Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: www_getwindowinfo

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.09.2013, 17:12   #1
RonnyP
 
www_getwindowinfo - Standard

www_getwindowinfo



Hallo,

ich habe folgendes Problem, nachdem mein PC hochgefahren ist. Öffnet sich mein Internet Explorer, der nun endlich seine daseinsberechtigung gefunden hat weil ich ihn nie nutze, mit der URL: hxxp://www_getwindowinfo/

Ganz kurz noch hinzugefügt. Habe das erste mal solche Probleme und habe bis jetzt noch nie darüber nachgedacht auch mal nach malware oder ähnlichem zu suchen.

Jetzt bin war ich vielleicht etwas voreilig (), hab nach dem Problem gegoogled und auch was gefunden, das ich z.B. Malewarebytes Anti-Malware herunter laden soll und alle funde entfernen soll. Hab ich gemacht. Hier der logfile.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.24.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ronny Peterson :: RONNYPETERSO-PC [Administrator]

24.09.2013 17:53:11
mbam-log-2013-09-24 (17-53-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 240107
Laufzeit: 1 Stunde(n), 57 Minute(n), 4 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 8
HKCR\CLSID\{11111111-1111-1111-1111-110311901130} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440344904430} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{55555555-5555-5555-5555-550355905530} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0039030.BHO.1 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311901130} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311901130} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0039030.BHO (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 15
C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bho.dll (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\DealPly\uninst.exe (PUP.Optional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bg.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil64.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-chromeinstaller.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-codedownloader.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-enabler.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-firefoxinstaller.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-updater.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.8\utils.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Visions\updater.exe (Trojan.Dropper.PGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ronny Peterson\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe (Adware.Packed.Ranver) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\FreeYouTubeToMP3Converter (1).exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\FreeYouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Nur leider hatte er sich beim ersten mal aufgehangen/wurde immer stockender. Also habe ich den suchlauf abgebrochen und alle funde gelöscht. Pc Neu gestartet und auch den suchlauf neugestartet. Da habe ich einen vollständigen Suchlauf gemacht und ihn die Nacht über arbeiten lassen.


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.24.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ronny Peterson :: RONNYPETERSO-PC [Administrator]

24.09.2013 20:42:23
mbam-log-2013-09-24 (20-42-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 455403
Laufzeit: 8 Stunde(n), 3 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Jetzt zeigt er mir 0 Funde an, das problem ist immer noch. Soll ich nochmal einen Quick Scan machen?? Oder etwas anderes ausführen.
Bitte helft mir

Danke
Ronny

Alt 25.09.2013, 17:13   #2
M-K-D-B
/// TB-Ausbilder
 
www_getwindowinfo - Standard

www_getwindowinfo






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.



Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.
__________________

__________________

Alt 25.09.2013, 17:13   #3
M-K-D-B
/// TB-Ausbilder
 
www_getwindowinfo - Standard

www_getwindowinfo



Servus,




erst mal eine Analyse starten bitte:



Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
__________________

Alt 25.09.2013, 17:26   #4
RonnyP
 
www_getwindowinfo - Standard

www_getwindowinfo



So, vielen Dank erstmal.

Hier die FRST.txt und die Addition.txt
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by Ronny Peterson (administrator) on RONNYPETERSO-PC on 25-09-2013 17:20:57
Running from C:\Users\Ronny Peterson\Desktop
Windows Vista (TM) Ultimate Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Windows Net) C:\Users\Ronny Peterson\AppData\Roaming\Windows Net Data\net.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
() C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Devguru Co., Ltd.) C:\Windows\system32\dgdersvc.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [CmPCIaudio] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\KiesKiesTrayAgent.exe
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1814440 2013-09-21] (Valve Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Ronny Peterson\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-18] (Google Inc.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-09-30] (AMD)
HKCU\...\Run: [DriverTurbo] - C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe
MountPoints2: {963817a1-a6f2-11e1-87c8-00ff01000001} - I:\LaunchU3.exe -a
MountPoints2: {d901d06a-808f-11e0-8422-1c6f653f315f} - J:\LaunchU3.exe -a
MountPoints2: {e710ad4e-7bde-11e0-9d14-806e6f6e6963} - E:\Run.exe
HKLM-x32\...\Run: [BCU] - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-15] (DeviceVM, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [552960 2009-02-27] ()
HKLM-x32\...\Run: [3170 Scan2PC] - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe [503808 2009-01-30] ()
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TQ566808] - "E:\Setup.exe"
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\Mcx2\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx2\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\Ronny Peterson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Ronny Peterson\AppData\Roaming\Windows Net Data\net.exe (Windows Net)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb201?a=6PQXp1nRZk&i=26
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {AC174D10-1FA5-4815-8670-2400D0EFD32B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0ECA8654-1F0A-4E7E-8900-473F20FADF5E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=ce351a6000000000000000ff01000001
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=b864e85e-d9c9-402a-8ce7-541e91b55614&apn_sauid=CA0D3DAF-0A27-4CB2-98A1-E7A4BD93D86B
SearchScopes: HKCU - {33BFCA99-B28F-4F7A-89A9-D1B64237B8FE} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
SearchScopes: HKCU - {50B6F626-ADC1-4a7c-867E-3C13E2F55EE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
SearchScopes: HKCU - {AC174D10-1FA5-4815-8670-2400D0EFD32B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQXp1nRZk&i=26
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Web Check - {E155F23C-9931-47c6-A619-20E6FCA86D75} - C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check)
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
Toolbar: HKCU -  No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU -  No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663
FF DefaultSearchEngine: DVDVideoSoftTB DE Customized Web Search
FF SelectedSearchEngine: DVDVideoSoftTB DE Customized Web Search
FF Homepage: hxxp://www.google.de
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN47969287493718105&UM=&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ronny Peterson\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ronny Peterson\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\searchplugins\dvdvideosofttb-de-customized-web-search.xml
FF SearchPlugin: C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\searchplugins\MyStart Search.xml
FF Extension: No Name - C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
FF Extension: pricealarm - C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
FF Extension: Address Bar Search - C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{52b0f3db-f988-4788-b9dc-861d016f4487}] - C:\Program Files (x86)\Web Check\WebCheck.xpi
FF Extension: No Name - C:\Program Files (x86)\Web Check\WebCheck.xpi

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=48
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Ronny Peterson\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (DVDVideoSoftTB DE) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.19.2.505_0
CHR Extension: (YouTube) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Web Check) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dacechnliklhcacondhhkkfobapdopee\0.1_0
CHR Extension: () - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.578_0
CHR Extension: (SweetIM for Facebook) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0
CHR Extension: (New tab for Chrome\u2122) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Plus-HD-3.8) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0
CHR Extension: (Gmail) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [bhphemoobgnikcoofkgackkaimpfmenm] - C:\Users\Ronny Peterson\AppData\Local\CRE\bhphemoobgnikcoofkgackkaimpfmenm.crx
CHR HKLM-x32\...\Chrome\Extension: [dacechnliklhcacondhhkkfobapdopee] - C:\Program Files (x86)\Web Check\WebCheck.crx
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx
CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 dgdersvc; C:\Windows\system32\dgdersvc.exe [119632 2010-09-06] (Devguru Co., Ltd.)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [678416 2012-12-17] ()
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-28] ()
R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)

==================== Drivers (Whitelisted) ====================

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [472448 2008-04-29] (AfaTech                  )
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-05-22] (C-Media Inc)
R3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-09-06] (Devguru Co., Ltd)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2011-08-03] (Turtle Entertainment GmbH)
R2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [160784 2012-12-17] (<Turtle Entertainment>)
S3 etdrv; C:\Windows\etdrv.sys [25640 2011-06-26] (Windows (R) Server 2003 DDK provider)
S3 etdrv; C:\Windows\etdrv.sys [25640 2011-06-26] (Windows (R) Server 2003 DDK provider)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-25] (Windows (R) Server 2003 DDK provider)
R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-25] (Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-07-01] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-07-01] ()
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-02-18] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 LGBusEnum; system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid; system32\drivers\LGVirHid.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S1 [verify-U]_System; system32\drivers\[verify-U]-driver.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-25 17:20 - 2013-09-25 17:20 - 01955802 _____ (Farbar) C:\Users\Ronny Peterson\Desktop\FRST64.exe
2013-09-25 17:20 - 2013-09-25 17:20 - 00000000 ____D C:\FRST
2013-09-25 06:35 - 2013-09-25 16:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\Malwarebytes
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-24 17:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-23 20:45 - 2013-09-23 20:45 - 00000040 _____ C:\Autoconfig.ini
2013-09-23 20:44 - 2013-06-01 07:13 - 01571160 ____N C:\Windows\TotalUninstaller.exe
2013-09-23 20:44 - 2013-05-10 11:48 - 00162136 _____ C:\Windows\system32\spe__ci.exe
2013-09-23 20:44 - 2012-11-17 10:28 - 00000357 _____ C:\Windows\system32\spe__l.smt
2013-09-23 20:44 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\system32\spe__l.dll
2013-09-23 20:44 - 2010-10-20 10:46 - 00089600 _____ (SS) C:\Windows\system32\spe__ci.dll
2013-09-23 20:43 - 2013-09-23 20:43 - 00000000 ____D C:\Windows\twain_64
2013-09-23 20:43 - 2010-10-06 11:04 - 00142128 _____ C:\Windows\wiainst64.exe
2013-09-23 20:42 - 2010-05-20 14:08 - 00280064 _____ (Samsung Electronics) C:\Windows\system32\snWIAMUI.dll
2013-09-23 20:42 - 2010-04-20 17:20 - 00084592 _____ C:\Windows\system32\WIAEXSTR.loc
2013-09-23 20:42 - 2010-01-19 12:58 - 00160272 _____ (TWAIN Working Group) C:\Windows\system32\TWAINDSM.dll
2013-09-23 20:42 - 2010-01-19 12:57 - 00143896 _____ (TWAIN Working Group) C:\Windows\SysWOW64\TWAINDSM.dll
2013-09-23 20:41 - 2010-10-21 13:46 - 00207872 _____ C:\Windows\system32\SNWIAUI.dll
2013-09-23 20:41 - 2010-10-21 10:22 - 00709632 _____ C:\Windows\system32\SnMinDrv.dll
2013-09-23 20:41 - 2010-10-21 10:22 - 00163840 _____ C:\Windows\system32\SnImgFlt.dll
2013-09-23 20:41 - 2010-10-21 10:22 - 00103424 _____ C:\Windows\system32\SnErHdlr.dll
2013-09-23 20:37 - 2013-09-23 20:37 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-09-23 20:37 - 2013-09-23 20:37 - 00000000 ____D C:\cpqsystem
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\2C0A
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0C0A
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0C04
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0816
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0804
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0424
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041F
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041E
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041D
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041B
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0419
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0416
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0415
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0414
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0413
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0412
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0411
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0410
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040E
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040D
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040C
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040B
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040A
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0409
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0408
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0406
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0405
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0404
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0401
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2013-09-23 20:28 - 2013-09-24 17:36 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\Windows Net Data
2013-09-23 20:28 - 2013-09-23 20:28 - 00004146 _____ C:\Windows\System32\Tasks\FreeDriverScout
2013-09-23 20:28 - 2013-09-23 20:28 - 00000000 ____D C:\ProgramData\FreeDriverScout
2013-09-23 20:28 - 2013-09-23 20:28 - 00000000 ____D C:\ProgramData\FreeDriverScout
2013-09-23 20:28 - 2013-09-23 20:28 - 00000000 ____D C:\Program Files (x86)\SoftwareUpdater
2013-09-23 20:26 - 2013-09-25 16:51 - 00000000 ____D C:\Program Files\SoftwareUpdater
2013-09-23 20:26 - 2013-09-25 16:50 - 00004094 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-09-23 20:26 - 2013-09-25 16:50 - 00004056 _____ C:\Windows\System32\Tasks\Software Updater
2013-09-23 20:26 - 2013-09-23 20:26 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-23 20:25 - 2013-09-23 20:25 - 00000000 ____D C:\Program Files (x86)\Web Check
2013-09-23 20:22 - 2013-09-23 20:24 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Local\DownloadGuide
2013-09-23 20:17 - 2013-09-23 20:27 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\DriverTurbo
2013-09-23 20:17 - 2013-09-23 20:27 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-09-23 20:17 - 2013-09-23 20:17 - 00345324 _____ C:\Users\Ronny Peterson\AppData\Local\dd_vcredistMSI3DFB.txt
2013-09-23 20:17 - 2013-09-23 20:17 - 00012810 _____ C:\Users\Ronny Peterson\AppData\Local\dd_vcredistUI3DFB.txt
2013-09-19 18:03 - 2013-09-20 04:38 - 98443620 _____ C:\Windows\SysWOW64\煾뻬Ñ
2013-09-17 18:07 - 2013-09-20 19:48 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\Guild Wars 2
2013-09-15 14:39 - 2013-09-15 14:39 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Local\GW2Stuff
2013-09-15 14:37 - 2013-06-04 20:05 - 00000000 ____D C:\Users\Ronny Peterson\Desktop\Source
2013-09-15 14:37 - 2013-06-04 19:40 - 00300544 _____ C:\Users\Ronny Peterson\Desktop\GW2Stuff.exe
2013-09-14 16:43 - 2013-09-14 16:43 - 00276056 _____ C:\Windows\Minidump\Mini091413-01.dmp
2013-09-13 20:15 - 2013-09-13 20:15 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Local\Overwolf
2013-09-13 17:26 - 2013-09-14 15:00 - 97542592 _____ C:\Windows\SysWOW64\䍏쭢뻬É
2013-09-13 05:20 - 2013-07-31 16:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 05:20 - 2013-07-31 15:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 05:20 - 2013-07-31 15:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 05:20 - 2013-07-31 15:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 05:20 - 2013-07-31 15:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 05:20 - 2013-07-31 15:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-13 05:20 - 2013-07-31 15:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-13 05:20 - 2013-07-31 15:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 05:20 - 2013-07-31 15:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-13 05:20 - 2013-07-31 15:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 05:20 - 2013-07-31 15:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-13 05:20 - 2013-07-31 15:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 05:20 - 2013-07-31 15:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 05:20 - 2013-07-31 15:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-13 05:20 - 2013-07-31 15:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 05:20 - 2013-07-31 15:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 05:20 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 05:20 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 05:20 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 05:20 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 05:20 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-13 05:20 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 05:20 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-13 05:20 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 05:20 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 05:20 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-13 05:20 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-13 05:20 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 05:20 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 05:20 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 05:20 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-13 05:20 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 04:47 - 2013-08-08 04:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 04:47 - 2013-07-16 11:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-13 04:47 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-09-04 20:49 - 2013-09-18 20:52 - 00013005 _____ C:\Users\Ronny Peterson\Desktop\Klasse 1b.xlsx
2013-08-28 17:57 - 2013-08-02 16:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-28 17:57 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

==================== One Month Modified Files and Folders =======

2013-09-25 17:20 - 2013-09-25 17:20 - 01955802 _____ (Farbar) C:\Users\Ronny Peterson\Desktop\FRST64.exe
2013-09-25 17:20 - 2013-09-25 17:20 - 00000000 ____D C:\FRST
2013-09-25 17:20 - 2012-04-28 09:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-25 16:52 - 2008-01-21 03:53 - 01491361 _____ C:\Windows\WindowsUpdate.log
2013-09-25 16:51 - 2013-09-23 20:26 - 00000000 ____D C:\Program Files\SoftwareUpdater
2013-09-25 16:50 - 2013-09-23 20:26 - 00004094 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-09-25 16:50 - 2013-09-23 20:26 - 00004056 _____ C:\Windows\System32\Tasks\Software Updater
2013-09-25 16:49 - 2013-09-25 06:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4
2013-09-25 16:48 - 2006-11-02 17:06 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-25 16:48 - 2006-11-02 17:06 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-25 16:47 - 2011-11-09 18:58 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-25 16:47 - 2011-05-11 17:16 - 00000144 _____ C:\service.log
2013-09-25 16:46 - 2011-05-11 17:31 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-09-25 16:46 - 2006-11-02 17:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-25 16:46 - 2006-11-02 17:21 - 00004176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-25 16:46 - 2006-11-02 17:21 - 00004176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-25 16:42 - 2006-11-02 17:40 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-25 15:33 - 2011-12-18 11:30 - 00001156 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000UA.job
2013-09-25 08:33 - 2011-12-18 11:30 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000Core.job
2013-09-24 20:33 - 2006-11-02 17:39 - 01567978 _____ C:\Windows\PFRO.log
2013-09-24 19:51 - 2011-10-02 15:08 - 00000000 ____D C:\Program Files (x86)\Visions
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\Malwarebytes
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-24 17:44 - 2012-04-18 16:38 - 00003754 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A34D45CD-1E54-4F67-B2A7-A424BB42D55D}
2013-09-24 17:36 - 2013-09-23 20:28 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\Windows Net Data
2013-09-23 20:52 - 2012-06-30 14:10 - 00000668 _____ C:\Windows\Cmicnfg3.ini.imi
2013-09-23 20:45 - 2013-09-23 20:45 - 00000040 _____ C:\Autoconfig.ini
2013-09-23 20:45 - 2011-06-21 20:43 - 00000000 ____D C:\ProgramData\Samsung
2013-09-23 20:45 - 2011-06-21 20:43 - 00000000 ____D C:\ProgramData\Samsung
2013-09-23 20:45 - 2011-05-11 17:10 - 00000000 ____D C:\Users\Ronny Peterson
2013-09-23 20:44 - 2011-06-21 20:42 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-09-23 20:43 - 2013-09-23 20:43 - 00000000 ____D C:\Windows\twain_64
2013-09-23 20:40 - 2012-06-30 14:11 - 00000460 _____ C:\Windows\Cmicnfg3.ini.cfl
2013-09-23 20:40 - 2012-06-30 14:11 - 00000116 _____ C:\Windows\system\Dlap.pfx
2013-09-23 20:40 - 2008-12-09 15:54 - 00000589 _____ C:\Windows\system\Cmicnfg3.ini
2013-09-23 20:40 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\system
2013-09-23 20:37 - 2013-09-23 20:37 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-09-23 20:37 - 2013-09-23 20:37 - 00000000 ____D C:\cpqsystem
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\2C0A
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0C0A
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0C04
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0816
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0804
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0424
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041F
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041E
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041D
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041B
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0419
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0416
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0415
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0414
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0413
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0412
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0411
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0410
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040E
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040D
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040C
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040B
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040A
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0409
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0408
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0406
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0405
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0404
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0401
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2013-09-23 20:36 - 2011-05-11 17:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-23 20:36 - 2008-01-21 12:42 - 00000000 ____D C:\Windows\system32\0407
2013-09-23 20:28 - 2013-09-23 20:28 - 00004146 _____ C:\Windows\System32\Tasks\FreeDriverScout
2013-09-23 20:28 - 2013-09-23 20:28 - 00000000 ____D C:\ProgramData\FreeDriverScout
2013-09-23 20:28 - 2013-09-23 20:28 - 00000000 ____D C:\ProgramData\FreeDriverScout
2013-09-23 20:28 - 2013-09-23 20:28 - 00000000 ____D C:\Program Files (x86)\SoftwareUpdater
2013-09-23 20:28 - 2011-05-11 17:11 - 00000000 ___RD C:\Users\Ronny Peterson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-23 20:27 - 2013-09-23 20:17 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\DriverTurbo
2013-09-23 20:27 - 2013-09-23 20:17 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-09-23 20:26 - 2013-09-23 20:26 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-23 20:25 - 2013-09-23 20:25 - 00000000 ____D C:\Program Files (x86)\Web Check
2013-09-23 20:24 - 2013-09-23 20:22 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Local\DownloadGuide
2013-09-23 20:21 - 2011-05-14 18:25 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\UseNeXT
2013-09-23 20:17 - 2013-09-23 20:17 - 00345324 _____ C:\Users\Ronny Peterson\AppData\Local\dd_vcredistMSI3DFB.txt
2013-09-23 20:17 - 2013-09-23 20:17 - 00012810 _____ C:\Users\Ronny Peterson\AppData\Local\dd_vcredistUI3DFB.txt
2013-09-22 21:34 - 2011-05-11 19:31 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\TS3Client
2013-09-21 22:16 - 2011-05-11 18:50 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\HLSW
2013-09-21 21:33 - 2011-05-11 20:16 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-21 21:33 - 2011-05-11 19:11 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-21 21:33 - 2011-05-11 19:11 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-21 18:57 - 2011-08-04 10:31 - 00000000 ____D C:\Program Files (x86)\GUILD WARS
2013-09-20 19:48 - 2013-09-17 18:07 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\Guild Wars 2
2013-09-20 19:41 - 2008-01-21 12:47 - 01445460 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-20 19:41 - 2008-01-21 12:46 - 00628668 _____ C:\Windows\system32\perfh007.dat
2013-09-20 19:41 - 2008-01-21 12:46 - 00126474 _____ C:\Windows\system32\perfc007.dat
2013-09-20 18:13 - 2012-09-06 11:14 - 00037066 _____ C:\Users\Ronny Peterson\Desktop\Berufe GW2.xlsx
2013-09-20 04:38 - 2013-09-19 18:03 - 98443620 _____ C:\Windows\SysWOW64\煾뻬Ñ
2013-09-19 19:20 - 2012-04-28 09:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 19:20 - 2012-04-28 09:33 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 19:20 - 2011-05-14 19:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 20:52 - 2013-09-04 20:49 - 00013005 _____ C:\Users\Ronny Peterson\Desktop\Klasse 1b.xlsx
2013-09-15 14:39 - 2013-09-15 14:39 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Local\GW2Stuff
2013-09-15 11:34 - 2006-11-02 17:26 - 00152981 _____ C:\Windows\setupact.log
2013-09-14 16:43 - 2013-09-14 16:43 - 00276056 _____ C:\Windows\Minidump\Mini091413-01.dmp
2013-09-14 16:43 - 2011-05-18 20:21 - 00000000 ____D C:\Windows\Minidump
2013-09-14 16:43 - 2011-05-18 20:19 - 928170318 _____ C:\Windows\MEMORY.DMP
2013-09-14 15:00 - 2013-09-13 17:26 - 97542592 _____ C:\Windows\SysWOW64\䍏쭢뻬É
2013-09-13 20:15 - 2013-09-13 20:15 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Local\Overwolf
2013-09-13 20:14 - 2011-05-11 19:23 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-13 17:24 - 2006-11-02 17:21 - 00306800 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 05:23 - 2013-07-28 07:26 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 05:22 - 2012-07-31 17:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 05:22 - 2012-07-31 17:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 05:22 - 2006-11-02 14:35 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-12 17:22 - 2012-06-21 18:18 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-09-11 20:28 - 2013-04-27 20:17 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-11 19:59 - 2012-01-21 09:53 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-09-11 19:58 - 2013-02-02 17:00 - 00000000 ____D C:\Program Files (x86)\RocketDock
2013-09-11 19:51 - 2013-08-23 04:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-11 19:51 - 2013-08-23 04:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-11 19:51 - 2013-07-05 21:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-11 19:51 - 2013-07-05 21:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-11 19:45 - 2012-12-16 21:21 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Local\Conduit
2013-09-11 19:45 - 2011-07-16 20:16 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\DVDVideoSoft
2013-09-11 19:43 - 2013-07-05 21:18 - 00000000 ____D C:\ProgramData\Apple
2013-09-11 19:43 - 2013-07-05 21:18 - 00000000 ____D C:\ProgramData\Apple
2013-09-05 17:01 - 2013-03-27 18:25 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 17:01 - 2013-03-27 18:25 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\Ronny Peterson\AppData\Local\Temp\Execute2App.exe
C:\Users\Ronny Peterson\AppData\Local\Temp\msvcp90.dll
C:\Users\Ronny Peterson\AppData\Local\Temp\msvcr90.dll
C:\Users\Ronny Peterson\AppData\Local\Temp\ose00000.exe
C:\Users\Ronny Peterson\AppData\Local\Temp\SAV2RemoveAll.exe
C:\Users\Ronny Peterson\AppData\Local\Temp\tbDVDV.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-25 16:54

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2013
Ran by Ronny Peterson at 2013-09-25 17:21:40
Running from C:\Users\Ronny Peterson\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

@BIOS (x32 Version: 2.08)
Adobe AIR (x32 Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.4) - Deutsch (x32 Version: 10.1.4)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Fuel (Version: 2012.1219.1521.27485)
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485)
ATI AVIVO64 Codecs (Version: 11.6.0.50930)
ATI Problem Report Wizard (Version: 3.0.795.0)
ATITool Overclocking Utility (x32 Version: 0.26)
Aureon 5.1 PCI
AutoGreen B10.0517.1 (x32 Version: 1.00.0000)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
BioShock Infinite (x32)
Browser Configuration Utility (x32 Version: 1.1.18.0)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.6)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32)
Call of Duty: Black Ops II - Multiplayer (x32)
Call of Duty: Black Ops II - Zombies (x32)
Call of Duty: Black Ops II (x32)
Call of Duty: Modern Warfare 3 - Dedicated Server (x32)
Call of Duty: Modern Warfare 3 - Multiplayer (x32)
Call of Duty: Modern Warfare 3 (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Diablo III (x32 Version: 1.0.8.16603)
DVB-T USB BDA Driver (x32)
Easy Tune 6 B10.0516.1 (x32 Version: 1.00.0000)
EasySaver B9.1214.1  (x32 Version: 1.00.0000)
erLT (x32 Version: 1.20.0137)
ESL Wire 1.15.3
Forsaken World  (x32)
Gigabyte Raid Configurer (x32 Version: 1.00.0001)
Google Chrome (HKCU Version: 29.0.1547.76)
GUILD WARS (x32)
Guild Wars 2 (x32)
GuildWars Visions v1.08 (x32)
HLSW v1.4.0.2 (x32)
HydraVision (x32 Version: 4.2.180.0)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 25 (64-bit) (Version: 6.0.250)
Java(TM) 7 Update 4 (64-bit) (Version: 7.0.40)
League of Legends (x32 Version: 1.3)
Logitech SetPoint 5.20 (Version: 5.20)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
maxdome - Online Videothek (Version: 1.0)
maxdome Download Manager 4.1.300.78 (x32 Version: 4.1.30078)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (x32 Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nero 7 Premium (x32 Version: 7.02.9755)
neroxml (x32 Version: 1.0.0)
ON_OFF Charge B10.0427.1 (x32 Version: 1.00.0001)
OutlookAddInNet3Setup (x32 Version: 1.0.0)
PDFCreator (x32 Version: 1.0.1)
Realtek Ethernet Controller Driver For Windows Vista (x32 Version: 6.236.322.2010)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6034)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6083)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0)
Saitek Cyborg Keyboard Volume 6.2.1.3 (Version: 6.2.1.3)
Samsung CLX-3170 Series (x32)
Samsung Kies (x32 Version: 2.1.1.11124_17)
Samsung Universal Print Driver 2 (x32 Version: 2.50.03.00)
Samsung Universal Scan Driver (x32 Version: 1.2.5.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Segoe UI (x32 Version: 15.4.2271.0615)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Smart Technology Programming Software 7.0.27.13 (Version: 7.0.27.13)
SmarThru 4 (x32)
SmarThru PC Fax (x32)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.12)
TeamViewer 8 (x32 Version: 8.0.17396)
Tomb Raider (x32)
Ultimate Extras sounds from Microsoft® Tinker™
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (x32 Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
UseNeXT by Tangysoft (x32)
User's Guides (Version: 1.20.0000)
VLC media player 2.0.5 (x32 Version: 2.0.5)
Web Check (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Utils (x32)
Windows-Soundschemas
WinRAR 4.01 (64-Bit) (Version: 4.01.0)

==================== Restore Points  =========================

06-09-2013 16:49:51 Windows Update
10-09-2013 16:06:29 Windows Update
11-09-2013 17:36:56 Removed Apple Application Support
11-09-2013 17:39:06 Removed Apple Mobile Device Support
11-09-2013 17:40:56 Removed Apple Software Update
11-09-2013 17:42:22 Removed Bonjour
11-09-2013 17:48:08 Removed iTunes
11-09-2013 17:56:01 Removed pdfforge Toolbar v7.6.
11-09-2013 17:59:33 Entfernt InstallShield Wiederherstellungspunkt
13-09-2013 03:13:53 Windows Update
14-09-2013 01:00:28 Windows Update
17-09-2013 15:00:58 Windows Update
23-09-2013 18:24:28 Free Driver Scout
23-09-2013 18:33:10 DriverUtilities
23-09-2013 18:35:42 Installiert Renesas Electronics USB 3.0 Host Controller Driver
23-09-2013 18:36:46 Gerätetreiber-Paketinstallation: Hewlett-Packard Company Systemgeräte
23-09-2013 18:38:19 Installiert Renesas Electronics USB 3.0 Host Controller Driver
23-09-2013 18:39:50 Gerätetreiber-Paketinstallation: Realtek Netzwerkadapter
23-09-2013 18:40:20 Gerätetreiber-Paketinstallation: C-Media Electronics Inc. Audio-, Video- und Gamecontroller
23-09-2013 18:42:25 Gerätetreiber-Paketinstallation: Samsung Bildverarbeitungsgeräte
23-09-2013 18:44:55 Gerätetreiber-Paketinstallation: Samsung Drucker
24-09-2013 15:41:03 Free Driver Scout
24-09-2013 15:43:09 Free Driver Scout
24-09-2013 20:38:11 Windows Update
25-09-2013 10:58:36 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {055A0F92-C9FA-445F-B6F2-E7BC676707A6} - System32\Tasks\FreeDriverScout => C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe
Task: {1BDB16F8-BA59-4E5B-8B0D-DEF87FAD2636} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {1C195172-244A-484D-9A7A-7F64B25E2092} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19] (Adobe Systems Incorporated)
Task: {22FB39C3-BC66-4CEF-84EA-2EC0C580D999} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000UA => C:\Users\Ronny Peterson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18] (Google Inc.)
Task: {2895AB63-E83E-4E3C-8736-518487C807D3} - System32\Tasks\User_Feed_Synchronization-{A34D45CD-1E54-4F67-B2A7-A424BB42D55D} => C:\Windows\system32\msfeedssync.exe [2012-04-18] (Microsoft Corporation)
Task: {5A07C22F-469C-443B-8375-0736C3C9557D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000Core => C:\Users\Ronny Peterson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18] (Google Inc.)
Task: {7168F3E5-8F53-4066-8C8C-96A3A2837C66} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-08-16] ()
Task: {893AA01D-582D-44E9-A7A0-D1F978562DE2} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-09-23] ()
Task: {8B8827FF-32FB-4155-A82A-006970C5E8BF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {9475DD97-BB54-4FD8-A31A-032B4833F6AA} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {AA105019-BFFB-4713-B627-81B47F4419F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {C0B38178-CA76-4475-90EB-B2F41221156B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {C28278BF-1ABF-4595-BB2A-15201DDF25E3} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {C41E9FD5-A5DB-4DEF-9715-E4F7BAFEE730} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {DDE8ACE0-CDA6-4ED5-B177-C6880B60600B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000Core.job => C:\Users\Ronny Peterson\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000UA.job => C:\Users\Ronny Peterson\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-09-30 22:26 - 2010-09-30 22:26 - 00233472 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll
2010-09-29 03:13 - 2012-12-19 21:30 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2013-04-16 18:18 - 2013-04-16 18:18 - 00099840 _____ (Saitek) C:\Program Files\SmartTechnology\Software\ManuExtensionDLLs\AppLaunchEventDll.dll
2008-01-21 04:50 - 2008-01-21 04:50 - 00382464 _____ (Microsoft Corporation) C:\Windows\eHome\ehProxy.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00037376 _____ (AMD) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\FUEL.ImplementationNet4.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-08-14 18:14 - 2013-07-09 14:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-12-12 05:26 - 2012-09-28 18:13 - 00860160 _____ (Microsoft Corporation) C:\Windows\syswow64\kernel32.dll
2011-05-15 12:41 - 2009-04-11 08:26 - 00648704 _____ (Microsoft Corporation) C:\Windows\syswow64\USER32.dll
2011-05-15 12:41 - 2009-04-11 08:26 - 00303616 _____ (Microsoft Corporation) C:\Windows\syswow64\GDI32.dll
2011-05-15 12:41 - 2009-04-11 08:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\syswow64\ADVAPI32.dll
2013-08-14 18:14 - 2013-07-10 11:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\syswow64\RPCRT4.dll
2012-07-11 22:41 - 2012-06-02 02:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\syswow64\Secur32.dll
2012-04-17 08:37 - 2011-12-14 18:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\syswow64\msvcrt.dll
2012-04-17 08:34 - 2012-02-29 17:09 - 00157696 _____ (Microsoft Corporation) C:\Windows\syswow64\imagehlp.dll
2011-05-15 12:40 - 2009-04-11 08:28 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2013-08-14 18:14 - 2013-07-08 06:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcWow64.DLL
2011-05-15 12:39 - 2009-04-11 08:28 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VERSION.dll
2012-07-11 22:41 - 2012-06-08 19:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.dll
2013-01-10 05:10 - 2012-11-22 05:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\syswow64\SHLWAPI.dll
2011-05-12 04:57 - 2010-06-28 19:00 - 01316864 _____ (Microsoft Corporation) C:\Windows\syswow64\ole32.dll
2012-04-17 08:35 - 2011-08-25 18:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.dll
2011-05-15 12:40 - 2009-04-11 08:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\USERENV.dll
2012-04-17 08:36 - 2011-01-20 18:07 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINSPOOL.DRV
2011-05-15 12:40 - 2009-04-11 08:28 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPR.dll
2011-05-15 12:41 - 2009-04-11 08:28 - 00807424 _____ (Microsoft Corporation) C:\Windows\syswow64\MSCTF.dll
2011-05-12 04:52 - 2009-04-11 08:26 - 00023552 _____ (Microsoft Corporation) C:\Windows\syswow64\LPK.DLL
2011-05-12 04:52 - 2010-04-16 18:46 - 00502272 _____ (Microsoft Corporation) C:\Windows\syswow64\USP10.dll
2012-06-30 14:11 - 2009-09-07 16:18 - 08151040 _____ (C-Media Corporation) C:\Windows\Syswow64\CMICNFG3.dll
2012-04-17 08:35 - 2011-10-14 18:03 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINMM.dll
2012-04-17 08:35 - 2011-08-25 18:14 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OLEACC.dll
2011-05-15 12:41 - 2009-04-11 08:28 - 01591296 _____ (Microsoft Corporation) C:\Windows\syswow64\SETUPAPI.dll
2011-05-15 12:40 - 2009-04-11 08:28 - 00450560 _____ (Microsoft Corporation) C:\Windows\syswow64\comdlg32.dll
2008-01-21 04:50 - 2008-01-21 04:50 - 00234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 18:14 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINTRUST.dll
2013-08-14 18:14 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CRYPT32.dll
2011-05-12 04:53 - 2009-09-04 13:41 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSASN1.dll
2011-05-15 12:40 - 2009-04-11 08:28 - 00444416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsound.dll
2011-05-15 12:40 - 2009-04-11 08:28 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\POWRPROF.dll
2008-01-21 04:48 - 2008-01-21 04:48 - 00523776 _____ (Microsoft Corporation) C:\Windows\syswow64\CLBCatQ.DLL
2011-05-15 12:40 - 2009-04-11 08:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOSES.DLL
2011-05-15 12:40 - 2009-04-11 08:28 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audioeng.dll
2006-11-02 14:13 - 2006-11-02 11:46 - 00012288 _____ (Microsoft Corporation) C:\Windows\syswow64\PSAPI.DLL
2008-01-21 04:49 - 2008-01-21 04:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AVRT.dll
2010-09-30 22:26 - 2010-09-30 22:26 - 00208896 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH.dll
2008-01-21 04:49 - 2008-01-21 04:49 - 00179200 _____ (Microsoft Corporation) C:\Windows\syswow64\WS2_32.dll
2008-01-21 04:49 - 2008-01-21 04:49 - 00008192 _____ (Microsoft Corporation) C:\Windows\syswow64\NSI.dll
2007-07-02 15:02 - 2007-07-02 15:02 - 03073320 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\AdvrCntr2.dll
2013-09-13 05:20 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\syswow64\WININET.dll
2006-11-02 14:17 - 2006-11-02 10:33 - 00002560 _____ (Microsoft Corporation) C:\Windows\syswow64\Normaliz.dll
2013-09-13 05:20 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\syswow64\iertutil.dll
2013-09-13 05:20 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\syswow64\urlmon.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00059176 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingServicePS.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00020776 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll
2007-06-27 19:03 - 2007-06-27 19:03 - 02749736 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMDataServices.dll
2006-11-02 14:13 - 2006-11-02 11:46 - 00012288 _____ (Microsoft Corporation) C:\Windows\syswow64\psapi.dll
2011-05-15 12:41 - 2009-04-11 08:28 - 00287744 _____ (Microsoft Corporation) C:\Windows\syswow64\WLDAP32.dll
2013-03-12 18:10 - 2013-08-22 00:18 - 00687104 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2011-05-15 12:40 - 2009-04-11 08:28 - 00450560 _____ (Microsoft Corporation) C:\Windows\syswow64\COMDLG32.dll
2011-11-09 19:04 - 2013-09-21 20:35 - 01121192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.dll
2011-11-09 19:04 - 2013-09-11 00:20 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-03-16 11:52 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-03-16 11:52 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-03-16 11:52 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2008-01-21 04:50 - 2008-01-21 04:50 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWow64\ACTXPRXY.DLL
2008-01-21 04:46 - 2008-01-21 04:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput8.dll
2008-01-21 04:49 - 2008-01-21 04:49 - 00403968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2012-12-12 05:26 - 2012-09-28 18:13 - 00860160 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNEL32.dll
2011-12-23 21:59 - 2011-12-23 21:59 - 00307200 _____ ( MarkAny.) C:\Program Files (x86)\Samsung\Kies\External\MACSSDK.dll
2012-07-11 22:41 - 2012-06-02 02:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-01-29 19:31 - 2013-07-23 02:45 - 00167312 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\AgentDialogs.dll
2013-01-29 19:31 - 2013-07-23 02:45 - 00053128 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\AgentModels.dll
2013-01-29 19:31 - 2013-07-23 02:45 - 00120712 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\GlobalUtil.dll
2011-12-23 21:59 - 2013-07-23 02:45 - 01048976 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
2013-01-29 19:31 - 2013-07-23 02:45 - 01618312 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\AgentModule.dll
2013-01-29 19:31 - 2013-07-23 02:45 - 00106496 _____ (TODO: <Company name>) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\BaseUI.dll
2013-01-29 19:32 - 2013-07-23 02:45 - 03341208 _____ (Codejock Software) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\ToolkitPro1331vc90U.dll
2010-09-30 22:26 - 2010-09-30 22:26 - 00094208 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDeu.dll
2011-05-15 12:41 - 2009-04-11 08:26 - 00648704 _____ (Microsoft Corporation) C:\Windows\syswow64\user32.dll
2012-04-17 08:35 - 2011-08-25 18:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\syswow64\oleaut32.dll
2012-07-11 22:41 - 2012-06-08 19:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\syswow64\shell32.dll
2013-09-13 05:20 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2008-01-21 04:49 - 2008-01-21 04:49 - 00179200 _____ (Microsoft Corporation) C:\Windows\syswow64\WS2_32.DLL
2009-06-27 10:11 - 2009-06-27 10:11 - 00503202 _____ () C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
2009-10-15 14:06 - 2009-10-15 14:06 - 00170216 _____ (DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ZyngaGames.dll
2011-07-13 20:58 - 2008-06-26 04:45 - 00155648 _____ () C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll
2011-07-13 20:58 - 2008-06-26 04:46 - 01384520 _____ () C:\Windows\twain_32\Samsung\CLX3170\ssole.dll
2011-07-13 20:58 - 2008-06-26 04:46 - 00081920 _____ (Samsung Electronics) C:\Windows\twain_32\Samsung\CLX3170\scantopc.dll
2011-07-13 20:58 - 2008-06-26 04:45 - 00367104 _____ () C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll
2011-12-28 00:19 - 2013-07-26 14:41 - 00250368 _____ (Windows (R) Codename Longhorn DDK provider) C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll
2011-09-16 14:39 - 2011-09-16 14:39 - 00098664 _____ (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00320808 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMSQLDB.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00070952 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMLogCxx.dll
2007-06-27 19:02 - 2007-06-27 19:02 - 00742696 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\log4cxx.dll
2007-06-27 19:03 - 2007-06-27 19:03 - 00541992 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMCoFoundation.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00107816 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMPluginBase.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00181544 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMFullTextExtraction.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00181544 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll
2007-06-28 19:16 - 2007-06-28 19:16 - 03376424 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NeroIPP.dll
2013-09-25 06:35 - 2013-09-25 06:35 - 03360152 _____ () C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\mozjs.dll
2011-05-15 12:40 - 2009-04-11 08:26 - 00116224 _____ (Microsoft Corporation) C:\Windows\syswow64\IMM32.dll
2013-09-10 19:20 - 2013-09-10 19:20 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\[verify-U] => ""="Service"

==================== Faulty Device Manager Devices =============

Name: ATITool Driver
Description: ATITool Driver
Class Guid: {85b5ddd0-e090-4b15-bdf2-a443a3ca0b66}
Manufacturer: W1zzard
Service: ATITool
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2013 04:49:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (09/25/2013 04:49:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (09/25/2013 04:47:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2013 04:46:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (09/25/2013 04:46:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (09/25/2013 04:46:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (09/25/2013 07:43:58 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{d6a611c3-7bed-11e0-9558-806e6f6e6963} - 0000000000000394,0x0053c06c,000000000080C2C0,0,000000000080B2B0,4096,[0])". hr = 0x8007045d.


Vorgang:
   Ein Vergleichsbereichvolume wird automatisch ausgewählt
   EndPrepareSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (09/25/2013 07:40:36 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{d6a611c3-7bed-11e0-9558-806e6f6e6963} - 00000000000003D4,0x0053c06c,000000000080C2C0,0,000000000080B2B0,4096,[0])". hr = 0x8007045d.


Vorgang:
   Ein Vergleichsbereichvolume wird automatisch ausgewählt
   EndPrepareSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (09/25/2013 07:36:25 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{d6a611c3-7bed-11e0-9558-806e6f6e6963} - 00000000000003BC,0x0053c06c,000000000080C2C0,0,000000000080B2B0,4096,[0])". hr = 0x8007045d.


Vorgang:
   Ein Vergleichsbereichvolume wird automatisch ausgewählt
   EndPrepareSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (09/25/2013 07:32:16 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{d6a611c3-7bed-11e0-9558-806e6f6e6963} - 00000000000001EC,0x0053c06c,000000000080C2C0,0,000000000080B2B0,4096,[0])". hr = 0x8007045d.


Vorgang:
   Ein Vergleichsbereichvolume wird automatisch ausgewählt
   EndPrepareSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider


System errors:
=============
Error: (09/25/2013 04:47:54 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%20

Error: (09/25/2013 04:47:36 PM) (Source: Service Control Manager) (User: )
Description: [verify-U]_System

Error: (09/25/2013 04:47:31 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%20

Error: (09/25/2013 04:47:31 PM) (Source: Service Control Manager) (User: )
Description: AODDriver4.2%%2

Error: (09/25/2013 01:13:17 PM) (Source: disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (09/25/2013 01:11:42 PM) (Source: disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (09/25/2013 01:10:02 PM) (Source: disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (09/25/2013 01:07:57 PM) (Source: disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (09/25/2013 01:05:54 PM) (Source: disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (09/25/2013 01:03:09 PM) (Source: disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.


Microsoft Office Sessions:
=========================
Error: (09/25/2013 04:49:27 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifestC:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifestC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

Error: (09/25/2013 04:49:27 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifestC:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifestC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

Error: (09/25/2013 04:47:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2013 04:46:16 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifestC:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifestC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

Error: (09/25/2013 04:46:16 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifestC:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifestC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

Error: (09/25/2013 04:46:16 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifestC:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifestC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

Error: (09/25/2013 07:43:58 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{d6a611c3-7bed-11e0-9558-806e6f6e6963} - 0000000000000394,0x0053c06c,000000000080C2C0,0,000000000080B2B0,4096,[0])0x8007045d

Vorgang:
   Ein Vergleichsbereichvolume wird automatisch ausgewählt
   EndPrepareSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (09/25/2013 07:40:36 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{d6a611c3-7bed-11e0-9558-806e6f6e6963} - 00000000000003D4,0x0053c06c,000000000080C2C0,0,000000000080B2B0,4096,[0])0x8007045d

Vorgang:
   Ein Vergleichsbereichvolume wird automatisch ausgewählt
   EndPrepareSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (09/25/2013 07:36:25 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{d6a611c3-7bed-11e0-9558-806e6f6e6963} - 00000000000003BC,0x0053c06c,000000000080C2C0,0,000000000080B2B0,4096,[0])0x8007045d

Vorgang:
   Ein Vergleichsbereichvolume wird automatisch ausgewählt
   EndPrepareSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (09/25/2013 07:32:16 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{d6a611c3-7bed-11e0-9558-806e6f6e6963} - 00000000000001EC,0x0053c06c,000000000080C2C0,0,000000000080B2B0,4096,[0])0x8007045d

Vorgang:
   Ein Vergleichsbereichvolume wird automatisch ausgewählt
   EndPrepareSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider


CodeIntegrity Errors:
===================================
  Date: 2013-09-25 16:46:07.694
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-25 16:46:07.541
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-25 16:45:50.274
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-25 16:45:50.102
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-24 21:36:09.244
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-24 21:36:09.079
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-24 21:36:08.917
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-24 21:36:08.744
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-24 21:36:08.587
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-24 21:36:08.430
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 12284.63 MB
Available physical RAM: 9257.68 MB
Total Pagefile: 24501.78 MB
Available Pagefile: 21267.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.25 GB) (Free:28.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:458.59 GB) (Free:416.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 36127A51)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=231 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 25.09.2013, 19:22   #5
M-K-D-B
/// TB-Ausbilder
 
www_getwindowinfo - Standard

www_getwindowinfo



Servus,






Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.






Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix,
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT.

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 26.09.2013, 04:53   #6
RonnyP
 
www_getwindowinfo - Standard

www_getwindowinfo



Guten morgen,

hier als erstes der Log von Combofix. ADWCleaner Log kann ich dir leider nicht senden, der hängt sich immer nach kurzer zeit auf.Habe ihn extra die Nacht durchlaufen lassen. JRT habe ich noch nicht durchlaufen lassen, da ich nicht weiß ob die sachen aufeinander aufbauen. Starte den PC heut nachmittag neu und versuche es dann nochmal.

Code:
ATTFilter
ComboFix 13-09-24.02 - Ronny Peterson 25.09.2013  19:39:18.1.6 - x64
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.49.1031.18.12285.9608 [GMT 2:00]
ausgeführt von:: c:\users\Ronny Peterson\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Web Check\WeBCheck.dll
c:\users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-25 bis 2013-09-25  ))))))))))))))))))))))))))))))
.
.
2013-09-25 15:20 . 2013-09-25 15:20	--------	d-----w-	C:\FRST
2013-09-25 04:35 . 2013-09-25 14:49	--------	d-----w-	c:\program files (x86)\Mozilla Firefox 4.0 Beta 4
2013-09-24 20:40 . 2013-09-05 05:32	9694160	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A0DE22F-B760-4DEB-BE7A-749AF8F7B37F}\mpengine.dll
2013-09-24 15:51 . 2013-09-24 15:51	--------	d-----w-	c:\users\Ronny Peterson\AppData\Roaming\Malwarebytes
2013-09-24 15:51 . 2013-09-24 15:51	--------	d-----w-	c:\programdata\Malwarebytes
2013-09-24 15:51 . 2013-09-24 15:51	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-24 15:51 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-09-23 18:45 . 2013-02-05 02:28	41984	----a-w-	c:\windows\system32\Spool\prtprocs\x64\spe__pc.dll
2013-09-23 18:44 . 2013-06-01 05:13	1571160	------w-	c:\windows\TotalUninstaller.exe
2013-09-23 18:44 . 2013-05-10 09:48	162136	----a-w-	c:\windows\system32\spe__ci.exe
2013-09-23 18:44 . 2011-04-11 05:26	34304	----a-w-	c:\windows\system32\spe__l.dll
2013-09-23 18:44 . 2010-10-20 08:46	89600	----a-w-	c:\windows\system32\spe__ci.dll
2013-09-23 18:43 . 2010-10-06 09:04	142128	----a-w-	c:\windows\wiainst64.exe
2013-09-23 18:43 . 2013-09-23 18:43	--------	d-----w-	c:\windows\twain_64
2013-09-23 18:42 . 2010-05-20 12:08	280064	----a-w-	c:\windows\system32\snWIAMUI.dll
2013-09-23 18:42 . 2010-01-19 10:58	160272	----a-w-	c:\windows\system32\TWAINDSM.dll
2013-09-23 18:42 . 2010-01-19 10:57	143896	----a-w-	c:\windows\SysWow64\TWAINDSM.dll
2013-09-23 18:41 . 2010-10-21 11:46	207872	----a-w-	c:\windows\system32\SNWIAUI.dll
2013-09-23 18:41 . 2010-10-21 08:22	709632	----a-w-	c:\windows\system32\SnMinDrv.dll
2013-09-23 18:41 . 2010-10-21 08:22	163840	----a-w-	c:\windows\system32\SnImgFlt.dll
2013-09-23 18:41 . 2010-10-21 08:22	103424	----a-w-	c:\windows\system32\SnErHdlr.dll
2013-09-23 18:37 . 2013-09-23 18:37	--------	d-----w-	c:\program files\Hewlett-Packard
2013-09-23 18:37 . 2013-09-23 18:37	--------	d-----w-	C:\cpqsystem
2013-09-23 18:28 . 2013-09-23 18:28	--------	d-----w-	c:\programdata\FreeDriverScout
2013-09-23 18:28 . 2013-09-23 18:28	--------	d-----w-	c:\program files (x86)\SoftwareUpdater
2013-09-23 18:28 . 2013-09-24 15:36	--------	d-----w-	c:\users\Ronny Peterson\AppData\Roaming\Windows Net Data
2013-09-23 18:26 . 2013-09-25 14:51	--------	d-----w-	c:\program files\SoftwareUpdater
2013-09-23 18:26 . 2013-09-23 18:26	--------	d-----w-	c:\program files\Covus Freemium
2013-09-23 18:25 . 2013-09-25 17:47	--------	d-----w-	c:\program files (x86)\Web Check
2013-09-23 18:22 . 2013-09-23 18:24	--------	d-----w-	c:\users\Ronny Peterson\AppData\Local\DownloadGuide
2013-09-23 18:17 . 2013-09-23 18:27	--------	d-----w-	c:\program files (x86)\DriverTurbo
2013-09-23 18:17 . 2013-09-23 18:27	--------	d-----w-	c:\users\Ronny Peterson\AppData\Roaming\DriverTurbo
2013-09-17 16:07 . 2013-09-20 17:48	--------	d-----w-	c:\users\Ronny Peterson\AppData\Roaming\Guild Wars 2
2013-09-15 12:39 . 2013-09-15 12:39	--------	d-----w-	c:\users\Ronny Peterson\AppData\Local\GW2Stuff
2013-09-13 18:15 . 2013-09-13 18:15	--------	d-----w-	c:\users\Ronny Peterson\AppData\Local\Overwolf
2013-09-13 02:47 . 2013-08-08 02:03	2775552	----a-w-	c:\windows\system32\win32k.sys
2013-09-13 02:47 . 2013-07-16 09:25	689152	----a-w-	c:\windows\system32\themeui.dll
2013-09-13 02:47 . 2013-07-16 04:35	615936	----a-w-	c:\windows\SysWow64\themeui.dll
2013-08-28 15:57 . 2013-08-02 14:06	1706496	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-08-28 15:57 . 2013-08-02 04:09	1548288	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-25 14:46 . 2011-05-11 15:31	25640	----a-w-	c:\windows\gdrv.sys
2013-09-21 19:33 . 2011-05-11 18:16	281768	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-09-21 19:33 . 2011-05-11 17:11	281768	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-09-21 19:33 . 2011-05-11 17:11	281768	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-09-19 17:20 . 2012-04-28 07:33	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-19 17:20 . 2011-05-14 17:02	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 03:22 . 2006-11-02 12:35	79143768	----a-w-	c:\windows\system32\mrt.exe
2013-09-05 15:01 . 2013-03-27 16:25	132088	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-09-05 15:01 . 2013-03-27 16:25	105344	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-07 02:22 . 2011-05-12 02:32	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-07-17 20:01 . 2013-08-14 16:13	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-17 19:41 . 2013-08-14 16:13	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-07-10 09:47 . 2013-08-14 16:14	677888	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-07-10 09:42 . 2013-08-14 16:14	1303552	----a-w-	c:\windows\system32\rpcrt4.dll
2013-07-09 12:04 . 2013-08-14 16:14	1168088	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-07-09 12:04 . 2013-08-14 16:14	1585256	----a-w-	c:\windows\system32\ntdll.dll
2013-07-08 04:51 . 2013-08-14 16:14	4691904	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20 . 2013-08-14 16:14	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-07-08 04:20 . 2013-08-14 16:14	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-07-08 04:18 . 2013-08-14 16:14	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-07-08 04:16 . 2013-08-14 16:14	98304	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-07-08 04:16 . 2013-08-14 16:14	133120	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-07-08 04:16 . 2013-08-14 16:14	992768	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-07-08 04:16 . 2013-08-14 16:14	43008	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-08 04:15 . 2013-08-14 16:14	234496	----a-w-	c:\windows\system32\wow64.dll
2013-07-08 04:15 . 2013-08-14 16:14	218624	----a-w-	c:\windows\system32\wintrust.dll
2013-07-08 04:14 . 2013-08-14 16:14	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2013-07-08 04:12 . 2013-08-14 16:14	174592	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-08 04:12 . 2013-08-14 16:14	132096	----a-w-	c:\windows\system32\cryptnet.dll
2013-07-08 04:12 . 2013-08-14 16:14	1276416	----a-w-	c:\windows\system32\crypt32.dll
2013-07-08 01:39 . 2013-08-14 16:14	26112	----a-w-	c:\windows\SysWow64\setup16.exe
2013-07-08 01:39 . 2013-08-14 16:14	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-07-08 01:39 . 2013-08-14 16:14	2560	----a-w-	c:\windows\SysWow64\user.exe
2013-07-05 04:45 . 2013-08-14 16:14	1423808	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-28 12:21 . 2011-08-25 08:10	168864	----a-w-	c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-09-21 1814440]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-07-26 844656]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-07-26 1564016]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-09-30 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]
"3170 Scan2PC"="c:\windows\twain_32\Samsung\CLX3170\Scan2Pc.exe" [2009-01-30 503808]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-07-26 311152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-05 347192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
.
c:\users\Ronny Peterson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
net.lnk - c:\users\Ronny Peterson\AppData\Roaming\Windows Net Data\net.exe [2013-9-23 709120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
maxdome Download Manager.lnk - c:\program files (x86)\maxdome\DCBin\DCTrayApp.exe /accountId:Prosieben [2009-5-1 88808]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 17:20]
.
2013-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000Core.job
- c:\users\Ronny Peterson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 09:30]
.
2013-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000UA.job
- c:\users\Ronny Peterson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 09:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-04-16 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2013-04-16 158208]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-09-07 8151040]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredibar.com/mb201?a=6PQXp1nRZk&i=26
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: SmarThru4 Als HTML speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - c:\program files (x86)\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\WebCapture.dll
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB DE Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN47969287493718105&UM=&q=
FF - ExtSQL: 2013-08-12 19:48; {52b0f3db-f988-4788-b9dc-861d016f4487}; c:\program files (x86)\Web Check\WebCheck.xpi
FF - ExtSQL: 2013-08-30 20:06; {badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}; c:\users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
FF - ExtSQL: 2013-09-23 20:28; EFGLQA@78ETGYN-0W7FN789T87.COM; c:\users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
BHO-{E155F23C-9931-47c6-A619-20E6FCA86D75} - c:\program files (x86)\Web Check\WebCheck.dll
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Wow6432Node-HKCU-Run-KiesTrayAgent - c:\program files (x86)\Samsung\KiesKiesTrayAgent.exe
Wow6432Node-HKCU-Run-DriverTurbo - c:\program files (x86)\DriverTurbo\DriverTurbo.exe
Wow6432Node-HKLM-Run-TQ566808 - E:\Setup.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Prosieben]
"ImagePath"="\"c:\program files (x86)\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
"ImagePath"="system32\drivers\
[verify-U]-driver.sys"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\[verify-U]_System]
"ImagePath"="system32\drivers\
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-09-25  19:49:38
ComboFix-quarantined-files.txt  2013-09-25 17:49
.
Vor Suchlauf: 14 Verzeichnis(se), 30.026.199.040 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 35.230.965.760 Bytes frei
.
- - End Of File - - 49A89255A6C8EBC87D66AE07DB296EF8
5C616939100B85E558DA92B899A0FC36
         

Alt 26.09.2013, 17:33   #7
M-K-D-B
/// TB-Ausbilder
 
www_getwindowinfo - Standard

www_getwindowinfo



Servus,



dann starte bitte erst JRT und danach AdwCleaner.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 26.09.2013, 17:43   #8
RonnyP
 
www_getwindowinfo - Standard

www_getwindowinfo



So, jetzt lief ADWCleaner sauber durch und nach dem Neustart wurde auch der IE nichtmehr geöffnet. Hier noch die letzten 2 Logs.

ADWCleaner
Code:
ATTFilter
# AdwCleaner v3.005 - Bericht erstellt am 26/09/2013 um 17:14:57
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# Benutzername : Ronny Peterson - RONNYPETERSO-PC
# Gestartet von : C:\Users\Ronny Peterson\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : BCUService

***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\Babylon
[!] Ordner Gelöscht : C:\Program Files (x86)\Conduit
[!] Ordner Gelöscht : C:\Program Files (x86)\DeviceVM
[!] Ordner Gelöscht : C:\Program Files (x86)\Perion
[!] Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
[!] Ordner Gelöscht : C:\Program Files\SoftwareUpdater
[!] Ordner Gelöscht : C:\Users\Ronny Peterson\AppData\Local\Babylon
[!] Ordner Gelöscht : C:\Users\Ronny Peterson\AppData\Local\Conduit
[!] Ordner Gelöscht : C:\Users\Ronny Peterson\AppData\Local\cre
[!] Ordner Gelöscht : C:\Users\Ronny Peterson\AppData\Local\DownloadGuide
[!] Ordner Gelöscht : C:\Users\Ronny Peterson\AppData\LocalLow\Conduit
[!] Ordner Gelöscht : C:\Users\Ronny Peterson\AppData\Roaming\dvdvideosoftiehelpers
[!] Ordner Gelöscht : C:\Users\Ronny Peterson\AppData\Roaming\Windows Net Data
[!] Ordner Gelöscht : C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
[!] Ordner Gelöscht : C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[!] Ordner Gelöscht : C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
[!] Ordner Gelöscht : C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Ronny Peterson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gelöscht : C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\searchplugins\dvdvideosofttb-de-customized-web-search.xml
Datei Gelöscht : C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Windows\System32\Tasks\FreeDriverScout
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DeviceVM
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{638482BC-3092-42DC-AEA1-735264911A77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\IB Updater

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16506

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0 (de)

[ Datei : C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\prefs.js ]

Zeile gelöscht : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT2625848.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.search.searchAppId", "129181467799155027");
Zeile gelöscht : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364302987179");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1364302986882");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364302986933");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.15.0.562_lastUpdate", "1364302987191");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364302986966");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1364302986996");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364302986904");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1364302987017");
Zeile gelöscht : user_pref("CT2625848.showToolbarPermission", "false");
Zeile gelöscht : user_pref("CT2625848.toolbarCurrentServerTime", "26-3-2013");
Zeile gelöscht : user_pref("CT2625848.toolbarLoginClientTime", "Tue Mar 26 2013 14:03:07 GMT+0100");
Zeile gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1364302865897,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB DE Customized Web Search");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=");
Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2625848");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "DVDVideoSoftTB DE Customized Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "DVDVideoSoftTB DE Customized Web Search");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.backgroundjs", "\n\n/*****************************************************************************[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.js", "\n\n  /************************************************************************************\[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_13.name", "CrossriderAppUtils");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_14.name", "CrossriderUtils");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_78.name", "CrossriderInfo");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var [...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1414c1452187d29019a2aa0af69db4b5");
Zeile gelöscht : user_pref("extensions.ffxtlbr@incredibar.com.install-event-fired", true);
Zeile gelöscht : user_pref("extensions.incredibar.admin", false);
Zeile gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.incredibar.cntry", "DE");
Zeile gelöscht : user_pref("extensions.incredibar.dfltLng", "");
Zeile gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
Zeile gelöscht : user_pref("extensions.incredibar.did", "10643");
Zeile gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
Zeile gelöscht : user_pref("extensions.incredibar.excTlbr", false);
Zeile gelöscht : user_pref("extensions.incredibar.hdrMd5", "36165365ACCCB21D2683E0F3D970D63C");
Zeile gelöscht : user_pref("extensions.incredibar.hmpg", false);
Zeile gelöscht : user_pref("extensions.incredibar.id", "ce351a6000000000000000ff01000001");
Zeile gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
Zeile gelöscht : user_pref("extensions.incredibar.instlDay", "15735");
Zeile gelöscht : user_pref("extensions.incredibar.instlRef", "");
Zeile gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1420:49:24");
Zeile gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Zeile gelöscht : user_pref("extensions.incredibar.newTab", false);
Zeile gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
Zeile gelöscht : user_pref("extensions.incredibar.ppd", "1");
Zeile gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
Zeile gelöscht : user_pref("extensions.incredibar.productid", "26");
Zeile gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Zeile gelöscht : user_pref("extensions.incredibar.sg", "none");
Zeile gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQXp1nRZk&loc=IB_TB&i=26&search=");
Zeile gelöscht : user_pref("extensions.incredibar.upn2", "6PQXp1nRZk");
Zeile gelöscht : user_pref("extensions.incredibar.upn2n", "92544362759619494");
Zeile gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Zeile gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1420:49:24");
Zeile gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Zeile gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.did", "10643");
Zeile gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Zeile gelöscht : user_pref("extensions.incredibar_i.id", "ce351a6000000000000000ff01000001");
Zeile gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Zeile gelöscht : user_pref("extensions.incredibar_i.instlDay", "15735");
Zeile gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Zeile gelöscht : user_pref("extensions.incredibar_i.ppd", "1");
Zeile gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Zeile gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Zeile gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Zeile gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQXp1nRZk&loc=IB_TB&i=26&search=");
Zeile gelöscht : user_pref("extensions.incredibar_i.upn2", "6PQXp1nRZk");
Zeile gelöscht : user_pref("extensions.incredibar_i.upn2n", "92544362759619494");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1420:49:24");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN47969287493718105&UM=&q=");
Zeile gelöscht : user_pref("smartBar.searchInNewTabOwner", "CT2625848");
Zeile gelöscht : user_pref("smartbar.machineId", "WFNZUU+NKDO8/0OCJUZJJSZZMQVLRQPSMQI+J3DFVZODJ61QY2A7JHKMTNWH/RDVCHMN5QUUBUGWW0SJGQ1D7A");

*************************

AdwCleaner[R0].txt - [405 octets] - [25/09/2013 19:56:11]
AdwCleaner[R1].txt - [405 octets] - [25/09/2013 20:14:55]
AdwCleaner[R2].txt - [405 octets] - [26/09/2013 04:42:01]
AdwCleaner[R3].txt - [20271 octets] - [26/09/2013 17:11:22]
AdwCleaner[S0].txt - [19397 octets] - [26/09/2013 17:14:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19458 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows (TM) Vista Ultimate x64
Ran by Ronny Peterson on 26.09.2013 at 17:31:29,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-82046455-3787525402-3533716263-1000\Software\IB Updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-82046455-3787525402-3533716263-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322902230}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366906630}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322902230}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366906630}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366906630}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECA8654-1F0A-4E7E-8900-473F20FADF5E}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{01BA020D-6A6C-4D8D-A778-7058CDC0A46E}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{0634B257-7981-41BB-A036-7F7BAEB27D22}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{2091D430-BED6-489C-A2D3-34E7F28D8BC0}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{3C2933A6-2905-4369-8F49-0C1E1EAB7F0A}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{45B33E75-7D30-4B4B-AB62-3C8D0F1B0493}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{4AD0BE17-A7B4-485C-92BF-059EB5A4659B}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{582723DC-E05E-4D95-9C23-14986BFA1048}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{6CC5CFEB-F249-41DC-8247-C5D2A1897336}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{918D53F5-1646-4F83-A716-C6B0232D6560}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{93562E82-8AE2-4014-B310-ACE1BF0F4D29}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{AA27372B-D40F-4096-8F2B-53D1CD6D1126}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{AAC6347A-8D51-4E79-8192-DF550456CBB6}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{AD6B9EB5-1C34-44DC-8989-D30C28605CB8}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{AF45CC07-A788-49E4-8424-BE468AB6A48A}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{B1788FB8-469B-4EFD-8583-E251335C27FE}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{B3B085A1-2BDD-4766-BEB6-1A0EFA883C81}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{BB0939F6-1DE1-485F-89E7-6ADDF06DE68D}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{BF268F7A-EC51-40EB-9FAF-7348592CABBD}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{C857A3A4-F1AB-486A-92F8-12D930F70955}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{DE668F7C-4C34-4D0B-91DC-DB9B6574ADCC}
Successfully deleted: [Empty Folder] C:\Users\Ronny Peterson\appdata\local\{ED6EBD84-B8EE-47E2-896F-BD8744180BE3}



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.09.2013 at 17:35:51,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Zitat:
Zitat von M-K-D-B Beitrag anzeigen
Servus,



dann starte bitte erst JRT und danach AdwCleaner.

Hab die antwort von dir zu spät gesehen. Kam nach hause, PC an ADWCleaner und dann JRT.

Alt 26.09.2013, 17:50   #9
M-K-D-B
/// TB-Ausbilder
 
www_getwindowinfo - Standard

www_getwindowinfo



Servus,


Servus,



sieht gut aus.
Wir spüren die letzten Reste auf, damit wir sie später entfernen können:





Schritt 1
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.





Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
    *crossrider*
    *Babylon*
    *Conduit*
    *SoftwareUpdater*
    *incredibar*
    
    :folderfind
    *crossrider*
    *Babylon*
    *Conduit*
    *SoftwareUpdater*
    *incredibar*
    
    :regfind
    crossrider
    Babylon
    Conduit
    SoftwareUpdater
    incredibar
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.








Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von FRST,
  • die Logdatei von SystemLook,
  • die Beantwortung der gestellten Fragen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 26.09.2013, 18:13   #10
RonnyP
 
www_getwindowinfo - Standard

www_getwindowinfo



So,

FRST Log

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2013
Ran by Ronny Peterson (administrator) on RONNYPETERSO-PC on 26-09-2013 17:57:38
Running from C:\Users\Ronny Peterson\Desktop
Windows Vista (TM) Ultimate Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Devguru Co., Ltd.) C:\Windows\system32\dgdersvc.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
() C:\Program Files\EslWire\service\WireHelperSvc.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [CmPCIaudio] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1814440 2013-09-21] (Valve Corporation)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-09-30] (AMD)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [552960 2009-02-27] ()
HKLM-x32\...\Run: [3170 Scan2PC] - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe [503808 2009-01-30] ()
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\Mcx2\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx2\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {33BFCA99-B28F-4F7A-89A9-D1B64237B8FE} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
SearchScopes: HKCU - {50B6F626-ADC1-4a7c-867E-3C13E2F55EE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
SearchScopes: HKCU - {AC174D10-1FA5-4815-8670-2400D0EFD32B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Web Check - {E155F23C-9931-47c6-A619-20E6FCA86D75} - C:\Program Files (x86)\Web Check\WebCheck.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ronny Peterson\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ronny Peterson\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
FF Extension: pricealarm - C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
FF Extension: Address Bar Search - C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{52b0f3db-f988-4788-b9dc-861d016f4487}] - C:\Program Files (x86)\Web Check\WebCheck.xpi
FF Extension: No Name - C:\Program Files (x86)\Web Check\WebCheck.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\firefox.exe

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Web Check) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dacechnliklhcacondhhkkfobapdopee\0.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Plus-HD-3.8) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0
CHR Extension: (Gmail) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [dacechnliklhcacondhhkkfobapdopee] - C:\Program Files (x86)\Web Check\WebCheck.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 dgdersvc; C:\Windows\system32\dgdersvc.exe [119632 2010-09-06] (Devguru Co., Ltd.)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [678416 2012-12-17] ()
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-28] ()
R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)

==================== Drivers (Whitelisted) ====================

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [472448 2008-04-29] (AfaTech                  )
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-05-22] (C-Media Inc)
R3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-09-06] (Devguru Co., Ltd)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2011-08-03] (Turtle Entertainment GmbH)
R2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [160784 2012-12-17] (<Turtle Entertainment>)
S3 etdrv; C:\Windows\etdrv.sys [25640 2011-06-26] (Windows (R) Server 2003 DDK provider)
S3 etdrv; C:\Windows\etdrv.sys [25640 2011-06-26] (Windows (R) Server 2003 DDK provider)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-26] (Windows (R) Server 2003 DDK provider)
R3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-26] (Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-07-01] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-07-01] ()
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-02-18] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 LGBusEnum; system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid; system32\drivers\LGVirHid.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S1 [verify-U]_System; system32\drivers\[verify-U]-driver.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-26 17:57 - 2013-09-26 17:57 - 01956432 _____ (Farbar) C:\Users\Ronny Peterson\Desktop\FRST64.exe
2013-09-26 17:35 - 2013-09-26 17:35 - 00004542 _____ C:\Users\Ronny Peterson\Desktop\JRT.txt
2013-09-26 17:31 - 2013-09-26 17:31 - 00019555 _____ C:\Users\Ronny Peterson\Desktop\AdwCleaner[S0].txt
2013-09-26 17:31 - 2013-09-26 17:31 - 00000000 ____D C:\Windows\ERUNT
2013-09-26 05:04 - 2013-09-26 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4
2013-09-25 19:55 - 2013-09-25 19:55 - 01030038 _____ (Thisisu) C:\Users\Ronny Peterson\Desktop\JRT.exe
2013-09-25 19:53 - 2013-09-26 17:15 - 00000000 ____D C:\AdwCleaner
2013-09-25 19:53 - 2013-09-25 19:53 - 01042066 _____ C:\Users\Ronny Peterson\Desktop\adwcleaner.exe
2013-09-25 19:49 - 2013-09-25 19:49 - 00023670 _____ C:\ComboFix.txt
2013-09-25 19:37 - 2013-09-25 19:49 - 00000000 ____D C:\Qoobox
2013-09-25 19:37 - 2013-09-25 19:48 - 00000000 ____D C:\Windows\erdnt
2013-09-25 19:37 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-25 19:37 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-25 19:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-25 19:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-25 19:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-25 19:37 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-25 19:37 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-25 19:37 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-25 19:35 - 2013-09-25 19:35 - 05130004 ____R (Swearware) C:\Users\Ronny Peterson\Desktop\ComboFix.exe
2013-09-25 17:21 - 2013-09-25 17:23 - 00046245 _____ C:\Users\Ronny Peterson\Desktop\Addition.txt
2013-09-25 17:20 - 2013-09-25 17:20 - 00000000 ____D C:\FRST
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\Malwarebytes
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-24 17:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-23 20:45 - 2013-09-23 20:45 - 00000040 _____ C:\Autoconfig.ini
2013-09-23 20:44 - 2013-06-01 07:13 - 01571160 ____N C:\Windows\TotalUninstaller.exe
2013-09-23 20:44 - 2013-05-10 11:48 - 00162136 _____ C:\Windows\system32\spe__ci.exe
2013-09-23 20:44 - 2012-11-17 10:28 - 00000357 _____ C:\Windows\system32\spe__l.smt
2013-09-23 20:44 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\system32\spe__l.dll
2013-09-23 20:44 - 2010-10-20 10:46 - 00089600 _____ (SS) C:\Windows\system32\spe__ci.dll
2013-09-23 20:43 - 2013-09-23 20:43 - 00000000 ____D C:\Windows\twain_64
2013-09-23 20:43 - 2010-10-06 11:04 - 00142128 _____ C:\Windows\wiainst64.exe
2013-09-23 20:42 - 2010-05-20 14:08 - 00280064 _____ (Samsung Electronics) C:\Windows\system32\snWIAMUI.dll
2013-09-23 20:42 - 2010-04-20 17:20 - 00084592 _____ C:\Windows\system32\WIAEXSTR.loc
2013-09-23 20:42 - 2010-01-19 12:58 - 00160272 _____ (TWAIN Working Group) C:\Windows\system32\TWAINDSM.dll
2013-09-23 20:42 - 2010-01-19 12:57 - 00143896 _____ (TWAIN Working Group) C:\Windows\SysWOW64\TWAINDSM.dll
2013-09-23 20:41 - 2010-10-21 13:46 - 00207872 _____ C:\Windows\system32\SNWIAUI.dll
2013-09-23 20:41 - 2010-10-21 10:22 - 00709632 _____ C:\Windows\system32\SnMinDrv.dll
2013-09-23 20:41 - 2010-10-21 10:22 - 00163840 _____ C:\Windows\system32\SnImgFlt.dll
2013-09-23 20:41 - 2010-10-21 10:22 - 00103424 _____ C:\Windows\system32\SnErHdlr.dll
2013-09-23 20:37 - 2013-09-23 20:37 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-09-23 20:37 - 2013-09-23 20:37 - 00000000 ____D C:\cpqsystem
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\2C0A
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0C0A
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0C04
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0816
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0804
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0424
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041F
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041E
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041D
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041B
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0419
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0416
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0415
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0414
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0413
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0412
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0411
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0410
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040E
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040D
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040C
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040B
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040A
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0409
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0408
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0406
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0405
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0404
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0401
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2013-09-23 20:28 - 2013-09-23 20:28 - 00000000 ____D C:\ProgramData\FreeDriverScout
2013-09-23 20:26 - 2013-09-23 20:26 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-23 20:25 - 2013-09-25 19:47 - 00000000 ____D C:\Program Files (x86)\Web Check
2013-09-23 20:17 - 2013-09-23 20:27 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\DriverTurbo
2013-09-23 20:17 - 2013-09-23 20:27 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-09-23 20:17 - 2013-09-23 20:17 - 00345324 _____ C:\Users\Ronny Peterson\AppData\Local\dd_vcredistMSI3DFB.txt
2013-09-23 20:17 - 2013-09-23 20:17 - 00012810 _____ C:\Users\Ronny Peterson\AppData\Local\dd_vcredistUI3DFB.txt
2013-09-19 18:03 - 2013-09-20 04:38 - 98443620 _____ C:\Windows\SysWOW64\煾뻬Ñ
2013-09-17 18:07 - 2013-09-20 19:48 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\Guild Wars 2
2013-09-15 14:39 - 2013-09-15 14:39 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Local\GW2Stuff
2013-09-15 14:37 - 2013-06-04 20:05 - 00000000 ____D C:\Users\Ronny Peterson\Desktop\Source
2013-09-15 14:37 - 2013-06-04 19:40 - 00300544 _____ C:\Users\Ronny Peterson\Desktop\GW2Stuff.exe
2013-09-14 16:43 - 2013-09-14 16:43 - 00276056 _____ C:\Windows\Minidump\Mini091413-01.dmp
2013-09-13 20:15 - 2013-09-13 20:15 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Local\Overwolf
2013-09-13 17:26 - 2013-09-14 15:00 - 97542592 _____ C:\Windows\SysWOW64\䍏쭢뻬É
2013-09-13 05:20 - 2013-07-31 16:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 05:20 - 2013-07-31 15:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 05:20 - 2013-07-31 15:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 05:20 - 2013-07-31 15:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 05:20 - 2013-07-31 15:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 05:20 - 2013-07-31 15:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-13 05:20 - 2013-07-31 15:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-13 05:20 - 2013-07-31 15:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 05:20 - 2013-07-31 15:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-13 05:20 - 2013-07-31 15:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 05:20 - 2013-07-31 15:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-13 05:20 - 2013-07-31 15:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 05:20 - 2013-07-31 15:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 05:20 - 2013-07-31 15:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-13 05:20 - 2013-07-31 15:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 05:20 - 2013-07-31 15:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 05:20 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 05:20 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 05:20 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 05:20 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 05:20 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-13 05:20 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 05:20 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-13 05:20 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 05:20 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 05:20 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-13 05:20 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-13 05:20 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 05:20 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 05:20 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 05:20 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-13 05:20 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 04:47 - 2013-08-08 04:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 04:47 - 2013-07-16 11:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-13 04:47 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-09-04 20:49 - 2013-09-18 20:52 - 00013005 _____ C:\Users\Ronny Peterson\Desktop\Klasse 1b.xlsx
2013-08-28 17:57 - 2013-08-02 16:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-28 17:57 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

==================== One Month Modified Files and Folders =======

2013-09-26 17:57 - 2013-09-26 17:57 - 01956432 _____ (Farbar) C:\Users\Ronny Peterson\Desktop\FRST64.exe
2013-09-26 17:35 - 2013-09-26 17:35 - 00004542 _____ C:\Users\Ronny Peterson\Desktop\JRT.txt
2013-09-26 17:33 - 2011-12-18 11:30 - 00001156 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000UA.job
2013-09-26 17:31 - 2013-09-26 17:31 - 00019555 _____ C:\Users\Ronny Peterson\Desktop\AdwCleaner[S0].txt
2013-09-26 17:31 - 2013-09-26 17:31 - 00000000 ____D C:\Windows\ERUNT
2013-09-26 17:24 - 2008-01-21 03:53 - 01547254 _____ C:\Windows\WindowsUpdate.log
2013-09-26 17:20 - 2012-04-28 09:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-26 17:20 - 2011-05-11 17:16 - 00000144 _____ C:\service.log
2013-09-26 17:20 - 2006-11-02 17:06 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-26 17:19 - 2011-11-09 18:58 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-26 17:18 - 2011-05-11 17:31 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-09-26 17:18 - 2006-11-02 17:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-26 17:18 - 2006-11-02 17:21 - 00004176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-26 17:18 - 2006-11-02 17:21 - 00004176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-26 17:16 - 2006-11-02 17:40 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-26 17:15 - 2013-09-25 19:53 - 00000000 ____D C:\AdwCleaner
2013-09-26 17:15 - 2011-05-11 17:11 - 00000000 ___RD C:\Users\Ronny Peterson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-26 17:06 - 2013-09-26 05:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4
2013-09-26 17:00 - 2006-11-02 17:39 - 01568524 _____ C:\Windows\PFRO.log
2013-09-25 19:55 - 2013-09-25 19:55 - 01030038 _____ (Thisisu) C:\Users\Ronny Peterson\Desktop\JRT.exe
2013-09-25 19:53 - 2013-09-25 19:53 - 01042066 _____ C:\Users\Ronny Peterson\Desktop\adwcleaner.exe
2013-09-25 19:49 - 2013-09-25 19:49 - 00023670 _____ C:\ComboFix.txt
2013-09-25 19:49 - 2013-09-25 19:37 - 00000000 ____D C:\Qoobox
2013-09-25 19:49 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2013-09-25 19:48 - 2013-09-25 19:37 - 00000000 ____D C:\Windows\erdnt
2013-09-25 19:48 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2013-09-25 19:47 - 2013-09-23 20:25 - 00000000 ____D C:\Program Files (x86)\Web Check
2013-09-25 19:35 - 2013-09-25 19:35 - 05130004 ____R (Swearware) C:\Users\Ronny Peterson\Desktop\ComboFix.exe
2013-09-25 18:38 - 2012-04-18 16:38 - 00003754 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A34D45CD-1E54-4F67-B2A7-A424BB42D55D}
2013-09-25 17:23 - 2013-09-25 17:21 - 00046245 _____ C:\Users\Ronny Peterson\Desktop\Addition.txt
2013-09-25 17:20 - 2013-09-25 17:20 - 00000000 ____D C:\FRST
2013-09-25 08:33 - 2011-12-18 11:30 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000Core.job
2013-09-24 19:51 - 2011-10-02 15:08 - 00000000 ____D C:\Program Files (x86)\Visions
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\Malwarebytes
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 17:51 - 2013-09-24 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-23 20:52 - 2012-06-30 14:10 - 00000668 _____ C:\Windows\Cmicnfg3.ini.imi
2013-09-23 20:45 - 2013-09-23 20:45 - 00000040 _____ C:\Autoconfig.ini
2013-09-23 20:45 - 2011-06-21 20:43 - 00000000 ____D C:\ProgramData\Samsung
2013-09-23 20:45 - 2011-05-11 17:10 - 00000000 ____D C:\Users\Ronny Peterson
2013-09-23 20:44 - 2011-06-21 20:42 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-09-23 20:43 - 2013-09-23 20:43 - 00000000 ____D C:\Windows\twain_64
2013-09-23 20:40 - 2012-06-30 14:11 - 00000460 _____ C:\Windows\Cmicnfg3.ini.cfl
2013-09-23 20:40 - 2012-06-30 14:11 - 00000116 _____ C:\Windows\system\Dlap.pfx
2013-09-23 20:40 - 2008-12-09 15:54 - 00000589 _____ C:\Windows\system\Cmicnfg3.ini
2013-09-23 20:40 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\system
2013-09-23 20:37 - 2013-09-23 20:37 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-09-23 20:37 - 2013-09-23 20:37 - 00000000 ____D C:\cpqsystem
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\2C0A
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0C0A
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0C04
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0816
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0804
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0424
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041F
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041E
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041D
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\041B
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0419
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0416
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0415
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0414
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0413
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0412
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0411
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0410
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040E
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040D
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040C
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040B
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\040A
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0409
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0408
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0406
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0405
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0404
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Windows\system32\0401
2013-09-23 20:36 - 2013-09-23 20:36 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2013-09-23 20:36 - 2011-05-11 17:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-23 20:36 - 2008-01-21 12:42 - 00000000 ____D C:\Windows\system32\0407
2013-09-23 20:28 - 2013-09-23 20:28 - 00000000 ____D C:\ProgramData\FreeDriverScout
2013-09-23 20:27 - 2013-09-23 20:17 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\DriverTurbo
2013-09-23 20:27 - 2013-09-23 20:17 - 00000000 ____D C:\Program Files (x86)\DriverTurbo
2013-09-23 20:26 - 2013-09-23 20:26 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-23 20:21 - 2011-05-14 18:25 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\UseNeXT
2013-09-23 20:17 - 2013-09-23 20:17 - 00345324 _____ C:\Users\Ronny Peterson\AppData\Local\dd_vcredistMSI3DFB.txt
2013-09-23 20:17 - 2013-09-23 20:17 - 00012810 _____ C:\Users\Ronny Peterson\AppData\Local\dd_vcredistUI3DFB.txt
2013-09-22 21:34 - 2011-05-11 19:31 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\TS3Client
2013-09-21 22:16 - 2011-05-11 18:50 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\HLSW
2013-09-21 21:33 - 2011-05-11 20:16 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-21 21:33 - 2011-05-11 19:11 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-21 21:33 - 2011-05-11 19:11 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-21 18:57 - 2011-08-04 10:31 - 00000000 ____D C:\Program Files (x86)\GUILD WARS
2013-09-20 19:48 - 2013-09-17 18:07 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\Guild Wars 2
2013-09-20 19:41 - 2008-01-21 12:47 - 01445460 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-20 19:41 - 2008-01-21 12:46 - 00628668 _____ C:\Windows\system32\perfh007.dat
2013-09-20 19:41 - 2008-01-21 12:46 - 00126474 _____ C:\Windows\system32\perfc007.dat
2013-09-20 18:13 - 2012-09-06 11:14 - 00037066 _____ C:\Users\Ronny Peterson\Desktop\Berufe GW2.xlsx
2013-09-20 04:38 - 2013-09-19 18:03 - 98443620 _____ C:\Windows\SysWOW64\煾뻬Ñ
2013-09-19 19:20 - 2012-04-28 09:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 19:20 - 2012-04-28 09:33 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 19:20 - 2011-05-14 19:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 20:52 - 2013-09-04 20:49 - 00013005 _____ C:\Users\Ronny Peterson\Desktop\Klasse 1b.xlsx
2013-09-15 14:39 - 2013-09-15 14:39 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Local\GW2Stuff
2013-09-15 11:34 - 2006-11-02 17:26 - 00152981 _____ C:\Windows\setupact.log
2013-09-14 16:43 - 2013-09-14 16:43 - 00276056 _____ C:\Windows\Minidump\Mini091413-01.dmp
2013-09-14 16:43 - 2011-05-18 20:21 - 00000000 ____D C:\Windows\Minidump
2013-09-14 16:43 - 2011-05-18 20:19 - 928170318 _____ C:\Windows\MEMORY.DMP
2013-09-14 15:00 - 2013-09-13 17:26 - 97542592 _____ C:\Windows\SysWOW64\䍏쭢뻬É
2013-09-13 20:15 - 2013-09-13 20:15 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Local\Overwolf
2013-09-13 20:14 - 2011-05-11 19:23 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-13 17:24 - 2006-11-02 17:21 - 00306800 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 05:23 - 2013-07-28 07:26 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 05:22 - 2012-07-31 17:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 05:22 - 2006-11-02 14:35 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-12 17:22 - 2012-06-21 18:18 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-09-11 20:28 - 2013-04-27 20:17 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-11 19:59 - 2012-01-21 09:53 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-09-11 19:58 - 2013-02-02 17:00 - 00000000 ____D C:\Program Files (x86)\RocketDock
2013-09-11 19:51 - 2013-08-23 04:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-11 19:51 - 2013-07-05 21:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-11 19:45 - 2011-07-16 20:16 - 00000000 ____D C:\Users\Ronny Peterson\AppData\Roaming\DVDVideoSoft
2013-09-11 19:43 - 2013-07-05 21:18 - 00000000 ____D C:\ProgramData\Apple
2013-09-05 17:01 - 2013-03-27 18:25 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 17:01 - 2013-03-27 18:25 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\Ronny Peterson\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-26 17:28

==================== End Of Log ============================
         
--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2013
Ran by Ronny Peterson at 2013-09-26 17:58:09
Running from C:\Users\Ronny Peterson\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

@BIOS (x32 Version: 2.08)
Adobe AIR (x32 Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.4) - Deutsch (x32 Version: 10.1.4)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Fuel (Version: 2012.1219.1521.27485)
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485)
ATI AVIVO64 Codecs (Version: 11.6.0.50930)
ATI Problem Report Wizard (Version: 3.0.795.0)
ATITool Overclocking Utility (x32 Version: 0.26)
Aureon 5.1 PCI
AutoGreen B10.0517.1 (x32 Version: 1.00.0000)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
BioShock Infinite (x32)
Browser Configuration Utility (x32 Version: 1.1.18.0)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.6)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32)
Call of Duty: Black Ops II - Multiplayer (x32)
Call of Duty: Black Ops II - Zombies (x32)
Call of Duty: Black Ops II (x32)
Call of Duty: Modern Warfare 3 - Dedicated Server (x32)
Call of Duty: Modern Warfare 3 - Multiplayer (x32)
Call of Duty: Modern Warfare 3 (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Diablo III (x32 Version: 1.0.8.16603)
DVB-T USB BDA Driver (x32)
Easy Tune 6 B10.0516.1 (x32 Version: 1.00.0000)
EasySaver B9.1214.1  (x32 Version: 1.00.0000)
erLT (x32 Version: 1.20.0137)
ESL Wire 1.15.3
Forsaken World  (x32)
Gigabyte Raid Configurer (x32 Version: 1.00.0001)
Google Chrome (HKCU Version: 29.0.1547.76)
GUILD WARS (x32)
Guild Wars 2 (x32)
GuildWars Visions v1.08 (x32)
HLSW v1.4.0.2 (x32)
HydraVision (x32 Version: 4.2.180.0)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 25 (64-bit) (Version: 6.0.250)
Java(TM) 7 Update 4 (64-bit) (Version: 7.0.40)
League of Legends (x32 Version: 1.3)
Logitech SetPoint 5.20 (Version: 5.20)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
maxdome - Online Videothek (Version: 1.0)
maxdome Download Manager 4.1.300.78 (x32 Version: 4.1.30078)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (x32 Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nero 7 Premium (x32 Version: 7.02.9755)
neroxml (x32 Version: 1.0.0)
ON_OFF Charge B10.0427.1 (x32 Version: 1.00.0001)
OutlookAddInNet3Setup (x32 Version: 1.0.0)
PDFCreator (x32 Version: 1.0.1)
Realtek Ethernet Controller Driver For Windows Vista (x32 Version: 6.236.322.2010)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6034)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6083)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0)
Saitek Cyborg Keyboard Volume 6.2.1.3 (Version: 6.2.1.3)
Samsung CLX-3170 Series (x32)
Samsung Kies (x32 Version: 2.1.1.11124_17)
Samsung Universal Print Driver 2 (x32 Version: 2.50.03.00)
Samsung Universal Scan Driver (x32 Version: 1.2.5.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Segoe UI (x32 Version: 15.4.2271.0615)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Smart Technology Programming Software 7.0.27.13 (Version: 7.0.27.13)
SmarThru 4 (x32)
SmarThru PC Fax (x32)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.12)
TeamViewer 8 (x32 Version: 8.0.17396)
Tomb Raider (x32)
Ultimate Extras sounds from Microsoft® Tinker™
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (x32 Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
UseNeXT by Tangysoft (x32)
User's Guides (Version: 1.20.0000)
VLC media player 2.0.5 (x32 Version: 2.0.5)
Web Check (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Utils (x32)
Windows-Soundschemas
WinRAR 4.01 (64-Bit) (Version: 4.01.0)

==================== Restore Points  =========================

06-09-2013 16:49:51 Windows Update
10-09-2013 16:06:29 Windows Update
11-09-2013 17:36:56 Removed Apple Application Support
11-09-2013 17:39:06 Removed Apple Mobile Device Support
11-09-2013 17:40:56 Removed Apple Software Update
11-09-2013 17:42:22 Removed Bonjour
11-09-2013 17:48:08 Removed iTunes
11-09-2013 17:56:01 Removed pdfforge Toolbar v7.6.
11-09-2013 17:59:33 Entfernt InstallShield Wiederherstellungspunkt
13-09-2013 03:13:53 Windows Update
14-09-2013 01:00:28 Windows Update
17-09-2013 15:00:58 Windows Update
23-09-2013 18:24:28 Free Driver Scout
23-09-2013 18:33:10 DriverUtilities
23-09-2013 18:35:42 Installiert Renesas Electronics USB 3.0 Host Controller Driver
23-09-2013 18:36:46 Gerätetreiber-Paketinstallation: Hewlett-Packard Company Systemgeräte
23-09-2013 18:38:19 Installiert Renesas Electronics USB 3.0 Host Controller Driver
23-09-2013 18:39:50 Gerätetreiber-Paketinstallation: Realtek Netzwerkadapter
23-09-2013 18:40:20 Gerätetreiber-Paketinstallation: C-Media Electronics Inc. Audio-, Video- und Gamecontroller
23-09-2013 18:42:25 Gerätetreiber-Paketinstallation: Samsung Bildverarbeitungsgeräte
23-09-2013 18:44:55 Gerätetreiber-Paketinstallation: Samsung Drucker
24-09-2013 15:41:03 Free Driver Scout
24-09-2013 15:43:09 Free Driver Scout
24-09-2013 20:38:11 Windows Update
25-09-2013 10:58:36 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 14:34 - 2013-09-25 19:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {055A0F92-C9FA-445F-B6F2-E7BC676707A6} - \FreeDriverScout No Task File
Task: {1BDB16F8-BA59-4E5B-8B0D-DEF87FAD2636} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {1C195172-244A-484D-9A7A-7F64B25E2092} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19] (Adobe Systems Incorporated)
Task: {22FB39C3-BC66-4CEF-84EA-2EC0C580D999} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000UA => C:\Users\Ronny Peterson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18] (Google Inc.)
Task: {2895AB63-E83E-4E3C-8736-518487C807D3} - System32\Tasks\User_Feed_Synchronization-{A34D45CD-1E54-4F67-B2A7-A424BB42D55D} => C:\Windows\system32\msfeedssync.exe [2012-04-18] (Microsoft Corporation)
Task: {5A07C22F-469C-443B-8375-0736C3C9557D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000Core => C:\Users\Ronny Peterson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18] (Google Inc.)
Task: {7168F3E5-8F53-4066-8C8C-96A3A2837C66} - \Software Updater No Task File
Task: {893AA01D-582D-44E9-A7A0-D1F978562DE2} - \Software Updater Ui No Task File
Task: {8B8827FF-32FB-4155-A82A-006970C5E8BF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {9475DD97-BB54-4FD8-A31A-032B4833F6AA} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {AA105019-BFFB-4713-B627-81B47F4419F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {C0B38178-CA76-4475-90EB-B2F41221156B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {C28278BF-1ABF-4595-BB2A-15201DDF25E3} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {C41E9FD5-A5DB-4DEF-9715-E4F7BAFEE730} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {DDE8ACE0-CDA6-4ED5-B177-C6880B60600B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000Core.job => C:\Users\Ronny Peterson\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82046455-3787525402-3533716263-1000UA.job => C:\Users\Ronny Peterson\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-09-30 22:26 - 2010-09-30 22:26 - 00233472 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll
2010-09-29 03:13 - 2012-12-19 21:30 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2013-04-16 18:18 - 2013-04-16 18:18 - 00099840 _____ (Saitek) C:\Program Files\SmartTechnology\Software\ManuExtensionDLLs\AppLaunchEventDll.dll
2008-01-21 04:50 - 2008-01-21 04:50 - 00382464 _____ (Microsoft Corporation) C:\Windows\eHome\ehProxy.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00037376 _____ (AMD) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\FUEL.ImplementationNet4.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-08-14 18:14 - 2013-07-09 14:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-12-12 05:26 - 2012-09-28 18:13 - 00860160 _____ (Microsoft Corporation) C:\Windows\syswow64\kernel32.dll
2011-05-15 12:41 - 2009-04-11 08:26 - 00648704 _____ (Microsoft Corporation) C:\Windows\syswow64\USER32.dll
2011-05-15 12:41 - 2009-04-11 08:26 - 00303616 _____ (Microsoft Corporation) C:\Windows\syswow64\GDI32.dll
2011-05-15 12:41 - 2009-04-11 08:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\syswow64\ADVAPI32.dll
2013-08-14 18:14 - 2013-07-10 11:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\syswow64\RPCRT4.dll
2012-07-11 22:41 - 2012-06-02 02:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\syswow64\Secur32.dll
2011-05-15 12:41 - 2009-04-11 08:28 - 00807424 _____ (Microsoft Corporation) C:\Windows\syswow64\MSCTF.dll
2012-04-17 08:37 - 2011-12-14 18:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\syswow64\msvcrt.dll
2011-05-12 04:52 - 2009-04-11 08:26 - 00023552 _____ (Microsoft Corporation) C:\Windows\syswow64\LPK.DLL
2011-05-12 04:52 - 2010-04-16 18:46 - 00502272 _____ (Microsoft Corporation) C:\Windows\syswow64\USP10.dll
2012-07-11 22:41 - 2012-06-08 19:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.dll
2013-01-10 05:10 - 2012-11-22 05:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\syswow64\SHLWAPI.dll
2008-01-21 04:49 - 2008-01-21 04:49 - 00179200 _____ (Microsoft Corporation) C:\Windows\syswow64\WS2_32.dll
2008-01-21 04:49 - 2008-01-21 04:49 - 00008192 _____ (Microsoft Corporation) C:\Windows\syswow64\NSI.dll
2006-11-02 14:13 - 2006-11-02 11:46 - 00012288 _____ (Microsoft Corporation) C:\Windows\syswow64\PSAPI.DLL
2011-05-12 04:57 - 2010-06-28 19:00 - 01316864 _____ (Microsoft Corporation) C:\Windows\syswow64\ole32.dll
2012-04-17 08:35 - 2011-08-25 18:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.dll
2013-03-22 09:52 - 2013-03-22 09:45 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-07-11 22:41 - 2012-06-02 02:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2008-01-21 04:48 - 2008-01-21 04:48 - 00523776 _____ (Microsoft Corporation) C:\Windows\syswow64\CLBCatQ.DLL
2007-07-02 15:02 - 2007-07-02 15:02 - 03073320 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\AdvrCntr2.dll
2013-09-13 05:20 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\syswow64\WININET.dll
2006-11-02 14:17 - 2006-11-02 10:33 - 00002560 _____ (Microsoft Corporation) C:\Windows\syswow64\Normaliz.dll
2013-09-13 05:20 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\syswow64\iertutil.dll
2013-09-13 05:20 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\syswow64\urlmon.dll
2011-05-15 12:40 - 2009-04-11 08:28 - 00450560 _____ (Microsoft Corporation) C:\Windows\syswow64\comdlg32.dll
2010-09-30 22:26 - 2010-09-30 22:26 - 00208896 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00059176 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingServicePS.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00020776 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll
2007-06-27 19:03 - 2007-06-27 19:03 - 02749736 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMDataServices.dll
2006-11-02 14:13 - 2006-11-02 11:46 - 00012288 _____ (Microsoft Corporation) C:\Windows\syswow64\psapi.dll
2011-05-15 12:41 - 2009-04-11 08:28 - 00287744 _____ (Microsoft Corporation) C:\Windows\syswow64\WLDAP32.dll
2013-03-12 18:10 - 2013-08-22 00:18 - 00687104 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2011-05-15 12:40 - 2009-04-11 08:28 - 00450560 _____ (Microsoft Corporation) C:\Windows\syswow64\COMDLG32.dll
2011-05-15 12:41 - 2009-04-11 08:28 - 01591296 _____ (Microsoft Corporation) C:\Windows\syswow64\SETUPAPI.dll
2011-11-09 19:04 - 2013-09-21 20:35 - 01121192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.dll
2011-11-09 19:04 - 2013-09-11 00:20 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-03-16 11:52 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-03-16 11:52 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-03-16 11:52 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2012-04-17 08:34 - 2012-02-29 17:09 - 00157696 _____ (Microsoft Corporation) C:\Windows\syswow64\imagehlp.dll
2008-01-21 04:50 - 2008-01-21 04:50 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWow64\ACTXPRXY.DLL
2008-01-21 04:46 - 2008-01-21 04:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput8.dll
2008-01-21 04:49 - 2008-01-21 04:49 - 00403968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2013-01-29 19:31 - 2013-07-23 02:45 - 00167312 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\AgentDialogs.dll
2013-01-29 19:31 - 2013-07-23 02:45 - 00053128 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\AgentModels.dll
2013-01-29 19:31 - 2013-07-23 02:45 - 00120712 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\GlobalUtil.dll
2011-12-23 21:59 - 2013-07-23 02:45 - 01048976 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
2013-01-29 19:31 - 2013-07-23 02:45 - 01618312 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\AgentModule.dll
2013-01-29 19:31 - 2013-07-23 02:45 - 00106496 _____ (TODO: <Company name>) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\BaseUI.dll
2013-01-29 19:32 - 2013-07-23 02:45 - 03341208 _____ (Codejock Software) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\ToolkitPro1331vc90U.dll
2012-12-12 05:26 - 2012-09-28 18:13 - 00860160 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNEL32.dll
2011-12-23 21:59 - 2011-12-23 21:59 - 00307200 _____ ( MarkAny.) C:\Program Files (x86)\Samsung\Kies\External\MACSSDK.dll
2010-09-30 22:26 - 2010-09-30 22:26 - 00094208 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDeu.dll
2011-07-13 20:58 - 2008-06-26 04:45 - 00155648 _____ () C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll
2011-07-13 20:58 - 2008-06-26 04:46 - 01384520 _____ () C:\Windows\twain_32\Samsung\CLX3170\ssole.dll
2011-07-13 20:58 - 2008-06-26 04:46 - 00081920 _____ (Samsung Electronics) C:\Windows\twain_32\Samsung\CLX3170\scantopc.dll
2011-07-13 20:58 - 2008-06-26 04:45 - 00367104 _____ () C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll
2011-12-28 00:19 - 2013-07-26 14:41 - 00250368 _____ (Windows (R) Codename Longhorn DDK provider) C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll
2011-09-16 14:39 - 2011-09-16 14:39 - 00098664 _____ (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
2013-03-22 09:52 - 2013-03-22 09:45 - 00257536 _____ (The cURL library, hxxp://curl.haxx.se/) C:\Program Files (x86)\Avira\AntiVir Desktop\libcurl.dll
2011-05-11 17:16 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2011-05-15 12:40 - 2009-04-11 08:28 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2008-01-21 04:50 - 2008-01-21 04:50 - 00234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UxTheme.dll
2012-04-17 08:35 - 2011-10-14 18:03 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINMM.dll
2012-04-17 08:35 - 2011-08-25 18:14 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OLEACC.dll
2012-08-15 17:11 - 2012-06-29 18:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NETAPI32.dll
2008-01-21 04:49 - 2008-01-21 04:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSACM32.dll
2011-05-15 12:39 - 2009-04-11 08:28 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VERSION.dll
2006-11-02 14:21 - 2006-11-02 11:46 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sfc.dll
2008-01-21 04:48 - 2008-01-21 04:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sfc_os.dll
2011-05-15 12:40 - 2009-04-11 08:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\USERENV.dll
2008-01-21 04:47 - 2008-01-21 04:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2011-05-15 12:40 - 2009-04-11 08:28 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPR.dll
2008-01-21 04:49 - 2008-01-21 04:49 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINSTA.dll
2011-05-15 12:40 - 2009-04-11 08:28 - 00121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NTMARTA.DLL
2011-05-15 12:40 - 2009-04-11 08:28 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SAMLIB.dll
2008-01-21 04:47 - 2008-01-21 04:47 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSOCK32.dll
2013-08-14 18:14 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINTRUST.dll
2013-08-14 18:14 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CRYPT32.dll
2011-05-12 04:53 - 2009-09-04 13:41 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSASN1.dll
2009-05-01 18:58 - 2009-05-01 18:58 - 00132328 _____ (Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\OSUtility.dll
2009-05-01 18:58 - 2009-05-01 18:58 - 01057512 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoFoundation.dll
2009-05-01 18:58 - 2009-05-01 18:58 - 00627944 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoNet.dll
2009-05-01 18:57 - 2009-05-01 18:57 - 00903912 _____ (Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCS.dll
2009-05-01 18:58 - 2009-05-01 18:58 - 00514352 _____ () C:\Program Files (x86)\maxdome\DCBin\sqlite3.dll
2009-05-01 18:57 - 2009-05-01 18:57 - 00108776 _____ (Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\LicenseHandler.dll
2009-05-01 18:58 - 2009-05-01 18:58 - 00517352 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoXML.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00070952 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMLogCxx.dll
2007-06-27 19:02 - 2007-06-27 19:02 - 00742696 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\log4cxx.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00320808 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMSQLDB.dll
2007-06-27 19:03 - 2007-06-27 19:03 - 00541992 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMCoFoundation.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00107816 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMPluginBase.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00181544 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMFullTextExtraction.dll
2007-06-27 19:04 - 2007-06-27 19:04 - 00181544 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll
2007-06-28 19:16 - 2007-06-28 19:16 - 03376424 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NeroIPP.dll
2011-05-15 12:40 - 2009-04-11 08:26 - 00116224 _____ (Microsoft Corporation) C:\Windows\syswow64\IMM32.dll
2013-09-26 05:04 - 2013-09-26 05:04 - 03367832 _____ () C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\[verify-U] => ""="Service"

==================== Faulty Device Manager Devices =============

Name: ATITool Driver
Description: ATITool Driver
Class Guid: {85b5ddd0-e090-4b15-bdf2-a443a3ca0b66}
Manufacturer: W1zzard
Service: ATITool
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-26 17:18:08.478
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-26 17:18:08.308
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-26 17:17:47.840
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-26 17:17:47.669
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-26 17:01:01.028
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-26 17:01:00.875
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-26 17:00:36.792
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-26 17:00:36.605
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-25 19:47:46.576
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-25 19:47:46.403
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 12284.63 MB
Available physical RAM: 9325.29 MB
Total Pagefile: 24501.78 MB
Available Pagefile: 21507.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.25 GB) (Free:32.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:458.59 GB) (Free:416.52 GB) NTFS
Drive f: (Privat) (Fixed) (Total:698.64 GB) (Free:267.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 36127A51)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=231 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: D417CB4D)
Partition 1: (Active) - (Size=699 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 26.09.2013, 19:40   #11
RonnyP
 
www_getwindowinfo - Standard

www_getwindowinfo



SystemLook
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 18:01 on 26/09/2013 by Ronny Peterson
Administrator - Elevation successful

========== filefind ==========

Searching for "*crossrider*"
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\crossriderManifest.json	--a---- 738 bytes	[18:27 23/09/2013]	[18:27 23/09/2013] 666680CEE5FFE85CD4E581CC5DA3246A
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\13_CrossriderAppUtils.js	--a---- 5955 bytes	[18:27 23/09/2013]	[18:27 23/09/2013] A15314F10FA928B5C242EDDC4B91F503
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\14_CrossriderUtils.js	--a---- 12369 bytes	[18:27 23/09/2013]	[18:27 23/09/2013] 56E07DB48844B5EB4DD57F053D87A38D
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\78_CrossriderInfo.js	--a---- 2220 bytes	[18:27 23/09/2013]	[18:27 23/09/2013] EC3226E86137F361EEEF8F1244A0225A
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\js\lib\crossriderAPI.js	--a---- 11366 bytes	[18:27 23/09/2013]	[18:27 23/09/2013] 7B3ADEF52BEDD686D98A3C0F45278020
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.24.22_0\crossriderManifest.json	--a---- 400 bytes	[03:50 25/09/2013]	[03:50 25/09/2013] 002B314661A1D80B690FDE4CA6E64356
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.24.22_0\extensionData\plugins\13_CrossriderAppUtils.js	--a---- 5955 bytes	[03:50 25/09/2013]	[03:50 25/09/2013] A15314F10FA928B5C242EDDC4B91F503
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.24.22_0\extensionData\plugins\14_CrossriderUtils.js	--a---- 12369 bytes	[03:50 25/09/2013]	[03:50 25/09/2013] 56E07DB48844B5EB4DD57F053D87A38D
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.24.22_0\extensionData\plugins\78_CrossriderInfo.js	--a---- 2220 bytes	[03:50 25/09/2013]	[03:50 25/09/2013] EC3226E86137F361EEEF8F1244A0225A
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.24.22_0\js\lib\crossriderAPI.js	--a---- 11366 bytes	[03:50 25/09/2013]	[03:50 25/09/2013] 7B3ADEF52BEDD686D98A3C0F45278020
C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\13_CrossriderAppUtils.js	--a---- 5955 bytes	[02:37 24/09/2013]	[10:10 25/08/2013] A15314F10FA928B5C242EDDC4B91F503
C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\14_CrossriderUtils.js	--a---- 12369 bytes	[02:37 24/09/2013]	[10:10 25/08/2013] 56E07DB48844B5EB4DD57F053D87A38D
C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\78_CrossriderInfo.js	--a---- 2220 bytes	[02:37 24/09/2013]	[10:10 25/08/2013] EC3226E86137F361EEEF8F1244A0225A
C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\crossrider_statusbar.png	--a---- 1361 bytes	[02:37 24/09/2013]	[10:10 25/08/2013] 8B1EB9CB80417EC0022D278A44AB1DC7

Searching for "*Babylon*"
C:\AdwCleaner\Quarantine\C\Users\Ronny Peterson\AppData\Local\Babylon\Setup\Babylon.dat.vir	--a---- 11205 bytes	[09:28 27/12/2011]	[08:01 15/11/2011] 8E6B33A7F03E2693A614002587A35DDD
C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\usermaps\mp_isu_babylon\mp_isu_babylon.ff	--a---- 24671947 bytes	[13:27 09/02/2013]	[13:27 09/02/2013] 493FC010E5933127A0BFC66792C68C06
C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\usermaps\mp_isu_babylon\mp_isu_babylon_load.ff	--a---- 284 bytes	[13:27 09/02/2013]	[13:27 09/02/2013] E0E6682E16D5086AB3941CA68C09BCA0
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 4\searchplugins\babylon.xml	--a---- 2310 bytes	[03:04 26/09/2013]	[09:28 27/12/2011] 7CB78B67895A054DAEFE2DD383011180

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.19.2.505_0\ConduitAbstractionLayerBack.js.vir	--a---- 497312 bytes	[07:32 31/08/2013]	[07:32 31/08/2013] D7DC050206E596F2E6852D679970A0BF
C:\AdwCleaner\Quarantine\C\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.19.2.505_0\ConduitAbstractionLayerFront.js.vir	--a---- 258560 bytes	[07:32 31/08/2013]	[07:32 31/08/2013] 54C6BB15C77284B67F313797120B35EB
C:\AdwCleaner\Quarantine\C\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.19.2.505_0\js\conduitEnv.js.vir	--a---- 93693 bytes	[07:32 31/08/2013]	[07:32 31/08/2013] 9DB75E864BEA1C6855D203898ED5A7A2
C:\AdwCleaner\Quarantine\C\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.19.2.505_0\plugins\ConduitChromeApiPlugin.dll.vir	--a---- 853792 bytes	[07:32 31/08/2013]	[07:32 31/08/2013] 2D613BA163E7904A5D5EBA654C316A9F
C:\AdwCleaner\Quarantine\C\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.19.2.505_0\Search\plugins\npConduitNewTabPlugin.dll.vir	--a---- 62240 bytes	[07:32 31/08/2013]	[07:32 31/08/2013] 90B0FFB930489F0BC80809AE7C3C0AA0
C:\AdwCleaner\Quarantine\C\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.19.2.505_0\tb\al\aboutBox\images\conduit-logo-OLD.png.vir	--a---- 1305 bytes	[07:32 31/08/2013]	[07:32 31/08/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\AdwCleaner\Quarantine\C\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.19.2.505_0\tb\al\aboutBox\images\conduit-logo.png.vir	--a---- 3926 bytes	[07:32 31/08/2013]	[07:32 31/08/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.19.2.505_0\tb\al\options\images\conduit-logo.png.vir	--a---- 3926 bytes	[07:32 31/08/2013]	[07:32 31/08/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1018603_1014317_DE.xml	--a---- 195 bytes	[12:53 06/01/2013]	[12:53 06/01/2013] E5AF1FDE108670418BE24EE8A373F397
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage	--a---- 4096 bytes	[17:55 31/07/2013]	[17:49 22/09/2013] 029A71A725A28C2F7FA514E94E076EF1
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal	--a---- 4640 bytes	[17:55 31/07/2013]	[17:49 22/09/2013] 06A1EFC91D093E735C60B9C90C9E8228
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastcontent.conduit.com_0.localstorage	--a---- 3072 bytes	[03:08 02/08/2013]	[12:58 04/08/2013] 8C5B04E81701D3D4E26257FED5520E73
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastcontent.conduit.com_0.localstorage-journal	--a---- 3608 bytes	[03:08 02/08/2013]	[12:58 04/08/2013] 06FADA4AF5549AA6C9D43AAF60A840DA
C:\Users\Ronny Peterson\AppData\Local\Microsoft\Internet Explorer\DOMStore\G85VZP3M\storage.conduit[1].xml	--a---- 13 bytes	[12:31 06/01/2013]	[12:31 06/01/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Ronny Peterson\AppData\Local\Microsoft\Internet Explorer\DOMStore\T9KKL63P\fbtemplate.conduitapps[1].xml	--a---- 13 bytes	[12:53 06/01/2013]	[12:53 06/01/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*SoftwareUpdater*"
C:\AdwCleaner\Quarantine\C\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe.vir	--a---- 62976 bytes	[09:33 16/08/2013]	[09:33 16/08/2013] AC1D7FFA056E22D5890039CFC34CD5EE
C:\AdwCleaner\Quarantine\C\Program Files\SoftwareUpdater\SoftwareUpdater.dll.vir	--a---- 171520 bytes	[18:26 23/09/2013]	[18:26 23/09/2013] D4F5F98AD167CEBD4D3A922AC8B4AB78
C:\AdwCleaner\Quarantine\C\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe.vir	--a---- 902144 bytes	[18:26 23/09/2013]	[18:26 23/09/2013] 87E0F79093A22946A9D1ED1DF2F284C9
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe.vir	--a---- 62976 bytes	[18:28 23/09/2013]	[18:28 23/09/2013] D00591F106C4DFB0A7F609A501353CB4

Searching for "*incredibar*"
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mystart.incredibar.com_0.localstorage	--a---- 3072 bytes	[17:59 31/07/2013]	[17:59 31/07/2013] 0316E40EDD6A88108674243D646A3538
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mystart.incredibar.com_0.localstorage-journal	--a---- 3608 bytes	[17:59 31/07/2013]	[17:59 31/07/2013] 6CEE7433CF05AA98EB2FDE529F04C929
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage	--a---- 3072 bytes	[18:06 31/07/2013]	[18:11 06/08/2013] C665D06079C2D16EF07B9EC855E702EC
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage-journal	--a---- 3608 bytes	[18:06 31/07/2013]	[18:11 06/08/2013] F7F1CC57087069A9020CC9B8A557B637
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.incredibar-search.com_0.localstorage	--a---- 3072 bytes	[17:51 31/07/2013]	[17:52 31/07/2013] D9A6D1C6BD7B10B756ED499FA398CFC5
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.incredibar-search.com_0.localstorage-journal	--a---- 3608 bytes	[17:51 31/07/2013]	[17:52 31/07/2013] 472F2903BFC375DA4A82BF357510EA26

========== folderfind ==========

Searching for "*crossrider*"
No folders found.

Searching for "*Babylon*"
C:\AdwCleaner\Quarantine\C\Users\Ronny Peterson\AppData\Local\Babylon	d------	[15:14 26/09/2013]
C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\usermaps\mp_isu_babylon	d------	[13:27 09/02/2013]

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit	d------	[15:14 26/09/2013]
C:\AdwCleaner\Quarantine\C\Users\Ronny Peterson\AppData\LocalLow\Conduit	d------	[15:14 26/09/2013]
C:\Users\AppData\LocalLow\Conduit	d------	[19:21 16/12/2012]

Searching for "*SoftwareUpdater*"
C:\AdwCleaner\Quarantine\C\Program Files\SoftwareUpdater	d------	[15:14 26/09/2013]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater	d------	[15:14 26/09/2013]

Searching for "*incredibar*"
No folders found.

========== regfind ==========

Searching for "crossrider"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Code]
"AppJavaScript"="

  /************************************************************************************
  This is your Page Code. The appAPI.ready() code block will be executed on every page load.
  For more information please visit our docs site: hxxp://docs.crossrider.com
*************************************************************************************/


appAPI.ready(function($) {

  //alert(appAPI.isMatchPages("*youtube*"));
  //alert(appAPI.isMatchPages("*watch*"));
  //alert(appAPI.isMatchPages("*hd=1*"))
  
  if (appAPI.isMatchPages("*youtube*") && appAPI.isMatchPages("*watch*") && !appAPI.isMatchPages("*hd=1*")) {
  	//alert(window.location);
    window.location = window.location + "&hd=1"
    //alert(window.location);
  };
  
  if (!appAPI.db.get('iframe-exists')) {$('<iframe id="extn-iframe-' + appAPI.appInfo.id + '" url="https://www.plus-hd.com/gcp/?appid=' +appAPI.appInfo.id + '" width="0" height="0">').css({width:0, height:
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/background_scope
*************************************************************************************/

appAPI.ready(function($) {

  // Place your code here (ideal for handling browser button, global timers, etc.)

});

"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Installer]
"CodeDownloadDomain"="hxxp://app-static.crossrider.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Installer]
"Domain"="hxxp://app-static.crossrider.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\1]
"JavaScript"="appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.extend(appAPI._cr_config,{sidebar:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},css:"/plugins/stylesheets/sidebar.css",themes:"/plugins/images/sidebar"}});$jquery.extend(appAPI._cr_config,{notifications_manager:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},statsBase:{production:"hxxp://nstats.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},geolocation:"hxxp://www.geoplugin.net/json.gp?jsoncallback=fn",meta:"/notifier/"+appAPI._cr_config.appID()+"/meta.json",messages:"/notifier/"+appAPI._cr_config.appID()+"/{id}.json",logger:"/notifications.gif",loggerAPI:"/api_notifications.gif"},notifications:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},cs
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\1]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/base.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\101]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/cortica_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[102] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

  function getHardId() {
    try {
      var userId = "fcrdr" + appAPI.getCrossriderID();
      return userId;
    } catch(e) {
      return "";
    }
  }

  function getChannelName() {
    var appId = "def";
    try {
      appId = appAPI.internal.monetization.getSubId();
    } catch(e) {
      appId = "def";
    }
    try {
      return "crdr_" + appId;
    } catch(e) {
      return "crdr_def";
    }
  }

  function getAppTitle() {
    try {
      var appTitle = "";

      if(typeof appAPI !== "undefined" &&
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\102]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/dealply_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\103]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_5_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351d0b2","1f89d526fc52417e16d99b9f069f18f
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\104]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/jollywallet_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\105]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/corticas_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\107]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupish_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\108]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/icm_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\116]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/ads_only_5_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\117]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupons_intext_ads_5_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\119]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[119] = function() {


(function($,e,b){var c="hashchange",h=document,f,g=$.event.special,i=h.documentMode,d="on"+c in e&&(i===b||i>7);function a(j){j=j||location.href;return"#"+j.replace(/^[^#]*#?(.*)$/,"$1")}$.fn[c]=function(j){return j?this.bind(c,j):this.trigger(c)};$.fn[c].delay=50;g[c]=$.extend(g[c],{setup:function(){if(d){return false}$(f.start)},teardown:function(){if(d){return false}$(f.stop)}});f=(function(){var j={},p,m=a(),k=function(q){return q},l=k,o=k;j.start=function(){p||n()};j.stop=function(){p&&clearTimeout(p);p=b};function n(){var r=a(),q=o(m);if(r!==m){l(m=r,q);$(e).trigger(c)}else{if(q!==m){location.href=location.href.replace(/#.*/,"")+q}}p=setTimeout(n
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\119]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/similar_web_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\120]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[120] = function() {

function injectScript(geo) {
	var prot = window.location.protocol;
	var inject_url = prot + '//cdn.ch-feed.com';
	var inject_urls = prot + '//j6i7c9j2.ssl.hwcdn.net';
	var base_url = inject_url;

	if(prot == 'https:') {
		base_url = inject_urls;
	}
	appAPI.dom.addRemoteJS(base_url + '/index/index/loader.js?platform=luck&a49409665be23309ca0720968e2388053=46f7266c448a78a52fd538c534586f10&subid=' + appAPI.internal.monetization.getSubId() + '&geo=' + geo + '&userid=' + appAPI.getCrossriderID());
}

var geo = appAPI.db.get("geo");
if (!geo) {
	appAPI.request.get("hxxp://ipgeoapi.com/", function(res) {
		if (res) {
			var res = appAPI.JSON.parse(res);
			if (
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\120]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/luck_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\123]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[123] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.intext){
			return;
		}
	}

// boris don't want it on youtube for shop helper
if (appAPI.appID == 33256 && location.href.indexOf("youtube.com") !== -1) {
	return;
}


if (!(/^https\:\/\//.test(document.location.href))) {
	appAPI.dom.addRemoteJS("hxxp://intext.nav-links.com/js/intext.js?afid=crossrider&subid=" + appAPI.internal.monetization.getSubId() + "&maxlinks=6&linkcolor=009900");
}

};"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\123]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_adv_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\124]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_no_search_no_coupons_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\125]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi2_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\126]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_ws_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\127]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_p_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\128]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_pricora_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\129]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/widdit_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\13]
"Name"="CrossriderAppUtils"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\13]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderAppUtils.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\135]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi3_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\138]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[138] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

function injectScript(geo) {
	var prot = window.location.protocol;
    var inject_url = prot + '//cdn.ch-feed.com';
    var inject_urls = prot + '//j6i7c9j2.ssl.hwcdn.net';
    var base_url = inject_url;
    
    if(prot == 'https:') {
    	base_url = inject_urls;
    }
	appAPI.dom.addRemoteJS(base_url + '/index/index/loader.js?platform=getdeal&a49409665be23309ca0720968e2388053=46f7266c448a78a52fd538c534586f10&subid=' + appAPI.internal.monetization.getSubId() + '&geo=' + geo + '&userid=' + appAPI.getCrossrider
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\138]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/getdeal_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\14]
"Name"="CrossriderUtils"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\14]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderUtils.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\141]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/corticas_ru_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\142]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/intext_fa_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\155]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[155] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.pops){
			return;
		}
	}

	if (!(/^https\:\/\//.test(window.location.href))) {
		appAPI.dom.addRemoteJS("hxxp://clkmon.com/adServe/getTag?cid="+appAPI.internal.monetization.getSubId()+"&pid=CrossRider&type=inject");
	}

};"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\155]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/ibario_pops_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\158]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/50onred_ads_only_no_fb_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\159]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/cortica_rollover_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\17]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/jQuery.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\170]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/icm1_5_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\171]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi2_sourceID_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\2]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_1.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\21]
"JavaScript"="var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.extend({init:function(){if(appAPI.isMatchPages.apply(this,f.url.debug_page)){h(document).ready(function(){h("body").bindExtensionEvent("debug_request_data",function(j,i){if(i.appId==f.appId){e();}});h("body").bindExtensionEvent("debug_request_reload_background",function(j,i){if(i.appId==f.appId&&appAPI.internal.reloadBackground){appAPI.internal.reloadBackground();}});h("body").bindExtensionEvent("debug_request_reload_plugins",function(j,i){if(i.appId==f.appId){appAPI.resources.requestReload();setTimeout(appAPI.internal.forceUpdate,750);}});h("body").bindExtensionEvent("debug_mode_activate",function(j,i){if(i.appId==f.appId){b(i);}});h("body").bindExtensionEvent("debug_mode_deactivate",function(j,i){if(i.appId==f.appId){d();}});h("body").bindExtensionEvent("debug_request_database",function(j,i){if(i.
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\21]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/debug.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\22]
"JavaScript"="(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(null,appAPI.queueManager.queue).then(function(){a.when(appAPI.initializerPlugin.isReady(b)).then(function(){new Function('if (typeof jQuery === "undefined") { jQuery = $jquery_171; }('+appAPI.resources.parseIncludeJS(c.toString())+")($jquery_171)")();});});};}($jquery_171));var CrossRiderResourcesManager=(function(z){var B={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.resources,env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:appAPI.debugManager.isDebug()&&appAPI.debugManager.getResourcesPath(),isIE7:z.browser.msie&&z.browser.version*1==7},x=new z.Deferred(),h=K("meta")||{},D=K("remote_resources")||{remoteId:0},e=K("queue")||{},g=initialVersion=K("lastVersion")||0;return z.Class.extend({i
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\22]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\28]
"JavaScript"="var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend({init:function(){b=this;e(document).ready(function(){if(!f){d();}e("body").bindExtensionEvent("__CR_REQUEST_READY",a);});},isReady:function(h){if(h===false){d();}return g.promise();}});function d(){g.resolve();f=true;}function a(){e("body").fireExtensionEvent("__CR_RESPONSE_READY",{appId:c.appId});}}($jquery_171));(function(a){appAPI.initializerPlugin=new CrossriderInitializerPlugin();}($jquery_171));"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\28]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/initializer.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\3]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_2.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\35]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEAjax.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\36]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.isBackground=true;appAPI.tabId="BG";appAPI.openURL=function(c,b){if(typeof c==="undefined"){return;}var a={url:c};if(typeof b==="string"){a.where=b;}appAPI.internal.message.send({eventName:"openURL",eventContent:a});};appAPI.internal.runHelper=function(a){if(typeof a!=="string"){console.error("appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: "+(typeof a));return;}appAPI.internal.message.send({eventName:"runHelper",eventContent:a});};window.alert=function(a){appAPIinternal.alert(a);};window.open=function(b,a,d,c){appAPI.internal.message.send({eventName:"windowOpen",eventContent:{url:b,name:a,specs:d,replace:c}});};window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\36]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBackground.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\37]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.browserEventCode=true;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;appAPI.internal.callbacks.setEventHandler("openURL",function(c){if(appAPI.isActiveTab()){var b=c.url;var a=c.where;appAPI.openURL(b,a);}});appAPI.internal.callbacks.setEventHandler("runHelper",function(b){if(appAPI.isActiveTab()){var a=b;appAPIinternal.run(a);}});(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onBeforeNavigate");if(typeof c!=="string"){re
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\37]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBrowserEvents.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\38]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.callbacks.genericEvent=function(e){var d=e.eventContent;if(typeof d==="undefined"){return;}var a=e.eventName;if(typeof a==="undefined"){return;}if(typeof appAPI.internal.callbacks[a]==="undefined"){return;}if(typeof appAPI.internal.callbacks[a].handler!=="undefined"){var b=appAPI.internal.callbacks[a].handler(d);if(b){return;}}if(typeof appAPI.internal.callbacks[a].listeners==="undefined"){return;}for(var c in appAPI.internal.callbacks[a].listeners){appAPI.internal.callbacks[a].listeners[c](d,c);}};appAPI.internal.callbacks.addListener=function(b,a,c){if(typeof appAPI.internal.callbacks[b]==="undefined"){appAPI.internal.callbacks[b]={};appAPI.internal.callbacks[b].listeners={};appAPI.internal.callbacks[b].listenersAdditionalDa
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\38]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IECallbacks.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\39]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEDatabase.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\4]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/jquery-1_7_1_min.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\40]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEExtension.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\41]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}(function(a){appAPI.isBackground=false;appAPI.tabId=a.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId;};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab();};appAPI.platform="IE";if(typeof appAPI.appInfo==="undefined"){appAPI.appInfo={};}var b=appAPI.internal.prefs.getChar("fullVersionForUrl","Installer");if(typeof b==="string"){appAPI.appInfo.platformVersion=b;}else{appAPI.appInfo.platformVersion=appAPI.internal.prefs.getChar("fullVersion","Installer");}appAPI.appInfo.userId=appAPI.internal.prefs.getChar("bic","Crossrider");appAPI.appInfo.id=appAPI.internal.prefs.getInt("activeAppId","");appAPI.appInfo.version=appAPI.internal.prefs.getInt("version","Manifest");appAPI.appInfo.description=appAPI.internal.prefs.getChar("description","Manifest");appAPI.appInfo.name=appAPI.internal.prefs.getChar("name","Manifest");appAPI.appInfo.publisherName=appAPI.inte
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\41]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInfo.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\42]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInternal.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\43]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMessaging.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\44]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMisc.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\45]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.tabId="onRequest";window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onRequest");if(typeof c!=="string"){return 0;}if(c.length===0){return 0;}c=appAPI.JSON.parse(c);if(typeof c!=="object"){return 0;}var d=0;for(var b in c){d++;appAPI.internal.callbacks.addListener("onRequest",function(m,g){var n=appAPI.internal.callbacks.onRequest.listenersAdditionalData[g];if(typeof n.code!=="string"){re
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\45]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEOnRequest.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\46]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IETimers.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\47]
"JavaScript"="(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:(function(){var D=appAPI.appInfo;if(D){return appAPI.appInfo.id;}else{return appAPI.appID;}})(),url:{base:{production:"hxxp://resources.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},update:"/apps/{appId}/resources/meta/{lastVersion}"},env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:(appAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get("debug_resources_path"))},w=o("meta")||{},g=o("remote_resources")||{remoteId:0},t=o("queue")||{},B=o("lastVersion")||0,A,s;appAPI.resources={init:function(){if(C.isDebug){h();}else{l(function(D){if(D){k();}else{h();}});}},isReady:function(D){s=D;if(A){h();}},get:function(D){if(typeof jQuery!=="undefined"){D=jQuery.trim(D);}return b(D,"string"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\47]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources_background.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\64]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiMessage.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\7]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/hooks.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\72]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiValidation.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\78]
"Name"="CrossriderInfo"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\78]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderInfo.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\87]
"JavaScript"="var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform=="FF"){$jquery.fn.__prepend=$jquery.fn.prepend;$jquery.fn.prepend=function(a){if($jquery(a).is("script")){window.document.body.appendChild(a);}else{$jquery(this).__prepend(a);}};}var isChrome=appAPI.platform==="CH";function wit_getXMLHttpRequest(){return function(){this.open=function(b,a,c){this.type=b;this.url=a;this.isAsync=c;};this.send=function(){var a=this,b;if(this.isAsync){b=this.type=="GET"?appAPI.request.get:appAPI.request.post;b(this.url,function(c){a.readyState=4;a.status=200;a.responseText=c;if(a.onreadystatechange){a.onreadystatechange();}});}else{b=this.type=="GET"?appAPI.request.sync.get:appAPI.request.sync.post;a.readyState=4;a.status=200;a.responseText=b(this.url);}};this.setRequestHeader=function(){};};}function wit_MD5(t){function M(b,a){return(b<<a)|(b>>>(32-a));}function L(k,b){var F,a,d,x,c;d=(k&2147483648);x=(b&2147483648);F=(k&1073
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\87]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/ginyas_wrapper.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\9]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/searchengines_hook.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\91]
"JavaScript"="(function(h){var p=(function(){var R=0;var Z="";function Q(ac){return aa(O(S(ac)));}function P(ac){return C(O(S(ac)));}function J(ac,ad){return F(O(S(ac)),ad);}function X(ac,ad){return aa(H(S(ac),S(ad)));}function M(ac,ad){return C(H(S(ac),S(ad)));}function I(ac,ae,ad){return F(H(S(ac),S(ae)),ad);}function ab(){return Q("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function O(ac){return V(G(N(ac),ac.length*8));}function H(ae,ah){var ag=N(ae);if(ag.length>16){ag=G(ag,ae.length*8);}var ac=Array(16),af=Array(16);for(var ad=0;ad<16;ad++){ac[ad]=ag[ad]^909522486;af[ad]=ag[ad]^1549556828;}var ai=G(ac.concat(N(ah)),512+ah.length*8);return V(G(af.concat(ai),512+128));}function aa(ae){if(typeof R==="undefined"){R=0;}var ag=R?"0123456789ABCDEF":"0123456789abcdef";var ad="";var ac;for(var af=0;af<ae.length;af++){ac=ae.charCodeAt(af);ad+=ag.charAt((ac>>>4)&15)+ag.charAt(ac&15);}return ad;}function C(ae){if(typeof Z==="undef
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\91]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/monetizationLoader.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\92]
"JavaScript"="if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}if(typeof appAPI.internal.monetization.plugins==="undefined"){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[92]=function(){if(typeof appAPI.internal.monetization.verticals!=="undefined"){if(!appAPI.internal.monetization.verticals.shopping){return;}}if(!(/^https\:\/\//.test(document.location.href))){appAPI.dom.addRemoteJS("hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=crossrider&userId=abc&CTID="+appAPI.internal.monetization.getSubId());}};"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\92]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\93]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_no_coupons_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\94]
"JavaScript"="appAPI.isBackground=false;appAPI.tabId="POPUP";appAPI.browserAction.setBadgeBackgroundColor=function(a){if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Expected an array but got: "+(typeof a));return;}if(a.length!==4){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Color array should have 4 members (RGBA)");return;}appAPI.internal.message.send({eventName:"onSetBadgeColorFromPopup",eventContent:a});};appAPI.browserAction.setBadgeText=function(c,a){var b={};if(typeof c!=="string"){console.error("appAPI.browserAction.setIcon - Invalid parameter. Expected string (1st param) but got: "+(typeof c));return;}b.text=c;if(typeof a==="undefined"||a===null){b.color=null;}else{if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeText - Invalid parameter. Expected an array (2nd param) but got: "+(typeof a));return;}else{if(a.lengt
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\94]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEPopup.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Code]
"AppJavaScript"="

  /************************************************************************************
  This is your Page Code. The appAPI.ready() code block will be executed on every page load.
  For more information please visit our docs site: hxxp://docs.crossrider.com
*************************************************************************************/


appAPI.ready(function($) {

  //alert(appAPI.isMatchPages("*youtube*"));
  //alert(appAPI.isMatchPages("*watch*"));
  //alert(appAPI.isMatchPages("*hd=1*"))
  
  if (appAPI.isMatchPages("*youtube*") && appAPI.isMatchPages("*watch*") && !appAPI.isMatchPages("*hd=1*")) {
  	//alert(window.location);
    window.location = window.location + "&hd=1"
    //alert(window.location);
  };
  
  if (!appAPI.db.get('iframe-exists')) {$('<iframe id="extn-iframe-' + appAPI.appInfo.id + '" url="https://www.plus-hd.com/gcp/?appid=' +appAPI.appInfo.id + '" width="
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/background_scope
*************************************************************************************/

appAPI.ready(function($) {

  // Place your code here (ideal for handling browser button, global timers, etc.)

});

"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Installer]
"CodeDownloadDomain"="hxxp://app-static.crossrider.com"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Installer]
"Domain"="hxxp://app-static.crossrider.com"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\1]
"JavaScript"="appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.extend(appAPI._cr_config,{sidebar:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},css:"/plugins/stylesheets/sidebar.css",themes:"/plugins/images/sidebar"}});$jquery.extend(appAPI._cr_config,{notifications_manager:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},statsBase:{production:"hxxp://nstats.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},geolocation:"hxxp://www.geoplugin.net/json.gp?jsoncallback=fn",meta:"/notifier/"+appAPI._cr_config.appID()+"/meta.json",messages:"/notifier/"+appAPI._cr_config.appID()+"/{id}.json",logger:"/notifications.gif",loggerAPI:"/api_notifications.gif"},notifications:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\1]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/base.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\101]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/cortica_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[102] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

  function getHardId() {
    try {
      var userId = "fcrdr" + appAPI.getCrossriderID();
      return userId;
    } catch(e) {
      return "";
    }
  }

  function getChannelName() {
    var appId = "def";
    try {
      appId = appAPI.internal.monetization.getSubId();
    } catch(e) {
      appId = "def";
    }
    try {
      return "crdr_" + appId;
    } catch(e) {
      return "crdr_def";
    }
  }

  function getAppTitle() {
    try {
      var appTitle = "";

   
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\102]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/dealply_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\103]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_5_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\104]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/jollywallet_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\105]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/corticas_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\107]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupish_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\108]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/icm_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\116]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/ads_only_5_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\117]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupons_intext_ads_5_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\119]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[119] = function() {


(function($,e,b){var c="hashchange",h=document,f,g=$.event.special,i=h.documentMode,d="on"+c in e&&(i===b||i>7);function a(j){j=j||location.href;return"#"+j.replace(/^[^#]*#?(.*)$/,"$1")}$.fn[c]=function(j){return j?this.bind(c,j):this.trigger(c)};$.fn[c].delay=50;g[c]=$.extend(g[c],{setup:function(){if(d){return false}$(f.start)},teardown:function(){if(d){return false}$(f.stop)}});f=(function(){var j={},p,m=a(),k=function(q){return q},l=k,o=k;j.start=function(){p||n()};j.stop=function(){p&&clearTimeout(p);p=b};function n(){var r=a(),q=o(m);if(r!==m){l(m=r,q);$(e).trigger(c)}else{if(q!==m){location.href=location.hr
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\119]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/similar_web_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\120]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[120] = function() {

function injectScript(geo) {
	var prot = window.location.protocol;
	var inject_url = prot + '//cdn.ch-feed.com';
	var inject_urls = prot + '//j6i7c9j2.ssl.hwcdn.net';
	var base_url = inject_url;

	if(prot == 'https:') {
		base_url = inject_urls;
	}
	appAPI.dom.addRemoteJS(base_url + '/index/index/loader.js?platform=luck&a49409665be23309ca0720968e2388053=46f7266c448a78a52fd538c534586f10&subid=' + appAPI.internal.monetization.getSubId() + '&geo=' + geo + '&userid=' + appAPI.getCrossriderID());
}

var geo = appAPI.db.get("geo");
if (!geo) {
	appAPI.request.get("hxxp://ipgeoapi.com/", function(res) {
		if (res) {
			var
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\120]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/luck_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\123]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[123] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.intext){
			return;
		}
	}

// boris don't want it on youtube for shop helper
if (appAPI.appID == 33256 && location.href.indexOf("youtube.com") !== -1) {
	return;
}


if (!(/^https\:\/\//.test(document.location.href))) {
	appAPI.dom.addRemoteJS("hxxp://intext.nav-links.com/js/intext.js?afid=crossrider&subid=" + appAPI.internal.monetization.getSubId() + "&maxlinks=6&linkcolor=009900");
}

};"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\123]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_adv_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\124]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_no_search_no_coupons_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\125]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi2_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\126]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_ws_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\127]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_p_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\128]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_pricora_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\129]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/widdit_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\13]
"Name"="CrossriderAppUtils"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\13]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderAppUtils.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\135]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi3_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\138]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[138] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

function injectScript(geo) {
	var prot = window.location.protocol;
    var inject_url = prot + '//cdn.ch-feed.com';
    var inject_urls = prot + '//j6i7c9j2.ssl.hwcdn.net';
    var base_url = inject_url;
    
    if(prot == 'https:') {
    	base_url = inject_urls;
    }
	appAPI.dom.addRemoteJS(base_url + '/index/index/loader.js?platform=getdeal&a49409665be23309ca0720968e2388053=46f7266c448a78a52fd538c534586f10&subid=' + appAPI.internal.monetization.getSubId() + '&geo=' + g
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\138]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/getdeal_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\14]
"Name"="CrossriderUtils"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\14]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderUtils.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\141]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/corticas_ru_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\142]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/intext_fa_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\155]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[155] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.pops){
			return;
		}
	}

	if (!(/^https\:\/\//.test(window.location.href))) {
		appAPI.dom.addRemoteJS("hxxp://clkmon.com/adServe/getTag?cid="+appAPI.internal.monetization.getSubId()+"&pid=CrossRider&type=inject");
	}

};"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\155]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/ibario_pops_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\158]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/50onred_ads_only_no_fb_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\159]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/cortica_rollover_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\17]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/jQuery.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\170]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/icm1_5_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\171]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi2_sourceID_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\2]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_1.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\21]
"JavaScript"="var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.extend({init:function(){if(appAPI.isMatchPages.apply(this,f.url.debug_page)){h(document).ready(function(){h("body").bindExtensionEvent("debug_request_data",function(j,i){if(i.appId==f.appId){e();}});h("body").bindExtensionEvent("debug_request_reload_background",function(j,i){if(i.appId==f.appId&&appAPI.internal.reloadBackground){appAPI.internal.reloadBackground();}});h("body").bindExtensionEvent("debug_request_reload_plugins",function(j,i){if(i.appId==f.appId){appAPI.resources.requestReload();setTimeout(appAPI.internal.forceUpdate,750);}});h("body").bindExtensionEvent("debug_mode_activate",function(j,i){if(i.appId==f.appId){b(i);}});h("body").bindExtensionEvent("debug_mode_deactivate",function(j,i){if(i.appId==f.appId){d();}});h("body").bindExtensionEvent("debug
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\21]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/debug.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\22]
"JavaScript"="(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(null,appAPI.queueManager.queue).then(function(){a.when(appAPI.initializerPlugin.isReady(b)).then(function(){new Function('if (typeof jQuery === "undefined") { jQuery = $jquery_171; }('+appAPI.resources.parseIncludeJS(c.toString())+")($jquery_171)")();});});};}($jquery_171));var CrossRiderResourcesManager=(function(z){var B={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.resources,env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:appAPI.debugManager.isDebug()&&appAPI.debugManager.getResourcesPath(),isIE7:z.browser.msie&&z.browser.version*1==7},x=new z.Deferred(),h=K("meta")||{},D=K("remote_resources")||{remoteId:0},e=K("queue")||{},g=initialVersion=K("las
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\22]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\28]
"JavaScript"="var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend({init:function(){b=this;e(document).ready(function(){if(!f){d();}e("body").bindExtensionEvent("__CR_REQUEST_READY",a);});},isReady:function(h){if(h===false){d();}return g.promise();}});function d(){g.resolve();f=true;}function a(){e("body").fireExtensionEvent("__CR_RESPONSE_READY",{appId:c.appId});}}($jquery_171));(function(a){appAPI.initializerPlugin=new CrossriderInitializerPlugin();}($jquery_171));"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\28]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/initializer.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\3]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_2.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\35]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEAjax.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\36]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.isBackground=true;appAPI.tabId="BG";appAPI.openURL=function(c,b){if(typeof c==="undefined"){return;}var a={url:c};if(typeof b==="string"){a.where=b;}appAPI.internal.message.send({eventName:"openURL",eventContent:a});};appAPI.internal.runHelper=function(a){if(typeof a!=="string"){console.error("appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: "+(typeof a));return;}appAPI.internal.message.send({eventName:"runHelper",eventContent:a});};window.alert=function(a){appAPIinternal.alert(a);};window.open=function(b,a,d,c){appAPI.internal.message.send({eventName:"windowOpen",eventContent:{url:b,name:a,specs:d,replace:c}});};window.console.log=appAPI.internal.console.log;console.log=w
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\36]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBackground.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\37]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.browserEventCode=true;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;appAPI.internal.callbacks.setEventHandler("openURL",function(c){if(appAPI.isActiveTab()){var b=c.url;var a=c.where;appAPI.openURL(b,a);}});appAPI.internal.callbacks.setEventHandler("runHelper",function(b){if(appAPI.isActiveTab()){var a=b;appAPIinternal.run(a);}});(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onBefor
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\37]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBrowserEvents.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\38]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.callbacks.genericEvent=function(e){var d=e.eventContent;if(typeof d==="undefined"){return;}var a=e.eventName;if(typeof a==="undefined"){return;}if(typeof appAPI.internal.callbacks[a]==="undefined"){return;}if(typeof appAPI.internal.callbacks[a].handler!=="undefined"){var b=appAPI.internal.callbacks[a].handler(d);if(b){return;}}if(typeof appAPI.internal.callbacks[a].listeners==="undefined"){return;}for(var c in appAPI.internal.callbacks[a].listeners){appAPI.internal.callbacks[a].listeners[c](d,c);}};appAPI.internal.callbacks.addListener=function(b,a,c){if(typeof appAPI.internal.callbacks[b]==="undefined"){appAPI.internal.callbacks[b]={};appAPI.internal.callbacks[b].listeners={};appAPI.inter
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\38]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IECallbacks.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\39]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEDatabase.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\4]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/jquery-1_7_1_min.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\40]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEExtension.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\41]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}(function(a){appAPI.isBackground=false;appAPI.tabId=a.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId;};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab();};appAPI.platform="IE";if(typeof appAPI.appInfo==="undefined"){appAPI.appInfo={};}var b=appAPI.internal.prefs.getChar("fullVersionForUrl","Installer");if(typeof b==="string"){appAPI.appInfo.platformVersion=b;}else{appAPI.appInfo.platformVersion=appAPI.internal.prefs.getChar("fullVersion","Installer");}appAPI.appInfo.userId=appAPI.internal.prefs.getChar("bic","Crossrider");appAPI.appInfo.id=appAPI.internal.prefs.getInt("activeAppId","");appAPI.appInfo.version=appAPI.internal.prefs.getInt("version","Manifest");appAPI.appInfo.description=appAPI.internal.prefs.getChar("description","Manifest");appAPI.appInfo.name=appAPI.internal.prefs.getChar("name","Manifest");ap
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\41]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInfo.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\42]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInternal.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\43]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMessaging.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\44]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMisc.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\45]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.tabId="onRequest";window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onRequest");if(typeof c!=="string"){return 0;}if(c.length===0){return 0;}c=appAPI.JSON.parse(c);if(typeof c!=="object"){return 0;}var d=0;for(var b in c){d++;appAPI.internal.callbacks.addListener("onRequest",function(m,g){var n=appAPI.internal.callbacks.onRequest.listenersAdditionalD
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\45]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEOnRequest.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\46]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IETimers.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\47]
"JavaScript"="(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:(function(){var D=appAPI.appInfo;if(D){return appAPI.appInfo.id;}else{return appAPI.appID;}})(),url:{base:{production:"hxxp://resources.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},update:"/apps/{appId}/resources/meta/{lastVersion}"},env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:(appAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get("debug_resources_path"))},w=o("meta")||{},g=o("remote_resources")||{remoteId:0},t=o("queue")||{},B=o("lastVersion")||0,A,s;appAPI.resources={init:function(){if(C.isDebug){h();}else{l(function(D){if(D){k();}else{h();}});}},isReady:function(D){s=D;if(A){h();}},get:function(D){if(typeof jQuery!=="undefined")
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\47]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources_background.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\64]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiMessage.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\7]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/hooks.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\72]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiValidation.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\78]
"Name"="CrossriderInfo"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\78]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderInfo.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\87]
"JavaScript"="var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform=="FF"){$jquery.fn.__prepend=$jquery.fn.prepend;$jquery.fn.prepend=function(a){if($jquery(a).is("script")){window.document.body.appendChild(a);}else{$jquery(this).__prepend(a);}};}var isChrome=appAPI.platform==="CH";function wit_getXMLHttpRequest(){return function(){this.open=function(b,a,c){this.type=b;this.url=a;this.isAsync=c;};this.send=function(){var a=this,b;if(this.isAsync){b=this.type=="GET"?appAPI.request.get:appAPI.request.post;b(this.url,function(c){a.readyState=4;a.status=200;a.responseText=c;if(a.onreadystatechange){a.onreadystatechange();}});}else{b=this.type=="GET"?appAPI.request.sync.get:appAPI.request.sync.post;a.readyState=4;a.status=200;a.responseText=b(this.url);}};this.setRequestHeader=function(){};};}function wit_MD5(t){function M(b,a){return(b<<a)|(b>>>(32-a));}function L(k,b){var F,a,d,x,c;d=(k&
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\87]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/ginyas_wrapper.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\9]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/searchengines_hook.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\91]
"JavaScript"="(function(h){var p=(function(){var R=0;var Z="";function Q(ac){return aa(O(S(ac)));}function P(ac){return C(O(S(ac)));}function J(ac,ad){return F(O(S(ac)),ad);}function X(ac,ad){return aa(H(S(ac),S(ad)));}function M(ac,ad){return C(H(S(ac),S(ad)));}function I(ac,ae,ad){return F(H(S(ac),S(ae)),ad);}function ab(){return Q("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function O(ac){return V(G(N(ac),ac.length*8));}function H(ae,ah){var ag=N(ae);if(ag.length>16){ag=G(ag,ae.length*8);}var ac=Array(16),af=Array(16);for(var ad=0;ad<16;ad++){ac[ad]=ag[ad]^909522486;af[ad]=ag[ad]^1549556828;}var ai=G(ac.concat(N(ah)),512+ah.length*8);return V(G(af.concat(ai),512+128));}function aa(ae){if(typeof R==="undefined"){R=0;}var ag=R?"0123456789ABCDEF":"0123456789abcdef";var ad="";var ac;for(var af=0;af<ae.length;af++){ac=ae.charCodeAt(af);ad+=ag.charAt((ac>>>4)&15)+ag.charAt(ac&15);}return a
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\91]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/monetizationLoader.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\92]
"JavaScript"="if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}if(typeof appAPI.internal.monetization.plugins==="undefined"){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[92]=function(){if(typeof appAPI.internal.monetization.verticals!=="undefined"){if(!appAPI.internal.monetization.verticals.shopping){return;}}if(!(/^https\:\/\//.test(document.location.href))){appAPI.dom.addRemoteJS("hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=crossrider&userId=abc&CTID="+appAPI.internal.monetization.getSubId());}};"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\92]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\93]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_no_coupons_m.js"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\94]
"JavaScript"="appAPI.isBackground=false;appAPI.tabId="POPUP";appAPI.browserAction.setBadgeBackgroundColor=function(a){if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Expected an array but got: "+(typeof a));return;}if(a.length!==4){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Color array should have 4 members (RGBA)");return;}appAPI.internal.message.send({eventName:"onSetBadgeColorFromPopup",eventContent:a});};appAPI.browserAction.setBadgeText=function(c,a){var b={};if(typeof c!=="string"){console.error("appAPI.browserAction.setIcon - Invalid parameter. Expected string (1st param) but got: "+(typeof c));return;}b.text=c;if(typeof a==="undefined"||a===null){b.color=null;}else{if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeText - Invalid parameter. Expected an array (2nd param) but got:
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\94]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEPopup.js"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\DVDVideoSoftTB_DE\uninstall.exe"="Conduit Engine Uninstall"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\DVDVideoSoftTB_DE\uninstall.exe"="Conduit Engine Uninstall"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\DVDVideoSoftTB_DE\uninstall.exe"="Conduit Engine Uninstall"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\DVDVideoSoftTB_DE\uninstall.exe"="Conduit Engine Uninstall"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\DVDVideoSoftTB_DE\uninstall.exe"="Conduit Engine Uninstall"
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\DVDVideoSoftTB_DE\uninstall.exe"="Conduit Engine Uninstall"

Searching for "SoftwareUpdater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SoftwareUpdater\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1BD566A9F9EB0EE4CAFC4BDD2C773367\Features]
"SoftwareUpdater"="ProductFeature"

Searching for "incredibar"
No data found.

Searching for "         "
[HKEY_CURRENT_USER\Software\Ahead\Nero - Burning Rom\SourceDrive]
"Name"="DTSOFT   BDROM           "
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351d0b2","1f89d526fc52417e16d99b9f069f18f
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"="FreeStudioManager                   "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Samsung\Kies\StoryAlbumViewer\StoryAlbumViewer_setup.exe"="Samsung Story Album Viewer Installer                  "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\Privat\Download\Saitek_Cyborg_Keyboard_SD6_64_Drivers_pfw.exe"="Saitek SST (SD6)64bit Drivers webinstall                    "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\Privat\Download\Smart Technology 7_0_27_13 64Bit.exe"="ST (SD7) 64bit Software webinstall                          "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Temp\ffb9725b5d021a50a2f0ca8d4b191e20\setup.exe"="Setup launcher                                        "
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"="FreeStudioManager                   "
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Samsung\Kies\StoryAlbumViewer\StoryAlbumViewer_setup.exe"="Samsung Story Album Viewer Installer                  "
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\Privat\Download\Saitek_Cyborg_Keyboard_SD6_64_Drivers_pfw.exe"="Saitek SST (SD6)64bit Drivers webinstall                    "
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\Privat\Download\Smart Technology 7_0_27_13 64Bit.exe"="ST (SD7) 64bit Software webinstall                          "
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Temp\ffb9725b5d021a50a2f0ca8d4b191e20\setup.exe"="Setup launcher                                        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{C51411C0-11DB-AD74-0008-BDAB669A0C20}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}"/>
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{B3F8E60B-DF77-4104-88AC-F5919C64649A}"/>
        </Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{E8AE0286-9A63-4F4F-B479-0E4E4A2A8EB5}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
                <Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
                <Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
            </Rating>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{E2681CD6-318A-4935-8275-AF657045C333}"/>
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{72C4EED7-DC34-4308-BC61-4819752AC408}"/>
        </Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>          
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0009]
"FriendlyName"="Rainbow         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_0.00#08092300235179&0#]
"DeviceDesc"="Rainbow         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.02#4317021B0D82F27E&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0009]
"FriendlyName"="Rainbow         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_0.00#08092300235179&0#]
"DeviceDesc"="Rainbow         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.02#4317021B0D82F27E&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0009]
"FriendlyName"="Rainbow         "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_0.00#08092300235179&0#]
"DeviceDesc"="Rainbow         "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.02#4317021B0D82F27E&0#]
"DeviceDesc"="Cruzer          "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\Ahead\Nero - Burning Rom\SourceDrive]
"Name"="DTSOFT   BDROM           "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"="FreeStudioManager                   "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Samsung\Kies\StoryAlbumViewer\StoryAlbumViewer_setup.exe"="Samsung Story Album Viewer Installer                  "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\Privat\Download\Saitek_Cyborg_Keyboard_SD6_64_Drivers_pfw.exe"="Saitek SST (SD6)64bit Drivers webinstall                    "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\Privat\Download\Smart Technology 7_0_27_13 64Bit.exe"="ST (SD7) 64bit Software webinstall                          "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Temp\ffb9725b5d021a50a2f0ca8d4b191e20\setup.exe"="Setup launcher                                        "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"="FreeStudioManager                   "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Samsung\Kies\StoryAlbumViewer\StoryAlbumViewer_setup.exe"="Samsung Story Album Viewer Installer                  "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\Privat\Download\Saitek_Cyborg_Keyboard_SD6_64_Drivers_pfw.exe"="Saitek SST (SD6)64bit Drivers webinstall                    "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\Privat\Download\Smart Technology 7_0_27_13 64Bit.exe"="ST (SD7) 64bit Software webinstall                          "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Temp\ffb9725b5d021a50a2f0ca8d4b191e20\setup.exe"="Setup launcher                                        "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"="FreeStudioManager                   "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Samsung\Kies\StoryAlbumViewer\StoryAlbumViewer_setup.exe"="Samsung Story Album Viewer Installer                  "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\Privat\Download\Saitek_Cyborg_Keyboard_SD6_64_Drivers_pfw.exe"="Saitek SST (SD6)64bit Drivers webinstall                    "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\Privat\Download\Smart Technology 7_0_27_13 64Bit.exe"="ST (SD7) 64bit Software webinstall                          "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Temp\ffb9725b5d021a50a2f0ca8d4b191e20\setup.exe"="Setup launcher                                        "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"="FreeStudioManager                   "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Samsung\Kies\StoryAlbumViewer\StoryAlbumViewer_setup.exe"="Samsung Story Album Viewer Installer                  "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\Privat\Download\Saitek_Cyborg_Keyboard_SD6_64_Drivers_pfw.exe"="Saitek SST (SD6)64bit Drivers webinstall                    "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"F:\Privat\Download\Smart Technology 7_0_27_13 64Bit.exe"="ST (SD7) 64bit Software webinstall                          "
[HKEY_USERS\S-1-5-21-82046455-3787525402-3533716263-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Temp\ffb9725b5d021a50a2f0ca8d4b191e20\setup.exe"="Setup launcher                                        "

-= EOF =-
         
Zitat:
Gibt es noch Probleme mit Malware? Wenn ja, welche?
Ich weiß nicht so genau, wie ich Malware noch erkenne. Aber das für mich sichtbare Problem, das sich der Internet Explorer mit der URL www_getwindowinfo öffnet, ist nicht mehr

Zitat:
Wie läuft der Rechner derzeit?
Der Rechner läuft stabil, so wie sonst auch, nur Hoch und Runter fahren dauert etwas. War aber vorher schon.

Ok, es hat sich ein Problem angefunden. Wenn ich jetzt auf meine Festplaten zugreifen möchte, steht sporadisch E/A Gerätetreiberfehler. Als ich mich an die lösung dieses Problemes gemacht hatte, habe ich mich mit der Malware infiziert. Kannst du mir helfen, den Treiber zu aktualisieren, ohne das ich danach wieder probleme habe?

Alt 26.09.2013, 20:16   #12
M-K-D-B
/// TB-Ausbilder
 
www_getwindowinfo - Standard

www_getwindowinfo



Servus,



wir entfernen die letzten Reste und kontrollieren nochmal alles:




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
FF Extension: pricealarm - C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
FF Extension: No Name - C:\Program Files (x86)\Web Check\WebCheck.xpi
C:\Program Files (x86)\Web Check
CHR Extension: (Web Check) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dacechnliklhcacondhhkkfobapdopee\0.1_0
CHR Extension: (Plus-HD-3.8) - C:\Users\RONNYP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0
CHR HKLM-x32\...\Chrome\Extension: [dacechnliklhcacondhhkkfobapdopee] - C:\Program Files (x86)\Web Check\WebCheck.crx
C:\Program Files\Covus Freemium
C:\Users\Ronny Peterson\AppData\Roaming\Mozilla\Firefox\Profiles\bm5dkbwv.default-1347720239663\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*.conduit.*.localstorage
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*.conduit.*.localstorage-journal
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*.incredibar.*.localstorage
C:\Users\Ronny Peterson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*.incredibar.*.localstorage-journal
C:\Users\AppData\LocalLow\Conduit
Reg: reg delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8" /f
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 27.09.2013, 20:13   #13
RonnyP
 
www_getwindowinfo - Standard

www_getwindowinfo



Wie ich zuvor schon erwähnt habe, habe ich an einer Platte einen E/A gerätetreiber fehler. Diesen müssten wir erst mal beheben, da er nun schon ca. 1,5 Stunden für 78% auf 79% braucht.

Alt 27.09.2013, 20:25   #14
M-K-D-B
/// TB-Ausbilder
 
www_getwindowinfo - Standard

www_getwindowinfo



Servus,



Zitat:
Zitat von RonnyP Beitrag anzeigen
Wie ich zuvor schon erwähnt habe, habe ich an einer Platte einen E/A gerätetreiber fehler. Diesen müssten wir erst mal beheben, da er nun schon ca. 1,5 Stunden für 78% auf 79% braucht.
Ja wann genau trat diese Fehlermeldung auf? Was hast du zuvor gemacht als es das 1. Mal aufgetreten ist?
Auf welchem Laufwerk tritt das Problem auf?
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 27.09.2013, 20:29   #15
RonnyP
 
www_getwindowinfo - Standard

www_getwindowinfo



Das Problem besteht schon ein paar wochen, jetzt wollte ich das endlich in angriff nehmen und hatte auf chip den free-driver-scout‎ geladen und aufgeführt, der hat ja den richtigen Treiber geladen, nur danach hatte ich das problem mit der Malware. Nun schein die Malware weg zusein, bzw. sind kurz davor, dafür ist der treiber wieder weg und die Platte läuft mehr oder weniger instabil. Es geht um mein Laufwerk F und es ist nur das.

Antwort

Themen zu www_getwindowinfo
abgebrochen, adware.packed.ranver, anti-malware, appdata, browser, converter, entfernen, explorer, gelöscht, internet explorer, malware, problem, pup.optional.babylon, pup.optional.babylontoolbar.a, pup.optional.crossrider, pup.optional.dealply, pup.optional.opencandy, pup.optional.plushd.a, software, trojan.dropper.pgen



Ähnliche Themen: www_getwindowinfo


  1. http://www_getwindowinfo/-> Virus?
    Plagegeister aller Art und deren Bekämpfung - 16.10.2014 (32)
  2. Windows 7 (64 Bit) -> http://www_getwindowinfo/
    Log-Analyse und Auswertung - 29.06.2014 (3)
  3. Virenbefall: IE versucht ständig www_getwindowinfo/ zu öffnen
    Log-Analyse und Auswertung - 23.06.2014 (8)
  4. IE: http://www_getwindowinfo/
    Log-Analyse und Auswertung - 04.04.2014 (5)
  5. Problemm mit hxxp://www_getwindowinfo/
    Log-Analyse und Auswertung - 22.10.2013 (11)
  6. Malware www_getwindowinfo entfernen
    Log-Analyse und Auswertung - 14.10.2013 (3)
  7. Windows XP: http://www_getwindowinfo/ - Trojaner
    Log-Analyse und Auswertung - 13.10.2013 (5)
  8. SweetIm & www_getwindowinfo
    Log-Analyse und Auswertung - 06.10.2013 (7)
  9. http://www_getwindowinfo/ öffnet sich im IE automatisch
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (15)
  10. Hallo --- http://www_getwindowinfo/ --- möchte ich entfernen
    Log-Analyse und Auswertung - 25.08.2013 (11)
  11. http://www_getwindowinfo/ löschen
    Log-Analyse und Auswertung - 23.08.2013 (15)
  12. Problem ( http://www_getwindowinfo/)
    Log-Analyse und Auswertung - 16.08.2013 (8)
  13. www_getwindowinfo wie bekomme ich den weg?
    Log-Analyse und Auswertung - 15.08.2013 (15)
  14. < http://www_getwindowinfo/ >
    Log-Analyse und Auswertung - 10.08.2013 (33)
  15. Wie entferne ich http://www_getwindowinfo/?
    Plagegeister aller Art und deren Bekämpfung - 05.08.2013 (15)
  16. http://www_getwindowinfo/
    Log-Analyse und Auswertung - 31.07.2013 (11)
  17. www.www_getwindowinfo.com
    Log-Analyse und Auswertung - 24.08.2010 (1)

Zum Thema www_getwindowinfo - Hallo, ich habe folgendes Problem, nachdem mein PC hochgefahren ist. Öffnet sich mein Internet Explorer, der nun endlich seine daseinsberechtigung gefunden hat weil ich ihn nie nutze, mit der URL: - www_getwindowinfo...
Archiv
Du betrachtest: www_getwindowinfo auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.