000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text     C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                        000007fefd25be40 8 bytes JMP 000007fffce901b8
.text     C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                000007fefe4f7490 11 bytes JMP 000007fffce90228
.text     C:\Windows\SysWOW64\ACEngSvr.exe[2072] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                               000007fefe50bf00 7 bytes JMP 000007fffce90260
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                         0000000076d2efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                       0000000076d599b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                       0000000076d694d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                       0000000076d69640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                0000000076d8a500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                            000007fefcea3460 7 bytes JMP 000007fffce900d8
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                              000007fefcea9940 6 bytes JMP 000007fffce90148
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                          000007fefceaa150 5 bytes JMP 000007fffce90110
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                           000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                         000007fefd25be40 8 bytes JMP 000007fffce901b8
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                 000007fefe4f7490 11 bytes JMP 000007fffce90228
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                000007fefe50bf00 7 bytes JMP 000007fffce90260
.text     C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                        0000000076d2efe0 5 bytes JMP 000000016fff0148
.text     C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                      0000000076d599b0 7 bytes JMP 000000016fff00d8
.text     C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                      0000000076d694d0 5 bytes JMP 000000016fff0180
.text     C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                      0000000076d69640 5 bytes JMP 000000016fff0110
.text     C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                               0000000076d8a500 7 bytes JMP 000000016fff01b8
.text     C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                           000007fefcea3460 7 bytes JMP 000007fffce900d8
.text     C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                             000007fefcea9940 6 bytes JMP 000007fffce90148
.text     C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text     C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                         000007fefceaa150 5 bytes JMP 000007fffce90110
.text     C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                          000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text     C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                        000007fefd25be40 8 bytes JMP 000007fffce901b8
.text     C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                000007fefe4f7490 11 bytes JMP 000007fffce90228
.text     C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                               000007fefe50bf00 7 bytes JMP 000007fffce90260
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                          0000000076d2efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                        0000000076d599b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                        0000000076d694d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                        0000000076d69640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                 0000000076d8a500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                             000007fefcea3460 7 bytes JMP 000007fffce900d8
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                               000007fefcea9940 6 bytes JMP 000007fffce90148
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                  000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                           000007fefceaa150 5 bytes JMP 000007fffce90110
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                  000007fefe4f7490 11 bytes JMP 000007fffce90228
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                 000007fefe50bf00 7 bytes JMP 000007fffce90260
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                            000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3960] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                          000007fefd25be40 8 bytes JMP 000007fffce901b8
.text     C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                   0000000076d2efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                 0000000076d599b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                 0000000076d694d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                 0000000076d69640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                          0000000076d8a500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                      000007fefcea3460 7 bytes JMP 000007fffce900d8
.text     C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                        000007fefcea9940 6 bytes JMP 000007fffce90148
.text     C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                           000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text     C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                    000007fefceaa150 5 bytes JMP 000007fffce90110
.text     C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                     000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text     C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                   000007fefd25be40 8 bytes JMP 000007fffce901b8
.text     C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                           000007fefe4f7490 11 bytes JMP 000007fffce90228
.text     C:\Program Files\Elantech\ETDCtrl.exe[3968] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                          000007fefe50bf00 7 bytes JMP 000007fffce90260
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                            0000000076d2efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                          0000000076d599b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                          0000000076d694d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                          0000000076d69640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                   0000000076d8a500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                               000007fefcea3460 7 bytes JMP 000007fffcc800d8
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                 000007fefcea9940 6 bytes JMP 000007fffcc80148
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                    000007fefcea9fb0 5 bytes JMP 000007fffcc80180
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                             000007fefceaa150 5 bytes JMP 000007fffcc80110
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                              000007fefd2589e0 8 bytes JMP 000007fffcc801f0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3992] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                            000007fefd25be40 8 bytes JMP 000007fffcc801b8
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                   00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                          000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                          00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                          0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                            0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4                                                        0000000076788cd3 1 byte [FC]
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                               0000000075c51d1b 5 bytes JMP 0000000173042450
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                             0000000075c51dc9 5 bytes JMP 00000001730424b0
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                 0000000075c52aa4 5 bytes JMP 0000000173042520
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                    0000000075c52d0a 5 bytes JMP 0000000173042670
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                            0000000075e8e9a2 5 bytes JMP 0000000173041a00
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                              0000000075e8ebdc 5 bytes JMP 0000000173041a90
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                           00000000760b1465 2 bytes [0B, 76]
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          00000000760b14bb 2 bytes [0B, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                                                   0000000070c311a8 2 bytes [C3, 70]
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                                             0000000070c313a8 2 bytes [C3, 70]
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                                                 0000000070c31422 2 bytes [C3, 70]
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1292] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                                          0000000070c31498 2 bytes [C3, 70]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                                  00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW                         000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                         00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                         0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                           0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW + 4                       0000000076788cd3 1 byte [FC]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                              0000000075c51d1b 5 bytes JMP 0000000173042450
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                            0000000075c51dc9 5 bytes JMP 00000001730424b0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                0000000075c52aa4 5 bytes JMP 0000000173042520
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                   0000000075c52d0a 5 bytes JMP 0000000173042670
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                           0000000075e8e9a2 5 bytes JMP 0000000173041a00
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                             0000000075e8ebdc 5 bytes JMP 0000000173041a90
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                  0000000075ac5ea5 5 bytes JMP 0000000173041ce0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1480] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                   0000000075af9d0b 5 bytes JMP 0000000173041c70
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\kernel32.dll!RegSetValueExA             00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW    000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx    00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation    0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW      0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4  0000000076788cd3 1 byte [FC]
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW         0000000075c51d1b 5 bytes JMP 0000000173042450
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW       0000000075c51dc9 5 bytes JMP 00000001730424b0
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW           0000000075c52aa4 5 bytes JMP 0000000173042520
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary              0000000075c52d0a 5 bytes JMP 0000000173042670
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                   00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                          000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                          00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                          0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                            0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4                                        0000000076788cd3 1 byte [FC]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                               0000000075c51d1b 5 bytes JMP 0000000173042450
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                             0000000075c51dc9 5 bytes JMP 00000001730424b0
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                 0000000075c52aa4 5 bytes JMP 0000000173042520
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                    0000000075c52d0a 5 bytes JMP 0000000173042670
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                            00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                   000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                   00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                   0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                     0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4                                 0000000076788cd3 1 byte [FC]
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                        0000000075c51d1b 5 bytes JMP 0000000173042450
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                      0000000075c51dc9 5 bytes JMP 00000001730424b0
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                          0000000075c52aa4 5 bytes JMP 0000000173042520
.text     C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                             0000000075c52d0a 5 bytes JMP 0000000173042670
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                    00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                           000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                           00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                           0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                             0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4                                         0000000076788cd3 1 byte [FC]
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                0000000075c51d1b 5 bytes JMP 0000000173042450
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                              0000000075c51dc9 5 bytes JMP 00000001730424b0
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                  0000000075c52aa4 5 bytes JMP 0000000173042520
.text     C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                     0000000075c52d0a 5 bytes JMP 0000000173042670
.text     C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW                                                    0000000076d2efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx                                                  0000000076d599b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation                                                  0000000076d694d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW                                                  0000000076d69640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNEL32.dll!RegSetValueExA                                                           0000000076d8a500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                       000007fefcea3460 7 bytes JMP 000007fffce900d8
.text     C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                         000007fefcea9940 6 bytes JMP 000007fffce90148
.text     C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                            000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text     C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                     000007fefceaa150 5 bytes JMP 000007fffce90110
.text     C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                      000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text     C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                    000007fefd25be40 8 bytes JMP 000007fffce901b8
.text     C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\ole32.dll!CoCreateInstance                                                            000007fefe4f7490 11 bytes JMP 000007fffce90228
.text     C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[4104] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                           000007fefe50bf00 7 bytes JMP 000007fffce90260
.text     C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                  00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                         000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                         00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                         0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                           0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4                                       0000000076788cd3 1 byte [FC]
.text     C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                              0000000075c51d1b 5 bytes JMP 0000000173042450
.text     C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                            0000000075c51dc9 5 bytes JMP 00000001730424b0
.text     C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                0000000075c52aa4 5 bytes JMP 0000000173042520
.text     C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                   0000000075c52d0a 5 bytes JMP 0000000173042670
.text     C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                         00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                  0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4                              0000000076788cd3 1 byte [FC]
.text     C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                         0000000075ac5ea5 5 bytes JMP 0000000173041ce0
.text     C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[4220] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                          0000000075af9d0b 5 bytes JMP 0000000173041c70
.text     C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                             0000000076d2efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                           0000000076d599b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                           0000000076d694d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                           0000000076d69640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                    0000000076d8a500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                000007fefcea3460 7 bytes JMP 000007fffce900d8
.text     C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                  000007fefcea9940 6 bytes JMP 000007fffce90148
.text     C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                     000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text     C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                              000007fefceaa150 5 bytes JMP 000007fffce90110
.text     C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                               000007fefd2589e0 8 bytes JMP 000007fffce901f0
.text     C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                             000007fefd25be40 8 bytes JMP 000007fffce901b8
.text     C:\Windows\system32\DllHost.exe[4840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                            000007fefcea3460 7 bytes JMP 000007fffce900d8
.text     C:\Windows\system32\DllHost.exe[4840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                              000007fefcea9940 6 bytes JMP 000007fffce90148
.text     C:\Windows\system32\DllHost.exe[4840] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                 000007fefcea9fb0 5 bytes JMP 000007fffce90180
.text     C:\Windows\system32\DllHost.exe[4840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                          000007fefceaa150 5 bytes JMP 000007fffce90110
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   00000000760b1465 2 bytes [0B, 76]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000760b14bb 2 bytes [0B, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                              00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                     000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                     00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                     0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                       0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4                                                                   0000000076788cd3 1 byte [FC]
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                          0000000075c51d1b 5 bytes JMP 0000000173042450
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                        0000000075c51dc9 5 bytes JMP 00000001730424b0
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                            0000000075c52aa4 5 bytes JMP 0000000173042520
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                               0000000075c52d0a 5 bytes JMP 0000000173042670
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                       0000000075e8e9a2 5 bytes JMP 0000000173041a00
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                         0000000075e8ebdc 5 bytes JMP 0000000173041a90
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                              0000000075ac5ea5 5 bytes JMP 0000000173041ce0
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                               0000000075af9d0b 5 bytes JMP 0000000173041c70
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                      00000000760b1465 2 bytes [0B, 76]
.text     C:\Windows\SysWOW64\jmdp\stij.exe[6288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                     00000000760b14bb 2 bytes [0B, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                   00000000766f1429 7 bytes JMP 0000000173041e90
.text     C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                          000000007670b223 5 bytes JMP 0000000173041da0
.text     C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                          00000000767888f4 7 bytes JMP 0000000173041d90
.text     C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                          0000000076788979 5 bytes JMP 0000000173041e80
.text     C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                            0000000076788ccf 3 bytes JMP 0000000173041e10
.text     C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 4                                                        0000000076788cd3 1 byte [FC]
.text     C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                               0000000075c51d1b 5 bytes JMP 0000000173042450
.text     C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                             0000000075c51dc9 5 bytes JMP 00000001730424b0
.text     C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                 0000000075c52aa4 5 bytes JMP 0000000173042520
.text     C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                    0000000075c52d0a 5 bytes JMP 0000000173042670
.text     C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                            0000000075e8e9a2 5 bytes JMP 0000000173041a00
.text     C:\Users\Dennis\Downloads\gmer_2.1.19163.exe[3804] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                              0000000075e8ebdc 5 bytes JMP 0000000173041a90

---- Kernel IAT/EAT - GMER 2.1 ----

IAT       C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback]                                                                                                      [fffff88004b76d18] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd502bbc                                                                                          
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd502bbc (not active ControlSet)                                                                      
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                                                      

---- EOF - GMER 2.1 ----
         
zweimal drüber laufen lassen

1.
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 30/07/2013 um 22:59:22 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dennis - DENNIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Desinfiziert : C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk
Datei Desinfiziert : C:\Users\Dennis\Desktop\WEB.DE.lnk
Datei Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Datei Desinfiziert : C:\Users\Public\Desktop\Opera.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ypoje2mk.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\Dennis\Desktop\SPEEDbit Video Downloader.lnk
Datei Gelöscht : C:\Users\UpdatusUser\Desktop\SPEEDbit Video Downloader.lnk
Gelöscht mit Neustart : C:\ProgramData\eSafe
Gelöscht mit Neustart : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Speedbit
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Freemium
Ordner Gelöscht : C:\Program Files (x86)\SearchPredict
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\Speedbit Video Downloader
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\WiseConvert_1.3
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\Speedbit
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Dennis\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Dennis\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Dennis\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Dennis\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Dennis\AppData\LocalLow\delta
Ordner Gelöscht : C:\Users\Dennis\AppData\LocalLow\Speedbit
Ordner Gelöscht : C:\Users\Dennis\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Dennis\AppData\LocalLow\WiseConvert_1.3
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\Freemium
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523
Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\WiseConvert_1.3
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SpeedBit
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\dedc8de73ce444
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3176986
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3242337
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B}
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\SpeedBit
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\Software\WiseConvert_1.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\dedc8de73ce444
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A292B31-8E42-4D7F-9AD5-640305FC3455}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A054DDEA-7F78-4158-BFC1-6DD5F0C07F07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{71277DC4-4217-462A-9FF4-62D7815B2C69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{774C0434-9948-4DEE-A14E-69CDD316E36C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_1.3 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ypoje2mk.default\prefs.js

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ypoje2mk.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "qvo6");
Gelöscht : user_pref("browser.search.order.1", "qvo6");
Gelöscht : user_pref("browser.search.selectedEngine", "qvo6");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid[...]

-\\ Opera v12.11.1661.0

Datei : C:\Users\Dennis\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [30157 octets] - [30/07/2013 22:57:52]
AdwCleaner[S1].txt - [413 octets] - [30/07/2013 22:58:32]
AdwCleaner[S2].txt - [27316 octets] - [30/07/2013 22:59:22]

########## EOF - C:\AdwCleaner[S2].txt - [27377 octets] ##########
         
2.

Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 30/07/2013 um 23:03:40 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dennis - DENNIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\ProgramData\eSafe
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\eSafeSecControl

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ypoje2mk.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.11.1661.0

Datei : C:\Users\Dennis\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [30157 octets] - [30/07/2013 22:57:52]
AdwCleaner[S1].txt - [413 octets] - [30/07/2013 22:58:32]
AdwCleaner[S2].txt - [27377 octets] - [30/07/2013 22:59:22]
AdwCleaner[S3].txt - [1178 octets] - [30/07/2013 23:03:40]

########## EOF - C:\AdwCleaner[S3].txt - [1238 octets] ##########
         
Das Junkware Removel tool funktioniert nicht !!

ich hab es auf dem desktop gespeichert und mit doppelklick geöffnet der bildschirm wird kurz schwarz und ich werde gefragt ob ich ich das program ausführen möchte jedoch öffnet sich dann die cmd funktion und nicht das programm

Alt 30.07.2013, 22:27   #5
M-K-D-B
/// TB-Ausbilder
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



Servus,



alles klar.



So geht es weiter:






Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)







Schritt 2
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    *qvo6*
    *MyStart Search*
    *Speedbit*
    *eSafe*
    *Conduit*
    *Freemium*
    *SearchPredict*
    *SoftwareUpdater*
    *WsysControl*
    *WsysSvc*
    *SweetIM*
    *WiseConvert*
    *Web Assistant*
    *Babylon*
    *Conduit*
    *Ilivid*
    *PutLockerDownloader*
    *Movie2KDownloader*
    *DataMngr*
    *Softonic*
    
    :folderfind
    *qvo6*
    *MyStart Search*
    *Speedbit*
    *eSafe*
    *Conduit*
    *Freemium*
    *SearchPredict*
    *SoftwareUpdater*
    *WsysControl*
    *WsysSvc*
    *SweetIM*
    *WiseConvert*
    *Web Assistant*
    *Babylon*
    *Conduit*
    *Ilivid*
    *PutLockerDownloader*
    *Movie2KDownloader*
    *DataMngr*
    *Softonic*
    
    :regfind
    qvo6
    MyStart Search
    Speedbit
    eSafe
    Conduit
    Freemium
    SearchPredict
    SoftwareUpdater
    WsysControl
    WsysSvc
    SweetIM
    WiseConvert
    Web Assistant
    Babylon
    Conduit
    Ilivid
    PutLockerDownloader
    Movie2KDownloader
    DataMngr
    Softonic
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von FRST,
  • die Logdatei von SystemLook.

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 30.07.2013, 22:58   #6
scar_curse
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



1.

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by Dennis at 2013-07-30 23:40:22
Running from C:\Users\Dennis\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x32)
Adobe AIR (x32 Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.3.300.262)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Apple Software Update (x32 Version: 2.1.3.127)
ASUS AI Recovery (x32 Version: 1.0.14)
ASUS FancyStart (x32 Version: 1.1.0)
ASUS LifeFrame3 (x32 Version: 3.0.30)
ASUS Live Update (x32 Version: 2.5.9)
ASUS Power4Gear Hybrid (Version: 1.1.45)
ASUS SmartLogon (x32 Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031)
ASUS USB Charger Plus (x32 Version: 2.0.0)
ASUS Virtual Camera (x32 Version: 1.0.21)
ASUS WebStorage (x32 Version: 3.0.84.161)
ASUS_Screensaver (x32)
AsusVibe2.0 (x32 Version: 2.0.10.168)
Atheros Client Installation Program (x32 Version: 7.0)
ATK Package (x32 Version: 1.0.0010)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink Power2Go (x32 Version: 6.1.3602c)
D3DX10 (x32 Version: 15.4.2368.0902)
dows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
ETDWare PS/2-X64 8.0.5.1_WHQL (Version: 8.0.5.1)
Fast Boot (Version: 1.0.9)
Free Audio Converter version 5.0.27.725 (x32 Version: 5.0.27.725)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Game Master 2.2 Toolbar (x32 Version: 6.8.8.8)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2345)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
Intel(R) Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Java Auto Updater (x32 Version: 2.0.7.1)
Java(TM) 6 Update 35 (x32 Version: 6.0.350)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
LyricXeeker (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Age of Empires II (x32)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mp3tag v2.57 (x32 Version: v2.57)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA 3D Vision Driver 268.39 (Version: 268.39)
NVIDIA Control Panel 268.39 (Version: 268.39)
NVIDIA Graphics Driver 268.39 (Version: 268.39)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.265.41.0)
NVIDIA Optimus 1.0.21 (Version: 1.0.21)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6839)
NVIDIA Update Components (Version: 1.0.21)
Opera 12.11 (x32 Version: 12.11.1661)
PC Connectivity Solution (x32 Version: 12.0.76.0)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6370)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10008)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Safari (x32 Version: 5.34.57.2)
Skype™ 6.6 (x32 Version: 6.6.106)
Subm (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.1 (x32 Version: 2.0.1)
WEB.DE Desktop Icons (x32 Version: 3.0.3.0)
WEB.DE MailCheck für Internet Explorer (x32 Version: 2.3.0.2)
WEB.DE Softwareaktualisierung (x32 Version: 3.0.0.54)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
WinFlash (x32 Version: 2.31.1)
Wireless Console 3 (x32 Version: 3.0.21)
Wsys Control 1.0.0.2557 (x32 Version: 1.0.0.2557)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2)
بريد Windows Live (x32 Version: 15.4.3502.0922)
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (x32 Version: 15.4.5722.2)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)

==================== Restore Points  =========================

11-07-2013 17:49:06 Windows Update
12-07-2013 10:34:24 Windows Update
15-07-2013 16:47:00 Windows Update
19-07-2013 19:19:03 Windows Update
23-07-2013 21:22:58 Windows Update
30-07-2013 18:26:19 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0A2C9622-2967-457B-A8F3-53A6E0ABD828} - System32\Tasks\{256FB39D-C251-4D6A-B10B-ED825BA971DD} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2012-02-24] (ASUSTek Computer Inc. All rights reserved.)
Task: {1050AD81-E528-4B53-AEA4-010C5C2313D4} - System32\Tasks\0 => c:\program files (x86)\internet explorer\iexplore.exe [2013-06-12] (Microsoft Corporation)
Task: {1A93CB1A-E1BD-4C13-9CE6-ED922A170C2D} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {26F970D9-4D44-4AFE-85E4-D8CE2E38317C} - System32\Tasks\{416E4BA4-122F-4F04-AC9B-8DC425C99D68} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2012-02-24] (ASUSTek Computer Inc. All rights reserved.)
Task: {2CB4D07E-1781-4293-B12E-F6E4844D15D2} - System32\Tasks\{EC8E078C-6E70-4F26-A581-C3D815E4A4D1} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2012-02-24] (ASUSTek Computer Inc. All rights reserved.)
Task: {2FCE27AE-DD5F-45B9-865D-C30401E4186B} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-05-28] (1&1 Mail & Media GmbH)
Task: {3146C871-7D0F-4862-95F1-157757C760FB} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {3AD4A51E-CA5E-4F21-B0E9-27D498D67BBA} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\Freemium\SystemStore\SoftwareUpdater.Ui.exe No File
Task: {4674F621-F03C-4E74-8C28-AC20B809681F} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {4F3DBD28-41E9-40E4-B53A-04F8AD275922} - System32\Tasks\User_Feed_Synchronization-{9CE161BE-C868-4170-8D65-42CBEDB67714} => C:\Windows\system32\msfeedssync.exe [2013-05-21] (Microsoft Corporation)
Task: {59E0D563-FCD2-4E9D-A571-1B3EF1C12EC2} - System32\Tasks\SBWUpdateTask_Logon_f82dc085-74DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe No File
Task: {648B735B-2980-44BB-A6CC-72BFDCA33E39} - System32\Tasks\SBWUpdateTask_Logon_f82dc085-72DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe No File
Task: {675F432B-70A4-4E9B-AD46-0EC548AD878C} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {69DF53D2-2F33-4258-A8DE-4324F3474211} - System32\Tasks\4790 => C:\Windows\System32\wscript.exe [2009-07-14] (Microsoft Corporation)
Task: {6F96ADF5-13C6-4F37-8E78-1ABBBB3A2A3A} - System32\Tasks\Software Updater => C:\Program Files (x86)\Freemium\SystemStore\SoftwareUpdater.Bootstrapper.exe No File
Task: {74EA2B2C-602C-4438-8B51-44013C7E3DE8} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {77CC950E-D0BC-45EF-984C-062BC44453E9} - System32\Tasks\SBWUpdateTask_Time_f82dc085-72DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe No File
Task: {83B19DC2-4BFD-465C-898D-73DBF9DDEAED} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001Core => C:\Users\Dennis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {88C93C42-6E5F-4A78-8B58-E5E84C28475B} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {8B9F31DD-3EA9-4A93-BFB4-2D793D5AD765} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {9FB4123A-75EA-4F5E-9C3F-F6537272089B} - System32\Tasks\SBWUpdateTask_Time_f82dc085-74DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe No File
Task: {A570762B-1CB4-477D-82A6-B887AD28FE0D} - System32\Tasks\{5E11B9D6-A813-45CB-894C-FD53CF3F993A} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2012-02-24] (ASUSTek Computer Inc. All rights reserved.)
Task: {AC06D0D1-5DEC-4177-926B-F9A24A30351E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {C0105737-D9D6-4D4A-BE1E-09A8A80611CC} - \AdobeFlashPlayerUpdate 2 No Task File
Task: {C765FB13-E859-4D13-8B04-400BC1FE2941} - \AdobeFlashPlayerUpdate No Task File
Task: {CAF1954D-2BDA-4EB4-919D-17C2A2C0A0AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CFF59FC2-5C13-45B8-A38C-656C9A6900DD} - System32\Tasks\LyricXeeker Update => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe [2013-07-25] (LyriXeeker Tech)
Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {D8984D72-2216-45C2-833A-3D07CE812542} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001UA => C:\Users\Dennis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {E3D2E2B1-3959-4BC5-91EB-37D6526E5694} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-06-01] (ASUS)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001Core.job => C:\Users\Dennis\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001UA.job => C:\Users\Dennis\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2013 10:48:35 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/30/2013 09:27:00 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16635 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2fe0

Startzeit: 01ce8d582194a826

Endzeit: 62

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (07/30/2013 09:00:49 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (07/30/2013 02:16:36 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (07/29/2013 11:38:08 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: grabber.dll, Version: 1.1.5.0, Zeitstempel: 0x4ea9764b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001384e
ID des fehlerhaften Prozesses: 0x88c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/29/2013 08:19:48 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (07/29/2013 08:12:24 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/26/2013 07:03:09 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (07/26/2013 03:03:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: IEFRAME.dll, Version: 10.0.9200.16635, Zeitstempel: 0x51b7abdb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00209d07
ID des fehlerhaften Prozesses: 0x1c9c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/26/2013 02:56:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bfdf
ID des fehlerhaften Prozesses: 0x3e54
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3


System errors:
=============
Error: (07/30/2013 11:15:43 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Wsys Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/30/2013 11:06:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (07/30/2013 11:04:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
%%-2147024882

Error: (07/30/2013 11:02:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (07/30/2013 10:38:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (07/30/2013 10:37:01 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎30.‎07.‎2013 um 22:36:09 unerwartet heruntergefahren.

Error: (07/30/2013 10:36:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/30/2013 10:36:04 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AeLookupSvc erreicht.

Error: (07/30/2013 10:35:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iphlpsvc erreicht.

Error: (07/30/2013 10:34:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (07/30/2013 10:48:35 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/30/2013 09:27:00 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.166352fe001ce8d582194a82662C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (07/30/2013 09:00:49 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (07/30/2013 02:16:36 PM) (Source: Windows Backup)(User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (07/29/2013 11:38:08 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921grabber.dll1.1.5.04ea9764bc00000050001384e88c01ce8ca3419b236bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\grabber.dll28547264-f897-11e2-8f95-5404a6e0a73d

Error: (07/29/2013 08:19:48 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (07/29/2013 08:12:24 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/26/2013 07:03:09 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (07/26/2013 03:03:49 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921IEFRAME.dll10.0.9200.1663551b7abdbc000000500209d071c9c01ce8a005d740bf2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\IEFRAME.dllcfe4c947-f5f3-11e2-a755-5404a6e0a73d

Error: (07/26/2013 02:56:21 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.177254ec4aa8ec0000005000000000002bfdf3e5401ce89ff2b922004C:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dllc4e75546-f5f2-11e2-a755-5404a6e0a73d


CodeIntegrity Errors:
===================================
  Date: 2013-07-24 14:27:47.763
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 14:27:47.747
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 14:27:47.747
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 14:27:47.732
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 14:27:47.732
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-24 14:27:47.716
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-14 14:51:12.678
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-14 14:51:12.676
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-14 14:51:12.673
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-14 14:51:12.649
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 4004.97 MB
Available physical RAM: 1927.63 MB
Total Pagefile: 8008.13 MB
Available Pagefile: 5416.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:300.41 GB) (Free:23.8 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:373.22 GB) (Free:120.21 GB) NTFS (Disk=0 Partition=3)
Drive e: (KRD10) (CDROM) (Total:0.23 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: AE14F3C6)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=373 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
2.


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Dennis (administrator) on 30-07-2013 23:39:57
Running from C:\Users\Dennis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2213992 2011-05-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-30] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [Facebook Update] - C:\Users\Dennis\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Syncables] - C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {7bb70e58-71e1-11e1-9bd0-5404a6e0a73d} - F:\NokiaPCIA_Autorun.exe
MountPoints2: {8506d0cc-5eea-11e1-a99b-5404a6e0a73d} - F:\NokiaPCIA_Autorun.exe
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [USBChargerPlusTray] - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [496560 2011-04-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-03-04] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1519680 2013-07-01] (1und1 Mail und Media GmbH)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-04-28] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [193128 2011-04-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: (No Name) - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {D8ABEA3F-1283-4DA7-BE65-E40597C4948C} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {1F4D59AD-0B58-4A7F-8954-0DCE61660B4B} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {8E354526-36E3-46CF-8F74-BC804D385922} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C1F821C0-7823-4701-BB8D-3886288006DD} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C2798CF1-011A-4461-AD6B-DB704AB54A9D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
SearchScopes: HKCU - {D8ABEA3F-1283-4DA7-BE65-E40597C4948C} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: LyricXeeker - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files (x86)\LyriXeeker\125.dll (LyriXeeker Tech)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Game Master 2.2 Toolbar - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Game Master 2.2 Toolbar - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - No Name - {D8215D9C-81ED-4E53-B420-BFCDBAC4734D} -  No File
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\ypoje2mk.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: m2k - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\profiles\extensions\m2k@m2kdownloader.com.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi
FF Extension: No Name - C:\Program Files (x86)\LyriXeeker\125.xpi

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-03-04] (Kaspersky Lab ZAO)
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [376896 2013-07-26] (Wsys Co., Ltd.)

==================== Drivers (Whitelisted) ====================

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-03-04] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-03-04] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-26] (Kaspersky Lab ZAO)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 23:39 - 2013-07-30 23:39 - 01781589 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2013-07-30 23:39 - 2013-07-30 23:39 - 00000000 ____D C:\FRST
2013-07-30 23:11 - 2013-07-30 23:11 - 00003114 _____ C:\Windows\System32\Tasks\{4825769C-57C4-460C-A7FF-AB316724BF5A}
2013-07-30 23:10 - 2013-07-30 23:10 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 23:09 - 2013-07-30 23:10 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Dennis\Desktop\JRT.exe
2013-07-30 23:05 - 2013-07-30 23:06 - 00001307 _____ C:\Users\Dennis\Desktop\AdwCleaner[S3].txt
2013-07-30 23:03 - 2013-07-30 23:04 - 00001307 _____ C:\AdwCleaner[S3].txt
2013-07-30 23:03 - 2013-07-30 23:03 - 00027377 _____ C:\Users\Dennis\Desktop\AdwCleaner[S2].txt
2013-07-30 22:59 - 2013-07-30 23:04 - 00000216 _____ C:\Windows\DeleteOnReboot.bat
2013-07-30 22:59 - 2013-07-30 22:59 - 00027377 _____ C:\AdwCleaner[S2].txt
2013-07-30 22:58 - 2013-07-30 22:58 - 00000413 _____ C:\AdwCleaner[S1].txt
2013-07-30 22:57 - 2013-07-30 22:58 - 00030157 _____ C:\AdwCleaner[R1].txt
2013-07-30 22:56 - 2013-07-30 22:57 - 00666633 _____ C:\Users\Dennis\Desktop\adwcleaner.exe
2013-07-30 22:51 - 2013-07-30 22:51 - 00070852 _____ C:\Users\Dennis\Desktop\Gmer.txt
2013-07-30 22:33 - 2013-07-30 22:33 - 00274544 _____ C:\Windows\Minidump\073013-23322-01.dmp
2013-07-30 21:30 - 2013-07-30 21:30 - 00082330 _____ C:\Users\Dennis\Desktop\Extras.Txt
2013-07-30 21:29 - 2013-07-30 21:29 - 00120542 _____ C:\Users\Dennis\Desktop\OTL.Txt
2013-07-30 21:20 - 2013-07-30 21:21 - 00602112 _____ (OldTimer Tools) C:\Users\Dennis\Desktop\OTL.exe
2013-07-30 21:16 - 2013-07-30 21:17 - 00000474 _____ C:\Users\Dennis\Desktop\defogger_disable.log
2013-07-30 21:16 - 2013-07-30 21:16 - 00000000 _____ C:\Users\Dennis\defogger_reenable
2013-07-26 18:08 - 2013-07-26 18:08 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-07-26 17:58 - 2013-07-26 18:03 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Mp3tag
2013-07-26 17:57 - 2013-07-26 17:57 - 00000985 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-07-26 17:57 - 2013-07-26 17:57 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-07-26 13:52 - 2013-07-30 23:11 - 00000000 ____D C:\ProgramData\eSafe
2013-07-26 13:51 - 2013-07-30 23:05 - 00000390 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-26 13:51 - 2013-07-26 13:51 - 00003040 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-26 13:51 - 2013-07-26 13:51 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-07-26 13:50 - 2013-07-26 13:50 - 00001087 _____ C:\Users\Dennis\Desktop\Continue Download Helper Installation.lnk
2013-07-15 18:48 - 2013-07-15 18:51 - 00000000 ____D C:\Windows\system32\MRT
2013-07-14 21:42 - 2013-07-14 21:42 - 00000000 ____D C:\Users\Dennis\AppData\Local\{FC85F24E-B059-4C37-8F7F-746C878660C3}
2013-07-13 13:16 - 2013-07-13 13:16 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-07-13 13:16 - 2013-07-13 13:16 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-07-12 12:42 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 12:42 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 12:42 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 12:42 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 12:42 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 12:42 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 12:42 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 12:42 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 12:42 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 12:42 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 12:42 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 12:42 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 12:42 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 12:42 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 12:42 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 12:42 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 12:41 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 12:41 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 12:41 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 12:41 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 12:41 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 12:41 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 12:41 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 12:41 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 12:41 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 12:41 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 12:41 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 12:41 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 12:41 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 12:41 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 12:41 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 20:29 - 2013-07-30 22:59 - 00001055 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-11 20:29 - 2013-07-11 20:29 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-11 20:29 - 2013-07-11 20:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-11 20:06 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 20:06 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 20:06 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 20:06 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 19:59 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 19:49 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 19:49 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 21:48 - 2013-07-03 21:48 - 00003876 _____ C:\Windows\System32\Tasks\Registration 1und1 Task
2013-07-03 20:45 - 2013-07-03 20:45 - 00000000 ____D C:\ProgramData\UUdb
2013-06-30 14:41 - 2013-06-30 14:41 - 00000000 ____D C:\Users\Dennis\AppData\Local\{C92EA9FA-C31B-4172-9B08-B72A53D49253}

==================== One Month Modified Files and Folders =======

2013-07-30 23:39 - 2013-07-30 23:39 - 01781589 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2013-07-30 23:39 - 2013-07-30 23:39 - 00000000 ____D C:\FRST
2013-07-30 23:39 - 2012-02-26 15:01 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Skype
2013-07-30 23:14 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 23:14 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 23:11 - 2013-07-30 23:11 - 00003114 _____ C:\Windows\System32\Tasks\{4825769C-57C4-460C-A7FF-AB316724BF5A}
2013-07-30 23:11 - 2013-07-26 13:52 - 00000000 ____D C:\ProgramData\eSafe
2013-07-30 23:10 - 2013-07-30 23:10 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 23:10 - 2013-07-30 23:09 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Dennis\Desktop\JRT.exe
2013-07-30 23:08 - 2012-03-07 16:25 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-30 23:06 - 2013-07-30 23:05 - 00001307 _____ C:\Users\Dennis\Desktop\AdwCleaner[S3].txt
2013-07-30 23:06 - 2011-12-07 00:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-30 23:05 - 2013-07-26 13:51 - 00000390 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-30 23:05 - 2012-10-14 15:21 - 00017991 _____ C:\Windows\setupact.log
2013-07-30 23:05 - 2012-02-08 12:37 - 00000000 ___HD C:\ASUS.DAT
2013-07-30 23:05 - 2011-12-07 00:59 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-07-30 23:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 23:04 - 2013-07-30 23:03 - 00001307 _____ C:\AdwCleaner[S3].txt
2013-07-30 23:04 - 2013-07-30 22:59 - 00000216 _____ C:\Windows\DeleteOnReboot.bat
2013-07-30 23:03 - 2013-07-30 23:03 - 00027377 _____ C:\Users\Dennis\Desktop\AdwCleaner[S2].txt
2013-07-30 23:00 - 2011-12-07 00:27 - 01398291 _____ C:\Windows\WindowsUpdate.log
2013-07-30 22:59 - 2013-07-30 22:59 - 00027377 _____ C:\AdwCleaner[S2].txt
2013-07-30 22:59 - 2013-07-11 20:29 - 00001055 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-30 22:59 - 2013-05-21 19:26 - 00001050 _____ C:\Users\Dennis\Desktop\WEB.DE.lnk
2013-07-30 22:59 - 2013-05-21 18:53 - 00001080 _____ C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk
2013-07-30 22:59 - 2012-12-17 19:19 - 00000969 _____ C:\Users\Public\Desktop\Opera.lnk
2013-07-30 22:59 - 2012-02-08 12:38 - 00000999 _____ C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-30 22:58 - 2013-07-30 22:58 - 00000413 _____ C:\AdwCleaner[S1].txt
2013-07-30 22:58 - 2013-07-30 22:57 - 00030157 _____ C:\AdwCleaner[R1].txt
2013-07-30 22:57 - 2013-07-30 22:56 - 00666633 _____ C:\Users\Dennis\Desktop\adwcleaner.exe
2013-07-30 22:51 - 2013-07-30 22:51 - 00070852 _____ C:\Users\Dennis\Desktop\Gmer.txt
2013-07-30 22:33 - 2013-07-30 22:33 - 00274544 _____ C:\Windows\Minidump\073013-23322-01.dmp
2013-07-30 22:33 - 2013-01-03 22:43 - 00000000 ____D C:\Windows\Minidump
2013-07-30 22:01 - 2012-02-19 23:21 - 00001142 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001UA.job
2013-07-30 21:35 - 2012-02-17 15:02 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\DVDVideoSoft
2013-07-30 21:30 - 2013-07-30 21:30 - 00082330 _____ C:\Users\Dennis\Desktop\Extras.Txt
2013-07-30 21:29 - 2013-07-30 21:29 - 00120542 _____ C:\Users\Dennis\Desktop\OTL.Txt
2013-07-30 21:29 - 2013-05-22 18:58 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9CE161BE-C868-4170-8D65-42CBEDB67714}
2013-07-30 21:21 - 2013-07-30 21:20 - 00602112 _____ (OldTimer Tools) C:\Users\Dennis\Desktop\OTL.exe
2013-07-30 21:17 - 2013-07-30 21:16 - 00000474 _____ C:\Users\Dennis\Desktop\defogger_disable.log
2013-07-30 21:16 - 2013-07-30 21:16 - 00000000 _____ C:\Users\Dennis\defogger_reenable
2013-07-30 21:16 - 2012-02-08 12:37 - 00000000 ____D C:\Users\Dennis
2013-07-30 20:33 - 2012-04-02 22:13 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\vlc
2013-07-30 20:16 - 2011-02-19 06:24 - 00682942 _____ C:\Windows\system32\perfh007.dat
2013-07-30 20:16 - 2011-02-19 06:24 - 00139568 _____ C:\Windows\system32\perfc007.dat
2013-07-30 20:16 - 2009-07-14 07:13 - 01559994 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 14:06 - 2012-02-19 23:21 - 00001120 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1358336353-1735679166-2578516172-1001Core.job
2013-07-27 14:13 - 2011-12-07 00:57 - 00001471 _____ C:\Windows\system32\ServiceFilter.ini
2013-07-27 14:12 - 2011-04-13 03:39 - 00350790 _____ C:\Windows\PFRO.log
2013-07-26 19:20 - 2012-02-08 15:12 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\SoftGrid Client
2013-07-26 18:08 - 2013-07-26 18:08 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-07-26 18:03 - 2013-07-26 17:58 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Mp3tag
2013-07-26 17:57 - 2013-07-26 17:57 - 00000985 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-07-26 17:57 - 2013-07-26 17:57 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-07-26 13:51 - 2013-07-26 13:51 - 00003040 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-26 13:51 - 2013-07-26 13:51 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-07-26 13:50 - 2013-07-26 13:50 - 00001087 _____ C:\Users\Dennis\Desktop\Continue Download Helper Installation.lnk
2013-07-22 18:26 - 2012-10-15 14:54 - 00000000 ____D C:\Users\Dennis\Documents\Erörterung Schuluniform
2013-07-15 18:51 - 2013-07-15 18:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-14 21:42 - 2013-07-14 21:42 - 00000000 ____D C:\Users\Dennis\AppData\Local\{FC85F24E-B059-4C37-8F7F-746C878660C3}
2013-07-14 14:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-13 13:16 - 2013-07-13 13:16 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-07-13 13:16 - 2013-07-13 13:16 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-07-13 13:14 - 2012-04-04 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-13 13:14 - 2009-07-14 06:45 - 00277584 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 13:13 - 2012-05-15 13:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 13:13 - 2012-05-15 13:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 13:12 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 13:12 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 13:12 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 20:35 - 2012-03-20 20:49 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Mozilla
2013-07-11 20:29 - 2013-07-11 20:29 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-11 20:29 - 2013-07-11 20:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-11 20:15 - 2013-05-30 18:25 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Apple Computer
2013-07-11 19:54 - 2012-02-26 15:01 - 00000000 ____D C:\ProgramData\Skype
2013-07-11 19:53 - 2013-02-14 22:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-03 21:48 - 2013-07-03 21:48 - 00003876 _____ C:\Windows\System32\Tasks\Registration 1und1 Task
2013-07-03 20:45 - 2013-07-03 20:45 - 00000000 ____D C:\ProgramData\UUdb
2013-07-03 20:45 - 2013-05-21 18:52 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2013-06-30 14:41 - 2013-06-30 14:41 - 00000000 ____D C:\Users\Dennis\AppData\Local\{C92EA9FA-C31B-4172-9B08-B72A53D49253}
2013-06-30 12:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-24 14:27

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Die systemlok datei is zu groß und ich weiß nich wie ich die zip datei senden soll

Alt 30.07.2013, 23:22   #7
scar_curse
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



ich habs jetzt auf zweimal aufgeteilt ich hoffe du kannst damit was anfangen

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 23:43 on 30/07/2013 by Dennis
Administrator - Elevation successful

No Context: *SoftwareUpdater*

No Context: *WsysControl*

No Context: *WsysSvc*

No Context: *SweetIM*

No Context: *WiseConvert*

No Context: *Web Assistant*

No Context: *Babylon*

No Context: *Conduit*

No Context: *Ilivid*

No Context: *PutLockerDownloader*

No Context: *Movie2KDownloader*

No Context: *DataMngr*

No Context: *Softonic*

========== folderfind ==========

Searching for "*qvo6*"
No folders found.

Searching for "*MyStart Search*"
No folders found.

Searching for "*Speedbit*"
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\SpeedBit	d------	[22:19 25/02/2012]

Searching for "*eSafe*"
C:\ProgramData\eSafe	d------	[11:52 26/07/2013]
C:\Users\All Users\eSafe	d------	[11:52 26/07/2013]

Searching for "*Conduit*"
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\Repository\conduit_CT3176986_CT3176986	d------	[13:21 22/04/2012]
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\Repository\conduit_CT3176986_en	d------	[13:21 22/04/2012]

Searching for "*Freemium*"
No folders found.

Searching for "*SearchPredict*"
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\SpeedBit\SearchPredict	d------	[22:19 25/02/2012]

Searching for "*SoftwareUpdater*"
No folders found.

Searching for "*WsysControl*"
No folders found.

Searching for "*WsysSvc*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_01fdf556	d----c-	[21:07 30/07/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_0545c6c7	d----c-	[21:02 30/07/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_0c05e85b	d----c-	[20:38 30/07/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_0c11fc0a	d----c-	[20:35 30/07/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_1149e8c8	d----c-	[12:14 27/07/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_01fdf556	d----c-	[21:07 30/07/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_0545c6c7	d----c-	[21:02 30/07/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_0c05e85b	d----c-	[20:38 30/07/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_0c11fc0a	d----c-	[20:35 30/07/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_WsysSvc_bab66fdb7db2424a2e7c33dc471aa76953a928d_1149e8c8	d----c-	[12:14 27/07/2013]

Searching for "*SweetIM*"
No folders found.

Searching for "*WiseConvert*"
No folders found.

Searching for "*Web Assistant*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Conduit*"
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\Repository\conduit_CT3176986_CT3176986	d------	[13:21 22/04/2012]
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\Repository\conduit_CT3176986_en	d------	[13:21 22/04/2012]

Searching for "*Ilivid*"
No folders found.

Searching for "*PutLockerDownloader*"
No folders found.

Searching for "*Movie2KDownloader*"
No folders found.

Searching for "*DataMngr*"
No folders found.

Searching for "*Softonic*"
No folders found.

========== regfind ==========

Searching for "qvo6"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="qvo6.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command]
@=""C:\Program Files (x86)\Opera\Opera.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Safari.exe\shell\open\command]
@=""C:\Program Files (x86)\Safari\Safari.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Opera\shell\open\command]
@=""C:\Program Files (x86)\Opera\Opera.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Safari.exe\shell\open\command]
@=""C:\Program Files (x86)\Safari\Safari.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9750423AS_5WS2X6ZFXXXX5WS2X6ZF&ts=1374839523"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="qvo6.com"

Searching for "MyStart Search"
No data found.

Searching for "Speedbit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SBCONVERT\Toolbar]
"toolbar_name"="SpeedBit Video Downloader"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SpeedBit]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.bab
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\TBU54\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\SPEEDbitVideoConverter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\SPEEDbitVideoConverter\command]
@=""C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe" -convert=%1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\0\win32]
@="C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\grabber.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\HELPDIR]
@="C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\0\win32]
@="C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\grabber.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\HELPDIR]
@="C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\GRRemove.exe"="WINXPSP2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\0\win32]
@="C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\grabber.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\HELPDIR]
@="C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:1]
"0"="hxxp://home.speedbit.com/?pid=%s&aid=%s"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:1]
"1"="hxxp://home.speedbit.com/?pid=%s&aid=%s"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:2]
"0"="hxxp://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:2]
"1"="Speedbit"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:2]
"2"="Speedbit"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:2]
"3"="hxxp://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SBUpdate\2:1:2]
"4"="Speedbit"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\Video Converter]
"EXELOCATION"="C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\Video Downloader]
"EXELOCATION"="C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SBCONVERT\Toolbar]
"toolbar_name"="SpeedBit Video Downloader"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SpeedBit]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\TBU54\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\SPEEDbit Video Downloader\TBUCE\Converter.exe"="ELEVATECREATEPROCESS"

Searching for "eSafe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eSafeSecControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eSafeSecControl]
"pid"="eSafe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP13\environment]
"CreateSafeBankingShortcut"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl]
"UninstallString"="C:\ProgramData\eSafe\eGdpSvc.exe -unsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl]
"DisplayIcon"="C:\ProgramData\eSafe\eGdpSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WsysSvc]
"ImagePath"="C:\ProgramData\eSafe\eGdpSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WsysSvc]
"ImagePath"="C:\ProgramData\eSafe\eGdpSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WsysSvc]
"ImagePath"="C:\ProgramData\eSafe\eGdpSvc.exe"

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.bab
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"URL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"FaviconURL"="hxxp://search.conduit.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186EE49B-1BF8-49F7-A35F-046C26B4AE41}]
"AppPath"="C:\Users\Dennis\AppData\Local\Conduit\CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1578829]
"Url"="hxxp://alerts.conduit-services.com/root/1584626/1578829/DE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1686465]
"Url"="hxxp://alerts.conduit-services.com/root/1694750/1686465/DE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="hxxp://alert.client.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="hxxp://alert.services.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="hxxp://alert.storage.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="hxxp://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="hxxp://alerts.conduit-services.com/translation/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"GroupingServerURL"="hxxp://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"UsageURL"="hxxp://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"PrivacyPageURL"="hxxp://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"DisplayTrusteSeal"="hxxp://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"ClientLogURL"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"UninstallURL"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"AppsDetectionUrlPattern"="hxxp://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppRegisterUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppsMetaData]
"ServiceUrl"="hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppsSettings]
"ServiceUrl"="hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppTrackingFirstTime]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppTrackingUsage]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppUninstallUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\BrowserToolbarsInfo]
"ServiceUrl"="hxxp://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ClientErrorLog]
"ServiceUrl"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\DynamicDialogs]
"ServiceUrl"="hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\GottenAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\HostingUsage]
"ServiceUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\LocationService]
"ServiceUrl"="hxxp://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\OtherAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\RecoveryService]
"ServiceUrl"="hxxp://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\SearchInNewTabBlank]
"ServiceUrl"="hxxp://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\SearchSettings]
"ServiceUrl"="hxxp://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\SharedAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarAppComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarAppUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarGrouping]
"ServiceUrl"="hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarHiddenLogin]
"ServiceUrl"="hxxp://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarHiddenSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarHiddenSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarLogin]
"ServiceUrl"="hxxp://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettingsForPublisher]
"ServiceUrl"="hxxp://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettingsPublisherForSB]
"ServiceUrl"="hxxp://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarTranslation]
"ServiceUrl"="hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarUninstall]
"ServiceUrl"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\UninstallDialog]
"ServiceUrl"="hxxp://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\UninstallDialogUsage]
"ServiceUrl"="hxxp://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986_CT3176986]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986_en]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\1184528413]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\1937116224]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\1949336188]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\216373863]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\2193882660]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\2557620898]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\2887160320]
"dbname"="conduit_CT3176986_en"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\3232681265]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\3408848799]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\458075172]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176986&amp;SearchSource=2&amp;q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\BackHandStorage\http___facebook_conduitapps_com_component_html_mode=2]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\BackHandStorage\http___storage_conduit_com_PS_ShoppingApp_V1_pgcb1_2_html_ctid=CT3176986]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="hxxp://search.conduit.com?SearchSource=10&amp;ctid=CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&amp;SearchSource=4&amp;ctid=CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\MyStuff]
"AddStuffLink"="hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\RadioPlayer]
"ServerUrl"="hxxp://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Update]
"ModuleURL"="hxxp://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Upgrade]
"ModuleURL"="hxxp://ieupgrade.conduit-download.com/IEUpgrade/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Weather]
"SearchServerUrl"="hxxp://search.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>GMXX0027</LOCATION_ID><DAYS><DAY1><DATE>20120621</DATE><DAY>Thursday</DAY><F_MIN>55</F_MIN><F_MAX>76</F_MAX><C_MIN>12</C_MIN><C_MAX>24</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>7</UV_INDEX><SUNSET>9:54 pm</SUNSET><SUNRISE>5:16 am</SUNRISE><MOONRISE>7:11 am</MOONRISE><MOONSET>10:50 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Thunderstorm</CONDITION_DESCRIPTION><CONDITION_ICON>hxxp://weather.conduit.com/images/weather/Default/thunderstorm_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120622</DATE><DAY>Friday</DAY><F_MIN>57</F_MIN><F_MAX>68</F_MAX><C_MIN>13</C_MIN><C_MAX>20</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>7</UV_INDEX><SUNSET>9:54 pm</SUNSET><SUNRISE>5:16 am</SUNRISE><MOONRISE>8:19 am</MOONRISE><MOONSET>11:17 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>S
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"GroupingServerURL"="hxxp://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"UsageURL"="hxxp://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"PrivacyPageURL"="hxxp://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"DisplayTrusteSeal"="hxxp://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"ClientLogURL"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"UninstallURL"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"AppsDetectionUrlPattern"="hxxp://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ABTestUsage]
"ServiceUrl"="hxxp://tb-test.conduit-data.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppRegisterUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppsMetaData]
"ServiceUrl"="hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppsSettings]
"ServiceUrl"="hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppTrackingFirstTime]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppTrackingUsage]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppUninstallUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\BrowserToolbarsInfo]
"ServiceUrl"="hxxp://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ClientErrorLog]
"ServiceUrl"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\DynamicDialogs]
"ServiceUrl"="hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\GottenAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\HostingUsage]
"ServiceUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\LocationService]
"ServiceUrl"="hxxp://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\OtherAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\RecoveryService]
"ServiceUrl"="hxxp://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\SearchInNewTabBlank]
"ServiceUrl"="hxxp://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\SearchSettings]
"ServiceUrl"="hxxp://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\SharedAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarAppComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarAppUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarGrouping]
"ServiceUrl"="hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarHiddenLogin]
"ServiceUrl"="hxxp://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarHiddenSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarHiddenSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarLogin]
"ServiceUrl"="hxxp://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettingsForPublisher]
"ServiceUrl"="hxxp://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettingsPublisherForSB]
"ServiceUrl"="hxxp://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarTranslation]
"ServiceUrl"="hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarUninstall]
"ServiceUrl"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\UninstallDialog]
"ServiceUrl"="hxxp://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\UninstallDialogUsage]
"ServiceUrl"="hxxp://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337_CT3242337]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337_de]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\1479446183]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\1505242532]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\176242965]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2198161339]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2358789027]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2385328035]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2405949718]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\3381618689]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\4022910144]
"dbname"="conduit_CT3242337_de"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\408928033]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\531889087]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\848826655]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3242337&SearchSource=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\BackHandStorage\http___storage_conduit_com_PS_ShoppingApp_V1_pgcb1_2_html_ctid=CT3242337]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="hxxp://search.conduit.com?SearchSource=10&amp;ctid=CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&amp;SearchSource=4&amp;ctid=CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\MyStuff]
"AddStuffLink"="hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\RadioPlayer]
"ServerUrl"="hxxp://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Update]
"ModuleURL"="hxxp://ieupdate.conduit.com/ver6.9.0.16/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Upgrade]
"ModuleURL"="hxxp://ieupgrade.conduit-download.com/IEUpgrade/ver6.9.0.16/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Weather]
"SearchServerUrl"="hxxp://search.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Weather\de]
"Forecast"="<FORECAST><LOCATION_ID>GMXX0128</LOCATION_ID><DAYS><DAY1><DATE>20120816</DATE><DAY>Donnerstag</DAY><F_MIN>58</F_MIN><F_MAX>77</F_MAX><C_MIN>14</C_MIN><C_MAX>25</C_MAX><UV_DESCRIPTION>Hoch</UV_DESCRIPTION><UV_INDEX>7</UV_INDEX><SUNSET>8:36 pm</SUNSET><SUNRISE>6:18 am</SUNRISE><MOONRISE>4:59 am</MOONRISE><MOONSET>7:34 pm</MOONSET><MOON_PHASE>Abnehmender Halbmond</MOON_PHASE><CONDITION_DESCRIPTION>Meistens sonnig</CONDITION_DESCRIPTION><CONDITION_ICON>hxxp://weather.conduit.com/images/weather/Default/sunny_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120817</DATE><DAY>Freitag</DAY><F_MIN>60</F_MIN><F_MAX>84</F_MAX><C_MIN>15</C_MIN><C_MAX>28</C_MAX><UV_DESCRIPTION>Hoch</UV_DESCRIPTION><UV_INDEX>6</UV_INDEX><SUNSET>8:34 pm</SUNSET><SUNRISE>6:19 am</SUNRISE><MOONRISE>6:09 am</MOONRISE><MOONSET>8:01 pm</MOONSET><MOON_PHASE>Neu</MOON_PHASE><CONDITION_DESCRIPTION>Sonnig</CON
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"URL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"FaviconURL"="hxxp://search.conduit.com/favicon.ico"

Searching for "Freemium"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c4e103af_0]
@="{0.0.0.00000000}.{bcd4b308-07c4-4c5c-b6c5-e7fe6a9a61b2}|\Device\HarddiskVolume2\Program Files (x86)\Freemium\TubeBox\TubeBox.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Freemium\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Freemium\SystemStore\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Freemium]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freemium_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freemium_RASMANCS]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c4e103af_0]
@="{0.0.0.00000000}.{bcd4b308-07c4-4c5c-b6c5-e7fe6a9a61b2}|\Device\HarddiskVolume2\Program Files (x86)\Freemium\TubeBox\TubeBox.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "SearchPredict"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SpeedBit\SearchPredict]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit\SearchPredict]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SpeedBit\SearchPredict]

Searching for "SoftwareUpdater"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\Nokia\Nokia Suite\plugins]
"SoftwareUpdater.dll"="40704 0 Windows msvc release full-config 2012-12-21T17:57:02"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\Nokia\Nokia Suite\plugins]
"SoftwareUpdater.dll"="40704 0 Windows msvc release full-config 2012-12-21T17:57:02"

Searching for "WsysControl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl]

Searching for "WsysSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\WsysSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WsysSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\WsysSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WsysSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WsysSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37AE9C22-CA3A-4F9E-89C7-274B171D4B4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\eSafe\eGdpSvc.exe|Name=WsysSvc|EmbedCtxt=WsysSvc|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WsysSvc]

Searching for "SweetIM"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SweetIM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\update\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\contentdb\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4]
"4340C4778499EED41AE496DC3D613EC6"="C?\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C]
"4340C4778499EED41AE496DC3D613EC6"="C?\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420]
"4340C4778499EED41AE496DC3D613EC6"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6\InstallProperties]
"Contact"="SweetIM Technical Support Department"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6\InstallProperties]
"HelpLink"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6\InstallProperties]
"Publisher"="SweetIM Technologies Ltd."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6\InstallProperties]
"URLInfoAbout"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6\InstallProperties]
"URLUpdateInfo"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\sweetimsetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\sweetimsetup_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16B9E514-4DE9-4E52-941E-8917DBD2307E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5A5A1C10-D408-4DC4-A2DF-8E9688D04CB2}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16B9E514-4DE9-4E52-941E-8917DBD2307E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5A5A1C10-D408-4DC4-A2DF-8E9688D04CB2}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16B9E514-4DE9-4E52-941E-8917DBD2307E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5A5A1C10-D408-4DC4-A2DF-8E9688D04CB2}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SweetIM]
         

Alt 30.07.2013, 23:23   #8
scar_curse
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



Code:
ATTFilter
Searching for "WiseConvert"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"DisplayName"="WiseConvert 1.3 Customized Web Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert 1.3 Toolbar]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1686465]
"Title"="WiseConvert 1.3 Notifications"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"WebServerUrl"="hxxp://WiseConvert13.OurToolbar.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"DisplayName"="WiseConvert 1.3"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"BrowserOpenUrl"="hxxp://WiseConvert13.OurToolbar.com/SetupFinish"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"HomePageUrl"="hxxp://www.wiseconvert.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"RadioHelpUrl"="hxxp://WiseConvert13.OurToolbar.com/help/#2_5"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\BackHandStorage\http___wiseconvert_com_like_special_html]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"DisplayName"="WiseConvert 1.3 Customized Web Search"

Searching for "Web Assistant"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"product_name"="Web Assistant"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"="C:\Program Files\Web Assistant\Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"="C:\Program Files\Web Assistant\Firefox"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Web Assistant]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"product_name"="Web Assistant"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Web Assistant]

Searching for "Babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.bab
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q"

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.bab
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"URL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"FaviconURL"="hxxp://search.conduit.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186EE49B-1BF8-49F7-A35F-046C26B4AE41}]
"AppPath"="C:\Users\Dennis\AppData\Local\Conduit\CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1578829]
"Url"="hxxp://alerts.conduit-services.com/root/1584626/1578829/DE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1686465]
"Url"="hxxp://alerts.conduit-services.com/root/1694750/1686465/DE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="hxxp://alert.client.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="hxxp://alert.services.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="hxxp://alert.storage.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="hxxp://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="hxxp://alerts.conduit-services.com/translation/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"GroupingServerURL"="hxxp://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"UsageURL"="hxxp://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"PrivacyPageURL"="hxxp://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"DisplayTrusteSeal"="hxxp://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"ClientLogURL"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"UninstallURL"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar]
"AppsDetectionUrlPattern"="hxxp://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppRegisterUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppsMetaData]
"ServiceUrl"="hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppsSettings]
"ServiceUrl"="hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppTrackingFirstTime]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppTrackingUsage]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\AppUninstallUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\BrowserToolbarsInfo]
"ServiceUrl"="hxxp://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ClientErrorLog]
"ServiceUrl"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\DynamicDialogs]
"ServiceUrl"="hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\GottenAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\HostingUsage]
"ServiceUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\LocationService]
"ServiceUrl"="hxxp://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\OtherAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\RecoveryService]
"ServiceUrl"="hxxp://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\SearchInNewTabBlank]
"ServiceUrl"="hxxp://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\SearchSettings]
"ServiceUrl"="hxxp://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\SharedAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarAppComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarAppUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarGrouping]
"ServiceUrl"="hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarHiddenLogin]
"ServiceUrl"="hxxp://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarHiddenSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarHiddenSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarLogin]
"ServiceUrl"="hxxp://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettingsForPublisher]
"ServiceUrl"="hxxp://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarSettingsPublisherForSB]
"ServiceUrl"="hxxp://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarTranslation]
"ServiceUrl"="hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarUninstall]
"ServiceUrl"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\ToolbarUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\UninstallDialog]
"ServiceUrl"="hxxp://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986\UninstallDialogUsage]
"ServiceUrl"="hxxp://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986_CT3176986]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\conduit_CT3176986_en]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\1184528413]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\1937116224]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\1949336188]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\216373863]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\2193882660]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\2557620898]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\2887160320]
"dbname"="conduit_CT3176986_en"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\3232681265]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\3408848799]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Repository\MetaData\458075172]
"dbname"="conduit_CT3176986_CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176986&amp;SearchSource=2&amp;q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\BackHandStorage\http___facebook_conduitapps_com_component_html_mode=2]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\BackHandStorage\http___storage_conduit_com_PS_ShoppingApp_V1_pgcb1_2_html_ctid=CT3176986]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="hxxp://search.conduit.com?SearchSource=10&amp;ctid=CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&amp;SearchSource=4&amp;ctid=CT3176986"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\MyStuff]
"AddStuffLink"="hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\RadioPlayer]
"ServerUrl"="hxxp://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Update]
"ModuleURL"="hxxp://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Upgrade]
"ModuleURL"="hxxp://ieupgrade.conduit-download.com/IEUpgrade/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Weather]
"SearchServerUrl"="hxxp://search.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>GMXX0027</LOCATION_ID><DAYS><DAY1><DATE>20120621</DATE><DAY>Thursday</DAY><F_MIN>55</F_MIN><F_MAX>76</F_MAX><C_MIN>12</C_MIN><C_MAX>24</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>7</UV_INDEX><SUNSET>9:54 pm</SUNSET><SUNRISE>5:16 am</SUNRISE><MOONRISE>7:11 am</MOONRISE><MOONSET>10:50 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Thunderstorm</CONDITION_DESCRIPTION><CONDITION_ICON>hxxp://weather.conduit.com/images/weather/Default/thunderstorm_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120622</DATE><DAY>Friday</DAY><F_MIN>57</F_MIN><F_MAX>68</F_MAX><C_MIN>13</C_MIN><C_MAX>20</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>7</UV_INDEX><SUNSET>9:54 pm</SUNSET><SUNRISE>5:16 am</SUNRISE><MOONRISE>8:19 am</MOONRISE><MOONSET>11:17 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>S
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"GroupingServerURL"="hxxp://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"UsageURL"="hxxp://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"PrivacyPageURL"="hxxp://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"DisplayTrusteSeal"="hxxp://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"ClientLogURL"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"UninstallURL"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar]
"AppsDetectionUrlPattern"="hxxp://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ABTestUsage]
"ServiceUrl"="hxxp://tb-test.conduit-data.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppRegisterUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppsMetaData]
"ServiceUrl"="hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppsSettings]
"ServiceUrl"="hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppTrackingFirstTime]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppTrackingUsage]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\AppUninstallUsage]
"ServiceUrl"="hxxp://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\BrowserToolbarsInfo]
"ServiceUrl"="hxxp://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ClientErrorLog]
"ServiceUrl"="hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\DynamicDialogs]
"ServiceUrl"="hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\GottenAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\HostingUsage]
"ServiceUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\LocationService]
"ServiceUrl"="hxxp://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\OtherAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\RecoveryService]
"ServiceUrl"="hxxp://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\SearchInNewTabBlank]
"ServiceUrl"="hxxp://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\SearchSettings]
"ServiceUrl"="hxxp://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\SharedAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarAppComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarAppUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarGrouping]
"ServiceUrl"="hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarHiddenLogin]
"ServiceUrl"="hxxp://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarHiddenSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarHiddenSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarLogin]
"ServiceUrl"="hxxp://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettings]
"ServiceUrl"="hxxp://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettingsForPublisher]
"ServiceUrl"="hxxp://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettingsForSB]
"ServiceUrl"="hxxp://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarSettingsPublisherForSB]
"ServiceUrl"="hxxp://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarTranslation]
"ServiceUrl"="hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarUninstall]
"ServiceUrl"="hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\ToolbarUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\UninstallDialog]
"ServiceUrl"="hxxp://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337\UninstallDialogUsage]
"ServiceUrl"="hxxp://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337_CT3242337]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\conduit_CT3242337_de]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\1479446183]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\1505242532]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\176242965]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2198161339]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2358789027]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2385328035]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\2405949718]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\3381618689]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\4022910144]
"dbname"="conduit_CT3242337_de"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\408928033]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\531889087]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Repository\MetaData\848826655]
"dbname"="conduit_CT3242337_CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3242337&SearchSource=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\BackHandStorage\http___storage_conduit_com_PS_ShoppingApp_V1_pgcb1_2_html_ctid=CT3242337]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="hxxp://search.conduit.com?SearchSource=10&amp;ctid=CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&amp;SearchSource=4&amp;ctid=CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\MyStuff]
"AddStuffLink"="hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\RadioPlayer]
"ServerUrl"="hxxp://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Update]
"ModuleURL"="hxxp://ieupdate.conduit.com/ver6.9.0.16/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Upgrade]
"ModuleURL"="hxxp://ieupgrade.conduit-download.com/IEUpgrade/ver6.9.0.16/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Weather]
"SearchServerUrl"="hxxp://search.conduit.com/"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3\toolbar\Settings\Weather\de]
"Forecast"="<FORECAST><LOCATION_ID>GMXX0128</LOCATION_ID><DAYS><DAY1><DATE>20120816</DATE><DAY>Donnerstag</DAY><F_MIN>58</F_MIN><F_MAX>77</F_MAX><C_MIN>14</C_MIN><C_MAX>25</C_MAX><UV_DESCRIPTION>Hoch</UV_DESCRIPTION><UV_INDEX>7</UV_INDEX><SUNSET>8:36 pm</SUNSET><SUNRISE>6:18 am</SUNRISE><MOONRISE>4:59 am</MOONRISE><MOONSET>7:34 pm</MOONSET><MOON_PHASE>Abnehmender Halbmond</MOON_PHASE><CONDITION_DESCRIPTION>Meistens sonnig</CONDITION_DESCRIPTION><CONDITION_ICON>hxxp://weather.conduit.com/images/weather/Default/sunny_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120817</DATE><DAY>Freitag</DAY><F_MIN>60</F_MIN><F_MAX>84</F_MAX><C_MIN>15</C_MIN><C_MAX>28</C_MAX><UV_DESCRIPTION>Hoch</UV_DESCRIPTION><UV_INDEX>6</UV_INDEX><SUNSET>8:34 pm</SUNSET><SUNRISE>6:19 am</SUNRISE><MOONRISE>6:09 am</MOONRISE><MOONSET>8:01 pm</MOONSET><MOON_PHASE>Neu</MOON_PHASE><CONDITION_DESCRIPTION>Sonnig</CON
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"URL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D}]
"FaviconURL"="hxxp://search.conduit.com/favicon.ico"

Searching for "Ilivid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e73434e_0]
@="{0.0.0.00000000}.{bcd4b308-07c4-4c5c-b6c5-e7fe6a9a61b2}|\Device\HarddiskVolume2\Program Files (x86)\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e73434e_0]
@="{0.0.0.00000000}.{bcd4b308-07c4-4c5c-b6c5-e7fe6a9a61b2}|\Device\HarddiskVolume2\Program Files (x86)\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]

Searching for "PutLockerDownloader"
No data found.

Searching for "Movie2KDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn]
"path"="C:\Program Files (x86)\Movie2KDownloader.com\m2kDownloader10.crx"

Searching for "DataMngr"
No data found.

Searching for "Softonic"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isearch.bab
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_blackList"="form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic-tbsbox-en-us|src=tlbvw|sap=tr|src=1|/toolbar|SearchSource=1|SearchSource=44|qsrc=2871|babsrc=TB_def|||8641375132985905"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASMANCS]
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q"
[HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant\script_storage]
"WSG_blackList"="form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic-tbsbox-en-us|src=tlbvw|sap=tr|src=1|/toolbar|SearchSource=1|SearchSource=44|qsrc=2871|babsrc=TB_def|||8641375132985905"

-= EOF =-
         

Alt 31.07.2013, 07:29   #9
M-K-D-B
/// TB-Ausbilder
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



Servus,



du hast SystemLook nur zum Teil richtig ausgeführt... den Paramenter ":filefind" hast du vergessen... daher gleich nochmal:



  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    *qvo6*
    *MyStart Search*
    *Speedbit*
    *eSafe*
    *Conduit*
    *Freemium*
    *SearchPredict*
    *SoftwareUpdater*
    *WsysControl*
    *WsysSvc*
    *SweetIM*
    *WiseConvert*
    *Web Assistant*
    *Babylon*
    *Conduit*
    *Ilivid*
    *PutLockerDownloader*
    *Movie2KDownloader*
    *DataMngr*
    *Softonic*
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 31.07.2013, 11:05   #10
scar_curse
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



Tut mir leid hier die neue datei

Code:
ATTFilter
ystemLook 30.07.11 by jpshortstuff
Log created at 11:58 on 31/07/2013 by Dennis
Administrator - Elevation successful

========== filefind ==========

Searching for "*qvo6*"
C:\Users\Dennis\AppData\Local\Temp\is1326335552\cor_ar_201374152420_qvo6.exe	------- 200272 bytes	[13:47 09/07/2013]	[13:47 09/07/2013] 7B38A382E58F264F4F8A00FD9407BF49
C:\Windows\Prefetch\COR_AR_201374152420_QVO6.EXE-554ED458.pf	--a---- 44342 bytes	[11:51 26/07/2013]	[11:51 26/07/2013] A6158BE766B4DE695EF5803F79700BA3

Searching for "*MyStart Search*"
No files found.

Searching for "*Speedbit*"
No files found.

Searching for "*eSafe*"
No files found.

Searching for "*Conduit*"
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633439688630900000_gif.gif	--a---- 764 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] A481760D615EDD4D14F9AE8CA44F77C4
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590750635300000_gif.gif	--a---- 230 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 13485B11123192C02E94DCDB99EE273D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590751044362500_gif.gif	--a---- 308 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 2E545DAC1D7D0AA651B763530C1024E1
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590751926237500_gif.gif	--a---- 171 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 311E103C22854F5DD8AA1767E248BD39
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590752453893750_gif.gif	--a---- 240 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] C1645838163893576AABC3B474F4807A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590753577643750_gif.gif	--a---- 613 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 58F91A9328FDCE8949CAC0CB71B635E4
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633629754211018750_gif.gif	--a---- 352 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] ADC9632CBA729C91BF14DA372F26E507
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633889540708075000_gif.gif	--a---- 1122 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] C6D150929F00B762229BF8FE378A7DA5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633940019404743750_png.png	--a---- 693 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 0B632114E30C64B28367B78D1EB0C186
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_634425471234496358_png.png	--a---- 1733 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] F0E3DF8472F4144ECB2C3318D34B031D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928514396812500_gif.gif	--a---- 807 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 82837713BF494C7030545B0A9206BF3A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928514651500000_gif.gif	--a---- 795 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 38AA2E910A6BC85D2D21B4275C7C7CC6
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928515153218750_gif.gif	--a---- 780 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 212EA9AD68D504270D130EACF557FBBB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928515625406250_gif.gif	--a---- 746 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 650C29E78EA53718ED47CAAED90ECCC0
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928516582593750_gif.gif	--a---- 703 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 0EB95A4739F70FFC36D3BFCD11A5A4C3
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928517792437500_gif.gif	--a---- 804 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 5D0E297171A7362DF2B89F3C86D2E89F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928518508687500_gif.gif	--a---- 756 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 4D710CFBB1EFE9760AF366753EAF56BE
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928520437437500_gif.gif	--a---- 750 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 0A4E9074159FD3098E62FA2346AB53EE
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928521568375000_gif.gif	--a---- 781 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] E83A19C7E45275220F3CCFD66058F419
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928522106812500_gif.gif	--a---- 754 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] AA80531D6249F69D48CF43D8A9C5A078
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928522657437500_gif.gif	--a---- 804 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 5D0E297171A7362DF2B89F3C86D2E89F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928523558687500_gif.gif	--a---- 781 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] EFDFD8BB6F9A24268A035A1B36D71961
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928523986031250_gif.gif	--a---- 743 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 6505C99500D9AADFA23F45DA90103397
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928524691187500_gif.gif	--a---- 764 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 602FAD643C070969C5B989BC7D329ECF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928525741656250_gif.gif	--a---- 800 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 57F91F3C9DE5F89FCBED6790DF226B28
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928526163843750_gif.gif	--a---- 796 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] FA2075914BBC941171265A83E381FE03
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928526609937500_gif.gif	--a---- 771 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 540AEC6BA0C1EEB6A9111148C3057573
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928531073531250_gif.gif	--a---- 730 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] F91219C95A53E0208B25CD41B53B582F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928531494625000_gif.gif	--a---- 754 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 88DE6F294EA416C3B52379A57B5D5C0C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928531853843750_gif.gif	--a---- 731 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] F1A46381C305FF8F17D9DE2A57674D74
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928532370093750_gif.gif	--a---- 782 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] F0991E1AE70DE174C24F165D2F5F2CF9
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928532905562500_gif.gif	--a---- 767 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 42969F683E94B68E06DB6A6CD1327ACB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928533326812500_gif.gif	--a---- 737 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 8C113A57427FD75D9B7DAFD43119711A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928533725250000_gif.gif	--a---- 745 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 6E814BBA6757B0E547F4ABD57C89D078
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928534187437500_gif.gif	--a---- 811 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 47627CEF7D8FAB79DE8682D7B2716514
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928535258062500_gif.gif	--a---- 796 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] FA2075914BBC941171265A83E381FE03
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928535826187500_gif.gif	--a---- 754 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] FA08AB532579396BB154DBA07E4A7757
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928536360093750_gif.gif	--a---- 745 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 82931D9B612FDDC353637CDAB3BFB836
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928537044781250_gif.gif	--a---- 735 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] F29DF0726B8DBFEC190F8AD2F6443EB0
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928537532125000_gif.gif	--a---- 808 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] FF9D253F1D7708888E71D587AF2D4979
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928537915250000_gif.gif	--a---- 772 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] DFFA6482B88D1C98A037A89D3C558D6A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928538389312500_gif.gif	--a---- 750 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 7F4485390674139B37CC337BE37EA3B7
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928538806656250_gif.gif	--a---- 774 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] EE2C479443CC660882815CC231637519
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_SearchActivationButton-go_but01_gif-General-633629754908675000_gif.gif	--a---- 117 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] D98754949232C20B38E52EC493111E9F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif	--a---- 159 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] FF164EABA285C2E614EBFD967FEF9732
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_calculator_gif.gif	--a---- 317 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] E7ACB20C8E56B1EFAD7DED3DC4DE35F5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_excel_gif.gif	--a---- 111 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 68D5FB9046516B872BEB1AADF30EA86B
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_MsAccess_gif.gif	--a---- 95 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 095BEB6B08F7F24F33F56C56096BFD12
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_msnmessenger_gif.gif	--a---- 305 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] A3E464E993C0C45AF0D94BD84AE3C5F8
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_notepad_gif.gif	--a---- 405 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 077089FFB4BF6554C885B0F49A4BE6C5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_office_gif.gif	--a---- 155 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 9882F9A7CFAD12AC3CCBA0B17D4EE1DF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_OutlookExpress_gif.gif	--a---- 411 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 4F7BC53CDB2B21F96C251C1F1AC19BAF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_Outlook_gif.gif	--a---- 127 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 6ECB8335D7BDE23A66A49235DEEA9BF5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_paint_gif.gif	--a---- 420 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 42EBAF2F8410D0967D65522B561FED25
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_powerpoint_gif.gif	--a---- 127 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 268465ED967348C69F50412768DE13C6
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_RegistryEditor_gif.gif	--a---- 142 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] D8F68ED8F0AF6D52089C29343EB66A6C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_winword_gif.gif	--a---- 125 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] CD58F4779A272B7C41D0830BA80B772C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_WMPlayer_gif.gif	--a---- 433 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 0E1907FEDB863CE6BB19A4580DC6B418
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png	--a---- 821 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 99D5F75C338F2A877CBF891E0F18746E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png	--a---- 729 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png	--a---- 531 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] A847C5F6CE2C700048749892DD2E0619
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png	--a---- 669 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png	--a---- 263 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png	--a---- 734 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 943ADFD9E0DF1507F7BC419802BF4303
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png	--a---- 562 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png	--a---- 493 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 275C9DA2D536F18F528C80E050C3D705
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png	--a---- 706 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png	--a---- 674 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 650731EEF807C292E699779B12CBE552
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png	--a---- 607 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 9B4D914888BCFFCBAE6757A0E450551C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_BankImages_Csilkset_plugin_gif.gif	--a---- 377 bytes	[20:04 20/05/2012]	[20:04 20/05/2012] 7FD3FCE2E0A1969EB3C7B704D66F4EC4
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_BankImages_Facebook_Facebook_png.png	--a---- 772 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 1805E8470C0EE167396751BA3E9B0AAA
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif	--a---- 419 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_Images_ClientResources_mini_browser_gif.gif	--a---- 950 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif	--a---- 403 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif	--a---- 414 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] A9E001CBC00B06B121DFBC80707F5298
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif	--a---- 278 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif	--a---- 405 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 995595D4C685D659E8F03CD0A287EDDF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif	--a---- 405 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif	--a---- 361 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 464E244E7E2F27FB85E0C3AB69D72104
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif	--a---- 425 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 6427565C7105DC497287866100F260BB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif	--a---- 381 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] AE7C9F67594A84B096D225601ACB0B2A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif	--a---- 351 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] C3EBA0237D68F665AF6D663906221092
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif	--a---- 399 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_dictionary_search_gif.gif	--a---- 986 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] E69C08AFA2BE65DEDC462A2B5AD24DAE
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_ebay_search_gif.gif	--a---- 216 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 44A5718F3E1C5785F969C82B2C1D0904
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_encyc_search_gif.gif	--a---- 395 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 64134CF20CCCE87340B53E9C73AF105E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif	--a---- 405 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 66018EAE0906C9831A821CAE5D1089BB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif	--a---- 371 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif	--a---- 322 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 948781E4B6478290050ECA4423B89B1E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_shopping_search_gif.gif	--a---- 381 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 9AC6288F268598A1A29B2295CEBC7C3D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_weather_icon_gif.gif	--a---- 165 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 04E3A42E439747474D80EC47A083B76D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif	--a---- 351 bytes	[16:19 06/05/2012]	[16:19 06/05/2012] 703A98E0FBFB8C9B617E732C9E62DB04
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif	--a---- 173 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] E509575F473727B14C87367068C42353
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif	--a---- 212 bytes	[20:04 20/05/2012]	[20:04 20/05/2012] 88CD5B8D6F007347115A8A602E5D158B
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml	--a---- 7049 bytes	[13:21 22/04/2012]	[18:12 21/06/2012] C0D6A8932427F7498C22D3F5B329B4E8
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml	--a---- 5527 bytes	[13:21 22/04/2012]	[18:12 21/06/2012] 57791EFA882DE1E8E7D2C075C4F4779F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml	--a---- 6581 bytes	[13:21 22/04/2012]	[18:12 21/06/2012] 93DBA7DBB3A402F930076666BD7C539C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml	--a---- 5526 bytes	[13:21 22/04/2012]	[18:12 21/06/2012] F7346F284ADD31BF2124EABCE5FB7956

Searching for "*Freemium*"
No files found.

Searching for "*SearchPredict*"
No files found.

Searching for "*SoftwareUpdater*"
No files found.

Searching for "*WsysControl*"
No files found.

Searching for "*WsysSvc*"
No files found.

Searching for "*SweetIM*"
No files found.

Searching for "*WiseConvert*"
No files found.

Searching for "*Web Assistant*"
No files found.

Searching for "*Babylon*"
C:\Users\Dennis\AppData\Local\Temp\7929228B-BAB0-7891-918E-CBACB342CCF0\MyBabylonTB.exe	--a---- 1953504 bytes	[12:56 08/04/2013]	[12:56 08/04/2013] 8579A1F1CA46DAAD932A147F7AFCED5C
C:\Users\Dennis\Videos\Aktion\Babylon A.D..flv	--a---- 367082590 bytes	[12:49 26/07/2012]	[13:04 26/07/2012] 9DA92BE87E07702E34E4EC75D2DA2D87

Searching for "*Conduit*"
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633439688630900000_gif.gif	--a---- 764 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] A481760D615EDD4D14F9AE8CA44F77C4
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590750635300000_gif.gif	--a---- 230 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 13485B11123192C02E94DCDB99EE273D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590751044362500_gif.gif	--a---- 308 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 2E545DAC1D7D0AA651B763530C1024E1
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590751926237500_gif.gif	--a---- 171 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 311E103C22854F5DD8AA1767E248BD39
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590752453893750_gif.gif	--a---- 240 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] C1645838163893576AABC3B474F4807A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633590753577643750_gif.gif	--a---- 613 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 58F91A9328FDCE8949CAC0CB71B635E4
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633629754211018750_gif.gif	--a---- 352 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] ADC9632CBA729C91BF14DA372F26E507
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633889540708075000_gif.gif	--a---- 1122 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] C6D150929F00B762229BF8FE378A7DA5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_633940019404743750_png.png	--a---- 693 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 0B632114E30C64B28367B78D1EB0C186
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_634425471234496358_png.png	--a---- 1733 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] F0E3DF8472F4144ECB2C3318D34B031D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928514396812500_gif.gif	--a---- 807 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 82837713BF494C7030545B0A9206BF3A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928514651500000_gif.gif	--a---- 795 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 38AA2E910A6BC85D2D21B4275C7C7CC6
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928515153218750_gif.gif	--a---- 780 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 212EA9AD68D504270D130EACF557FBBB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928515625406250_gif.gif	--a---- 746 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 650C29E78EA53718ED47CAAED90ECCC0
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928516582593750_gif.gif	--a---- 703 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 0EB95A4739F70FFC36D3BFCD11A5A4C3
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928517792437500_gif.gif	--a---- 804 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 5D0E297171A7362DF2B89F3C86D2E89F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928518508687500_gif.gif	--a---- 756 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 4D710CFBB1EFE9760AF366753EAF56BE
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928520437437500_gif.gif	--a---- 750 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 0A4E9074159FD3098E62FA2346AB53EE
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928521568375000_gif.gif	--a---- 781 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] E83A19C7E45275220F3CCFD66058F419
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928522106812500_gif.gif	--a---- 754 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] AA80531D6249F69D48CF43D8A9C5A078
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928522657437500_gif.gif	--a---- 804 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 5D0E297171A7362DF2B89F3C86D2E89F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928523558687500_gif.gif	--a---- 781 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] EFDFD8BB6F9A24268A035A1B36D71961
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928523986031250_gif.gif	--a---- 743 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 6505C99500D9AADFA23F45DA90103397
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928524691187500_gif.gif	--a---- 764 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 602FAD643C070969C5B989BC7D329ECF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928525741656250_gif.gif	--a---- 800 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 57F91F3C9DE5F89FCBED6790DF226B28
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928526163843750_gif.gif	--a---- 796 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] FA2075914BBC941171265A83E381FE03
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928526609937500_gif.gif	--a---- 771 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 540AEC6BA0C1EEB6A9111148C3057573
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928531073531250_gif.gif	--a---- 730 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] F91219C95A53E0208B25CD41B53B582F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928531494625000_gif.gif	--a---- 754 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 88DE6F294EA416C3B52379A57B5D5C0C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928531853843750_gif.gif	--a---- 731 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] F1A46381C305FF8F17D9DE2A57674D74
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928532370093750_gif.gif	--a---- 782 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] F0991E1AE70DE174C24F165D2F5F2CF9
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928532905562500_gif.gif	--a---- 767 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 42969F683E94B68E06DB6A6CD1327ACB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928533326812500_gif.gif	--a---- 737 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 8C113A57427FD75D9B7DAFD43119711A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928533725250000_gif.gif	--a---- 745 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 6E814BBA6757B0E547F4ABD57C89D078
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928534187437500_gif.gif	--a---- 811 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 47627CEF7D8FAB79DE8682D7B2716514
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928535258062500_gif.gif	--a---- 796 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] FA2075914BBC941171265A83E381FE03
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928535826187500_gif.gif	--a---- 754 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] FA08AB532579396BB154DBA07E4A7757
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928536360093750_gif.gif	--a---- 745 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 82931D9B612FDDC353637CDAB3BFB836
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928537044781250_gif.gif	--a---- 735 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] F29DF0726B8DBFEC190F8AD2F6443EB0
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928537532125000_gif.gif	--a---- 808 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] FF9D253F1D7708888E71D587AF2D4979
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928537915250000_gif.gif	--a---- 772 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] DFFA6482B88D1C98A037A89D3C558D6A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928538389312500_gif.gif	--a---- 750 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 7F4485390674139B37CC337BE37EA3B7
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928538806656250_gif.gif	--a---- 774 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] EE2C479443CC660882815CC231637519
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_9_301_CT3018509_Images_SearchActivationButton-go_but01_gif-General-633629754908675000_gif.gif	--a---- 117 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] D98754949232C20B38E52EC493111E9F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif	--a---- 159 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] FF164EABA285C2E614EBFD967FEF9732
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_calculator_gif.gif	--a---- 317 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] E7ACB20C8E56B1EFAD7DED3DC4DE35F5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_excel_gif.gif	--a---- 111 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 68D5FB9046516B872BEB1AADF30EA86B
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_MsAccess_gif.gif	--a---- 95 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 095BEB6B08F7F24F33F56C56096BFD12
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_msnmessenger_gif.gif	--a---- 305 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] A3E464E993C0C45AF0D94BD84AE3C5F8
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_notepad_gif.gif	--a---- 405 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 077089FFB4BF6554C885B0F49A4BE6C5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_office_gif.gif	--a---- 155 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 9882F9A7CFAD12AC3CCBA0B17D4EE1DF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_OutlookExpress_gif.gif	--a---- 411 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 4F7BC53CDB2B21F96C251C1F1AC19BAF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_Outlook_gif.gif	--a---- 127 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 6ECB8335D7BDE23A66A49235DEEA9BF5
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_paint_gif.gif	--a---- 420 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 42EBAF2F8410D0967D65522B561FED25
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_powerpoint_gif.gif	--a---- 127 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 268465ED967348C69F50412768DE13C6
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_RegistryEditor_gif.gif	--a---- 142 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] D8F68ED8F0AF6D52089C29343EB66A6C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_winword_gif.gif	--a---- 125 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] CD58F4779A272B7C41D0830BA80B772C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_WMPlayer_gif.gif	--a---- 433 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 0E1907FEDB863CE6BB19A4580DC6B418
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png	--a---- 821 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 99D5F75C338F2A877CBF891E0F18746E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png	--a---- 729 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png	--a---- 531 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] A847C5F6CE2C700048749892DD2E0619
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png	--a---- 669 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png	--a---- 263 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png	--a---- 734 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 943ADFD9E0DF1507F7BC419802BF4303
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png	--a---- 562 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png	--a---- 493 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 275C9DA2D536F18F528C80E050C3D705
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png	--a---- 706 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png	--a---- 674 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 650731EEF807C292E699779B12CBE552
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png	--a---- 607 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 9B4D914888BCFFCBAE6757A0E450551C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_BankImages_Csilkset_plugin_gif.gif	--a---- 377 bytes	[20:04 20/05/2012]	[20:04 20/05/2012] 7FD3FCE2E0A1969EB3C7B704D66F4EC4
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_BankImages_Facebook_Facebook_png.png	--a---- 772 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] 1805E8470C0EE167396751BA3E9B0AAA
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif	--a---- 419 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_Images_ClientResources_mini_browser_gif.gif	--a---- 950 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif	--a---- 403 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif	--a---- 414 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] A9E001CBC00B06B121DFBC80707F5298
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif	--a---- 278 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif	--a---- 405 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 995595D4C685D659E8F03CD0A287EDDF
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif	--a---- 405 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif	--a---- 361 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 464E244E7E2F27FB85E0C3AB69D72104
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif	--a---- 425 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 6427565C7105DC497287866100F260BB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif	--a---- 381 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] AE7C9F67594A84B096D225601ACB0B2A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif	--a---- 351 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] C3EBA0237D68F665AF6D663906221092
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif	--a---- 399 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_dictionary_search_gif.gif	--a---- 986 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] E69C08AFA2BE65DEDC462A2B5AD24DAE
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_ebay_search_gif.gif	--a---- 216 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 44A5718F3E1C5785F969C82B2C1D0904
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_encyc_search_gif.gif	--a---- 395 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 64134CF20CCCE87340B53E9C73AF105E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif	--a---- 405 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 66018EAE0906C9831A821CAE5D1089BB
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif	--a---- 371 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif	--a---- 322 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 948781E4B6478290050ECA4423B89B1E
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_shopping_search_gif.gif	--a---- 381 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 9AC6288F268598A1A29B2295CEBC7C3D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___storage_conduit_com_images_SearchEngines_weather_icon_gif.gif	--a---- 165 bytes	[13:21 22/04/2012]	[13:21 22/04/2012] 04E3A42E439747474D80EC47A083B76D
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif	--a---- 351 bytes	[16:19 06/05/2012]	[16:19 06/05/2012] 703A98E0FBFB8C9B617E732C9E62DB04
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif	--a---- 173 bytes	[13:22 22/04/2012]	[13:22 22/04/2012] E509575F473727B14C87367068C42353
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif	--a---- 212 bytes	[20:04 20/05/2012]	[20:04 20/05/2012] 88CD5B8D6F007347115A8A602E5D158B
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml	--a---- 7049 bytes	[13:21 22/04/2012]	[18:12 21/06/2012] C0D6A8932427F7498C22D3F5B329B4E8
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml	--a---- 5527 bytes	[13:21 22/04/2012]	[18:12 21/06/2012] 57791EFA882DE1E8E7D2C075C4F4779F
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml	--a---- 6581 bytes	[13:21 22/04/2012]	[18:12 21/06/2012] 93DBA7DBB3A402F930076666BD7C539C
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml	--a---- 5526 bytes	[13:21 22/04/2012]	[18:12 21/06/2012] F7346F284ADD31BF2124EABCE5FB7956

Searching for "*Ilivid*"
No files found.

Searching for "*PutLockerDownloader*"
No files found.

Searching for "*Movie2KDownloader*"
No files found.

Searching for "*DataMngr*"
No files found.

Searching for "*Softonic*"
C:\Users\Dennis\Downloads\SoftonicDownloader_fuer_meboy.exe	--a---- 313928 bytes	[13:07 12/03/2012]	[13:07 12/03/2012] 2D20F8BD571E0D415DC6FF4DF867E20D

Searching for "         "
No files found.

-= EOF =-
         

Alt 31.07.2013, 14:59   #11
M-K-D-B
/// TB-Ausbilder
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



Servus,


wir entfernen die letzten Reste und kontrollieren nochmal alles:




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
SearchScopes: HKCU - {C2798CF1-011A-4461-AD6B-DB704AB54A9D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
BHO-x32: LyricXeeker - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files (x86)\LyriXeeker\125.dll (LyriXeeker Tech)
C:\Program Files (x86)\LyriXeeker
BHO-x32: Game Master 2.2 Toolbar - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.)
C:\Program Files (x86)\Game_Master_2.2
Toolbar: HKLM-x32 - Game Master 2.2 Toolbar - {d8215d9c-81ed-4e53-b420-bfcdbac4734d} - C:\Program Files (x86)\Game_Master_2.2\prxtbGame.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {D8215D9C-81ED-4E53-B420-BFCDBAC4734D} -  No File
FF Extension: m2k - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\profiles\extensions\m2k@m2kdownloader.com.xpi
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
C:\Program Files\Web Assistant
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi
FF Extension: No Name - C:\Program Files (x86)\LyriXeeker\125.xpi
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [376896 2013-07-26] (Wsys Co., Ltd.)
C:\ProgramData\eSafe
Task: {3AD4A51E-CA5E-4F21-B0E9-27D498D67BBA} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\Freemium\SystemStore\SoftwareUpdater.Ui.exe
Task: {59E0D563-FCD2-4E9D-A571-1B3EF1C12EC2} - System32\Tasks\SBWUpdateTask_Logon_f82dc085-74DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe
Task: {648B735B-2980-44BB-A6CC-72BFDCA33E39} - System32\Tasks\SBWUpdateTask_Logon_f82dc085-72DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe
Task: {69DF53D2-2F33-4258-A8DE-4324F3474211} - System32\Tasks\4790
Task: {6F96ADF5-13C6-4F37-8E78-1ABBBB3A2A3A} - System32\Tasks\Software Updater => C:\Program Files (x86)\Freemium\SystemStore\SoftwareUpdater.Bootstrapper.exe
Task: {77CC950E-D0BC-45EF-984C-062BC44453E9} - System32\Tasks\SBWUpdateTask_Time_f82dc085-72DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe
Task: {9FB4123A-75EA-4F5E-9C3F-F6537272089B} - System32\Tasks\SBWUpdateTask_Time_f82dc085-74DE2BF09AD1 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe
Task: {CFF59FC2-5C13-45B8-A38C-656C9A6900DD} - System32\Tasks\LyricXeeker Update => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe
Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2
C:\Users\Dennis\Downloads\SoftonicDownloader_fuer_meboy.exe
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SBCONVERT" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SpeedBit" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\SPEEDbitVideoConverter" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eSafeSecControl" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186EE49B-1BF8-49F7-A35F-046C26B4AE41}" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Freemium" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freemium_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freemium_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\WsysSvc" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WsysSvc" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SweetIM" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\sweetimsetup_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\sweetimsetup_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert 1.3 Toolbar" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASMANCS" /f
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Geändert von M-K-D-B (31.07.2013 um 15:12 Uhr)

Alt 31.07.2013, 18:24   #12
scar_curse
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by Dennis at 2013-07-31 16:18:12 Run:1
Running from C:\Users\Dennis\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\Classes\CLSID\{750fdf10-2a26-11d1-a3ea-080036587f03}\InprocServer32\\Default => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C2798CF1-011A-4461-AD6B-DB704AB54A9D} => Key deleted successfully.
HKCR\CLSID\{C2798CF1-011A-4461-AD6B-DB704AB54A9D} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E58097-6CA5-448B-830F-2A19678248FB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{17E58097-6CA5-448B-830F-2A19678248FB} => Key deleted successfully.
C:\Program Files (x86)\LyriXeeker => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8215d9c-81ed-4e53-b420-bfcdbac4734d} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d8215d9c-81ed-4e53-b420-bfcdbac4734d} => Key deleted successfully.
C:\Program Files (x86)\Game_Master_2.2 => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{d8215d9c-81ed-4e53-b420-bfcdbac4734d} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{d8215d9c-81ed-4e53-b420-bfcdbac4734d} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D8215D9C-81ED-4E53-B420-BFCDBAC4734D} => Value deleted successfully.
HKCR\CLSID\{D8215D9C-81ED-4E53-B420-BFCDBAC4734D} => Key not found.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\profiles\extensions\m2k@m2kdownloader.com.xpi => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => Value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => Value deleted successfully.
"C:\Program Files\Web Assistant" => File/Directory not found.
HKCU\Software\Mozilla\Firefox\Extensions\\lyrix@lyrixeeker.co => Value deleted successfully.
C:\Program Files (x86)\LyriXeeker\125.xpi not found.
WsysSvc => Service deleted successfully.
C:\ProgramData\eSafe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3AD4A51E-CA5E-4F21-B0E9-27D498D67BBA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AD4A51E-CA5E-4F21-B0E9-27D498D67BBA} => Key not found.
C:\Windows\System32\Tasks\Software Updater Ui => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Ui => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59E0D563-FCD2-4E9D-A571-1B3EF1C12EC2} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59E0D563-FCD2-4E9D-A571-1B3EF1C12EC2} => Key not found.
C:\Windows\System32\Tasks\SBWUpdateTask_Logon_f82dc085-74DE2BF09AD1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Logon_f82dc085-74DE2BF09AD1 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{648B735B-2980-44BB-A6CC-72BFDCA33E39} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{648B735B-2980-44BB-A6CC-72BFDCA33E39} => Key not found.
C:\Windows\System32\Tasks\SBWUpdateTask_Logon_f82dc085-72DE2BF09AD1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Logon_f82dc085-72DE2BF09AD1 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69DF53D2-2F33-4258-A8DE-4324F3474211} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69DF53D2-2F33-4258-A8DE-4324F3474211} => Key not found.
C:\Windows\System32\Tasks\4790 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4790 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F96ADF5-13C6-4F37-8E78-1ABBBB3A2A3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F96ADF5-13C6-4F37-8E78-1ABBBB3A2A3A} => Key not found.
C:\Windows\System32\Tasks\Software Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77CC950E-D0BC-45EF-984C-062BC44453E9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77CC950E-D0BC-45EF-984C-062BC44453E9} => Key not found.
C:\Windows\System32\Tasks\SBWUpdateTask_Time_f82dc085-72DE2BF09AD1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Time_f82dc085-72DE2BF09AD1 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FB4123A-75EA-4F5E-9C3F-F6537272089B} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FB4123A-75EA-4F5E-9C3F-F6537272089B} => Key not found.
C:\Windows\System32\Tasks\SBWUpdateTask_Time_f82dc085-74DE2BF09AD1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Time_f82dc085-74DE2BF09AD1 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CFF59FC2-5C13-45B8-A38C-656C9A6900DD} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFF59FC2-5C13-45B8-A38C-656C9A6900DD} => Key not found.
C:\Windows\System32\Tasks\LyricXeeker Update => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricXeeker Update => Key not found.
C:\Windows\Tasks\LyricXeeker Update.job => Moved successfully.
C:\Users\Dennis\AppData\LocalLow\Game_Master_2.2 => Moved successfully.
C:\Users\Dennis\Downloads\SoftonicDownloader_fuer_meboy.exe => Moved successfully.

========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SBCONVERT" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SpeedBit" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\SPEEDbitVideoConverter" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\SpeedBit" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eSafeSecControl" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186EE49B-1BF8-49F7-A35F-046C26B4AE41}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Conduit" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\Game_Master_2.2" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-21-1358336353-1735679166-2578516172-1000\Software\AppDataLow\Software\WiseConvert_1.3" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Freemium" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freemium_RASAPI32" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freemium_RASMANCS" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\WsysSvc" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WsysSvc" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\SweetIM" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\sweetimsetup_RASAPI32" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\sweetimsetup_RASMANCS" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASAPI32" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASMANCS" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert 1.3 Toolbar" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358336353-1735679166-2578516172-1001\Software\Web Assistant" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASAPI32" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASMANCS" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASAPI32" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASMANCS" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


==== End of Fixlog ====
         
MBAM

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Dennis :: DENNIS-PC [Administrator]

Schutz: Aktiviert

31.07.2013 16:23:12
mbam-log-2013-07-31 (16-23-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 237569
Laufzeit: 3 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\ProgramData\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dennis\AppData\Local\Temp\75B3.tmp (PUP.Browser.Defender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dennis\AppData\Local\Temp\ICReinstall_setup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dennis\AppData\Local\Temp\is1326335552\426239888_Setup.EXE (PUP.Optional.AddLyrics) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dennis\AppData\Local\Temp\is1326335552\cor_ar_201374152420_qvo6.exe (PUP.Optional.Elex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\41b7b78.msi (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Der rest kommt in ca 2 bis 2,5 std muss leider weg

Der Eset scan läuft seit 45min und ist erst bei 33% kann also noch eine Weile dauern

Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a3f2041721fcc84ebd103bb49d650bdf
# engine=14602
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-31 05:01:38
# local_time=2013-07-31 07:01:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 99 5528 30056420 0 0
# compatibility_mode=5893 16776573 100 94 70959 126919948 0 0
# scanned=137460
# found=5
# cleaned=0
# scan_time=3589
sh=A6C90300B0C5D148766FA2247944CB5FE7E9580C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\ProgramData\ADDICT-THING\background.html"
sh=704E5C89979080D0043F3D8B8FC7706201A2BF79 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\ProgramData\ADDICT-THING\bjoffdcclipgdeidjnnlgciddhajlfni.crx"
sh=A6C90300B0C5D148766FA2247944CB5FE7E9580C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\All Users\ADDICT-THING\background.html"
sh=704E5C89979080D0043F3D8B8FC7706201A2BF79 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\All Users\ADDICT-THING\bjoffdcclipgdeidjnnlgciddhajlfni.crx"
sh=130A7A0878304F8F4FFF433096F4D0E399193D16 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-0507.CU trojan" ac=I fn="C:\Users\Dennis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1d7715f7-4e4aa16b"
         
Security Check

Code:
ATTFilter
Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 35  
 Java version out of Date! 
  Adobe Flash Player 11.3.300.262 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (22.0) 
 Google Chrome 23.0.1271.97  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 31.07.2013, 18:32   #13
M-K-D-B
/// TB-Ausbilder
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



Servus,




Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
C:\ProgramData\ADDICT-THING
C:\Users\All Users\ADDICT-THING
C:\ProgramData\OptimizerPro1
C:\Users\Dennis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.









Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier:
    Java Download (32 bit)
    Java Download (64 bit)
  • Speichere die Datei auf deinem Desktop.
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die Datei. Diese wird die neueste Java Version ( Java 7 Update 25 ) installieren.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
schneller Plugin-Test: PluginCheck





Schritt 2
Deine Version von Adobe Flash Player ist veraltet.
Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
  • Bitte besuche diese Seite von Adobe.
  • Wähle dein Betriebssystem und deinen Internetbrowser ("Internet Explorer" oder "other" für Firefox zum Beispiel)
  • Deaktiviere gegebenenfalls den Haken vor Google Chrome bzw. McAfee Security Scan.
  • Installiere die neuste Version auf deinem Computer.





Schritt 3
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 4
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.


Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC


Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 31.07.2013, 18:59   #14
scar_curse
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by Dennis at 2013-07-31 19:34:54 Run:2
Running from C:\Users\Dennis\Desktop
Boot Mode: Normal
==============================================

C:\ProgramData\ADDICT-THING => Moved successfully.
"C:\Users\All Users\ADDICT-THING" => File/Directory not found.
C:\ProgramData\OptimizerPro1 => Moved successfully.
C:\Users\Dennis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 => Moved successfully.

==== End of Fixlog ====
         
kleines Problem....


ich hab defogger verwendet finde aber die exe datei nicht mehr nur noch die text datei. Habe defogger aber zu 100% auf dem desktop geschpeichert

Alt 31.07.2013, 19:04   #15
M-K-D-B
/// TB-Ausbilder
 
Virus drauf wird aber von Scanner nicht erkannt - Standard

Virus drauf wird aber von Scanner nicht erkannt



Servus,



Zitat:
Zitat von scar_curse Beitrag anzeigen
kleines Problem....

ich hab defogger verwendet finde aber die exe datei nicht mehr nur noch die text datei. Habe defogger aber zu 100% auf dem desktop geschpeichert
Macht nichts, einfach fortfahren.

Sollte DeFogger noch vorhanden sein, wird es von DelFix in der Regel gelöscht.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu Virus drauf wird aber von Scanner nicht erkannt
20€, 7-zip, adobe reader xi, anwendungen, continue, dateien, defender, ebanking, erkannt, explorer, filescout.exe, firefox, install.exe, internet, internet explorer, kaspersky, kaspersky internet security 2013, langsamer, lyricxeeker, meldung, microsoft office starter 2010, msiexec.exe, neue, neuen, nicht erkannt, ntdll.dll, nvpciflt.sys, origin, problem, scan, scanner, seite, seiten, sweetpacks, texte, version, virus, werbung, windows, wscript.exe, wörter



Ähnliche Themen: Virus drauf wird aber von Scanner nicht erkannt


  1. Virus wird nicht erkannt und öffnet Chrome
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (3)
  2. Irgendein Anti-Viren-Scanner eingefangen, aber PC wird langsam
    Log-Analyse und Auswertung - 24.12.2014 (7)
  3. Windows7 Vieren scanner hat win64/Adpeak erkannt aber nicht komplett gelöscht!
    Plagegeister aller Art und deren Bekämpfung - 05.12.2014 (13)
  4. Festplatte runtergefallen / Platte wird erkannt, aber man kann sie nicht öffnen
    Netzwerk und Hardware - 13.11.2014 (10)
  5. Masterboot Virus, glaube ich, aber es wird nichts erkannt
    Mülltonne - 11.05.2013 (0)
  6. USB 3.0 wird in Windows erkannt, aber nicht angezeigt
    Netzwerk und Hardware - 05.04.2013 (1)
  7. Mein PC ist von einem Virus befallen,wird aber vom Antivirus Programm nicht erkannt
    Log-Analyse und Auswertung - 30.06.2012 (5)
  8. UKASH, Bundespolizei wird von Scans nicht erkannt, zeigt aber (fast) alle Symptome
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (11)
  9. Trojaner/Virus wird nicht erkannt
    Log-Analyse und Auswertung - 09.12.2010 (40)
  10. Virus wird nicht erkannt, zerstört aber Musik
    Plagegeister aller Art und deren Bekämpfung - 15.07.2010 (2)
  11. Hatte einen Virus drauf aber traue der sache nicht
    Plagegeister aller Art und deren Bekämpfung - 11.01.2010 (4)
  12. Trojaner / Virus wird nicht erkannt
    Plagegeister aller Art und deren Bekämpfung - 19.08.2009 (2)
  13. W32 Blaster ist drauf - wird aber nicht gefunden
    Antiviren-, Firewall- und andere Schutzprogramme - 10.11.2008 (1)
  14. Virus Wird online erkannt aber auf dem PC nicht.
    Log-Analyse und Auswertung - 03.09.2008 (6)
  15. "Virus" wird erkannt aber läst sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.02.2007 (6)
  16. Unbekannter Virus der von AntiVir nicht erkannt wird
    Plagegeister aller Art und deren Bekämpfung - 25.05.2006 (31)
  17. Vermutlich Virendatei, die von keinem Scanner erkannt wird.
    Plagegeister aller Art und deren Bekämpfung - 06.09.2004 (4)

Zum Thema Virus drauf wird aber von Scanner nicht erkannt - Guten Abend, ich hoffe ich habs jetzt nachm editieren richtig gemacht Also mein Problem: Seid einigen Tagen ist mein PC erheblich Langsamer geworden. Außerdem wird wenn ich anwendungen öffne wie - Virus drauf wird aber von Scanner nicht erkannt...
Archiv
Du betrachtest: Virus drauf wird aber von Scanner nicht erkannt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.